On 12/04/2013 09:24 PM, Hannes Tschofenig wrote:
Robin, Elijah,
I am always curious how one manages to make a clear distinction
between political decisions, technical decisions, economical
decisions, and other decisions.
Political decisions have to deal with sovereignty: Who makes binding
decisions. I think what has escaped lots of folks in Internet governance
is that now the Internet is at the centre of rather important political
struggles over decision-making.
The problem is "who" is making these decisions. Right now, for standards
it's an open multi-stakeholder process that at least we who are involved
in places like the IETF believes make technical decisions, but these
decisions only have binding force insofar as they provide enough
economic advantage that vendors implement them uniformly.
However, we should never forget that the very process of making
decisions means that standards bodies are *always* political in this
large sense of making decisions. After all, it is very possible that
some vendors and countries can go away and make their own decisions
without the traditional Internet open and voluntary standards bodies,
and bind their new technologies via the threat of coercive violence.
While we have name-calling on IETF mailing lists, I'm not aware of
coercive violence anywhere.
I'm hoping we can bear the responsibility of creating an Internet free
of pervasive surveillance. And we should be aware that even if we are
successful in this, other pre-Internet political bodies ranging from
nation-states to vendors will try to strip out whatever safeguards we
try to put in in order to continue the value they gain from
surveillance. A conflict between different bodies, each with its own
plans for the future and its own overlapping sphere of decision-making,
is self-evidently a political struggle.
The perception that "in the early days of the Internet" the decisions
were purely technical as too simplistic. If you look at specific
decisions of individuals in the IETF it is hard to put them into
specific categories. Even if you believe you see a purely technical
decision it may have economical implications, or at some time
interfere with other design goals. Take the HTTP state management work
as an example. The introduction of cookies was a technical mechanism
to keep state for the otherwise mostly stateless HTTP protocol. As we
now know, the way how cookies have been used later by various Web
companies lead to privacy concerns. This lead to the famous technical
work on Do Not Track, which has technical components, business
implications, and raises legal questions.
In the "early days" of the Internet, to my knowlege, the Internet was
more of a research project amongst co-operative researchers at places
like MIT, SRI, and CERN with the Web so security and privacy concerns
were minimal at best. I'm not sure what else can explain early RFCs :)
Obviously this has changed, and now folks have to retro-fit these
security on top the system.
I wouldn't call the discussions on the list necessarily as "political"
but rather non-actionable statements. Here is what I mean by that.
Some of us try to take specific actions and that requires that you
identify who needs to do what. There are things the IETF can do, but
there are other communities as well. I tried to explain a simplified
version of the Internet protocol development process in
http://www.ietf.org/id/draft-tschofenig-perpass-surveillance-01.txt.
As you can see different communities deal with different type of
security vulnerabilities. Security problems are not a new thing - just
check the OWASP top-10 security vulnerabilities of the last couple of
years. These vulnerabilities are obviously be exploited by various
folks (state actors, criminals, script kiddies, researchers,
enterprise network administrators, etc.). A software that is
vulnerable to, let's say, an SQL injection vulnerability is
unfortunately not kind enough to take the motives, the organization,
the hair colour, etc. of the attacker into account.
Of course it would be possible to could come up with suggestions for
other communities. But you have to start somewhere first. I don't see
it as my task, for example, to tell the European Commission, the
European Parliament, or the Council what they should be doing. I doubt
that the IETF community would be interested in producing such
recommendations.
I think they'd want to create broad mandates based on policy decisions
(hopefully made with consent or even involvement of general population)
that then are respected by the details of technical standards bodies. Of
course, that's not usually how it works in practice with governments,
who tend to either overspecify technical details or do not actually
represent the consent of their population in any meaningful sense of the
term.
For everyone on the list who believes that regulators should take some
actions then they should just approach them. It is just lame to say
that others should do some work without even providing enough detail
about what they should be doing.
Ciao
Hannes
PS: I dislike the use of the term "politics", "policy makers", and
alike. It just hides what you are really trying to say. Use other,
more specific terms instead. For example, if you believe there is an
action required by regulators then say "regulator". If you mean that
the job is with enforcement agencies then say that.
In general, regulators are at the bequest of their government, who at
the present moment is often in thrall of lobbies that prevent anything
resembling effective regulation. There are political processes that do
not have regulatory power per se but have the power to nonetheless
mobilize actors (thinking ACTA/SOPA protests) that have the ability to
change the decisions of sovereign bodies.
So I don't think "politics" is the wrong word or empty word. Hopefully
the IETF - with the help of ISOC of course - and others can continue to
interface open, meritocratic political Internet processes with
traditional per-Internet political actors.
cheers,
harry
On 12/05/2013 09:55 AM, Robin Wilton wrote:
Thanks Elijah, this is a very useful perspective on the whole question of
technologists' role - especially when the technology in question is so woven
into our political, economic and personal lives.
As you say, much of the work of the IETF has an inescapably political dimension
- whether we choose to acknowledge that ourselves, or have it thrust upon us
(Dual_EC_DRBG being a case in point).
I apologise for re-using a well-worn phrase, but I think this reinforces the
argument in favour of an open, multi-stakeholder process. That doesn't mean
forcing economists and policymakers into the drafting sessions for RFCs, but it
does mean creating a process that can take their (and others') input into
account - and being able to articulate what we do in terms that make sense to
other stakeholders.
That approach isn't a guarantee against 'bad actors' exploiting the open nature
of the process for their own ends, but compared to alternative ways of
architecting and governing the Internet, it offers the best prospects of
detecting and mitigating that kind of harm.
Best wishes,
Robin
Robin Wilton
Technical Outreach Director - Identity and Privacy
On 5 Dec 2013, at 07:25, Elijah Sparrow<[email protected]> wrote:
As an outsider to the IETF, and one-time sociologist, I found the repeated
calls in Vancouver 88 and on this list for decisions to be made based solely on
technical merit and not political argument to be extremely fascinating.
There was once a time when the design of a protocol or standard could be done
in a manner that benefited nearly everyone who might be touched by it. These
days are surely past. Nearly every single debate or question that has come up
on this list is deeply political, if for no other reason than whatever
decisions are made will create winners and losers, people who benefit from the
choice and people who are harmed by the choice.
In the sweep of history, information capitalism has come to a moment of truth,
where the material infrastructure that the IETF and technologists the world
around have helped to create has now matured into both an economic engine and a
state intelligence system based on mass surveillance. Perhaps the most
distinguishing political debate of our time is how the power of the state and
of business with respect to citizens and customers has been radically
transformed under this new regime of ubiquitous surveillance. Obviously, I feel
a particular way about this, but I am just stating the obvious: these issues
are deeply political because the fragile balance of powers in liberal democracy
and in our capitalist economies have been inexorably rocked by technological
changes.
In this context, the question of "how much encryption" is a technical question
that is also deeply intertwined with the major political debates of our day. One only has
to note the major headlines around the world about the ietf calls for encryption in http
2.0. How often have ietf meetings garnered such global coverage?
Scientists and engineers are often forced into political arenas without their
desire or foresight. Take, for example, the history of genomics, climate
change, or nuclear physics. Historically, the scientists and engineers have
clung desperately to the cloak of objective science, even as their work took on
increasingly obvious political ramifications. My hope for the internet is that
we could perhaps bypass such silliness and embrace the obvious political nature
of our work. Being honest with ourselves does not push anyone toward any
particular technical or political stance, except that perhaps we can be more
transparent in our justifications.
In the immortal words of Voltaire, and Spiderman, with great power comes great
responsibility.
-elijah
--
I prefer encrypted email -https://bitmask.net/key/elijah.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
