Human Rights Protocol Considerations Research Group | N. ten Oever |
Internet-Draft | University of Amsterdam |
Intended status: Informational | A. Andersdotter |
Expires: September 20, 2018 | ARTICLE 19 |
March 19, 2018 |
On the Politics of Standards
draft-tenoever-hrpc-political-04
This document argues that the politics of standards need to be taken into account in the standards development process. We come to this conclusion by mapping different perspectives on the relation between standards and politics in the Internet community and by providing illustrations of the political aspects of standard development.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 20, 2018.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
"Science and technology lie at the heart of social asymmetry. Thus technology both creates systems which close off other options and generate novel, unpredictable and indeed previously unthinkable, option. The game of technology is never finished, and its ramifications are endless. - Michel Callon
The design of the Internet through protocols and standards is a technical issue with great political and economic impacts [RFC0613]. The early Internet community already realized that it needed to make decisions on political issues such as Intellectual Property, Internationalization [BramanI], diversity, access [RFC0101] privacy and security [RFC0049], and the military [RFC0164] [RFC0316], governmental [RFC0144] [RFC0286] [RFC0313] [RFC0542] [RFC0549] and non-governmental [RFC0196] uses, which has been clearly pointed out by Braman [BramanII].
Recently there has been an increased discussion on the relation between Internet protocols and human rights [RFC8280] which spurred the discussion on the political nature of standards. The network infrastructure is on the one hand designed, described, developed, standardized and implemented by the Internet community, but the Internet community and Internet users are also shaped by the affordances of the technology. Companies, citizens, governments, standards developing bodies, public opinion and public interest groups all play a part in these discussions. In this document we aim to outline different views on the relation between standards and politics and seek to answer the question whether standards are political, and if so, how.
While discussing the impact of protocols on human rights different positions can be differentiated. Without judging them on their internal of external consistency they are represented here.
This position starts from the premise that the technical and political are differentiated fields and that technology is ‘value free’. This is also put more explicitly by Carey: “electronics is neither the arrival of apocalypse nor the dispensation of grace. Technology is technology; it is a means for communication and transportation over space, and nothing more.” [Carey] In this view technology only become political when it is actually being used by humans. So the technology itself is not political, the use of the technology is. This view sees technology as instrument; “technologies are ‘tools’ standing ready to serve the purposes of their users. Technology is deemed ‘neutral,’ without valuative content of its own.’” [Feenberg]. Feenberg continues: “technology is not inherently good or bad, and can be used to whatever political or social ends desired by the person or institution in control. Technology is a ‘rational entity’ and universally applicable. One may make exceptions on moral grounds, but one must also understand that the “price for the achievement of environmental, ethical, or religious goals…is reduced efficiency.” [Feenberg]
This stance is a pragmatic approach to the problem. It states that some protocols under certain conditions can themselves have a political dimension. This is different from the claim that a protocol might sometimes be used in a political way; that view is consistent with the idea of the technology being neutral (for the human action using the technology is where the politics lies). Instead, this position requires that each protocol and use be evaluated for its political dimension, in order to understand the extent to which it is political.
While not an absolutist standpoint it recognizes that all design decisions are subject to the law of unintended consequences. The system consisting of the Internet and its users is vastly too complex to be predictable; it is chaotic in nature; its emergent properties cannot be predicted.
While humans create technologies, this does not mean that they are forever under human control. A technology, once created, has its own logic that is independent of the human actors that either create or use the technology.
Consider, for instance, the way that the very existence of the automobile imposes physical forms on the world different from those that come from the electric tram or the horse-cart. The logic of the automobile means speed and the rapid covering of distance, which encourages suburban development and a tendency toward conurbation. But even if that did not happen, widespread automobile use requires paved roads, and parking lots and structures. These are pressures that come from the automotive technology itself, and would not arise without that technology.
Certain kinds of technology shape the world in this sense. As Martin Heidegger says, “The hydroelectric plant is not built into the Rhine River as was the old wooden bridge that joined bank with bank for hundreds of years. Rather the river is dammed up into the power plant. What the river is now, namely, a water power supplier, derives from out of the essence of the power station.” [Heidegger] (p 16) The dam in the river changes the world in a way the bridge does not, because the dam alters the nature of the river.
In much same way, then, networking technology once created makes its own demands. One of the most important conditions for protocol success is that the protocol is incremental deployability [RFC5218]. This means that the network already deployed constrains what can be deployed into it. Moreover, one interpretation of [RFC7258] is that pervasive monitoring is an “attack” precisely because of the network’s need not to leak traces of online exchanges. A different network with a different design might not have been subject to this kind of attack.
On the other side of the spectrum there are the ones who insist that technology is non-neutral. This is for instance made explicit by Postman where he writes: ‘the uses made of technology are largely determined by the structure of the technology itself’ [Postman]. He states that the medium itself ‘contains an ideological bias’. He continues to argue that technology is non-neutral:
(1) because of the symbolic forms in which information is encoded, different media have different intellectual and emotional biases; (2) because of the accessibility and speed of their information, different media have different political biases; (3) because of their physical form, different media have different sensory biases; (4) because of the conditions in which we attend to them, different media have different social biases; (5) because of their technical and economic structure, different media have different content biases. [Postman]
More recent scholars of Internet infrastructure and governance have also pointed out that Internet processes and standards have become part and parcel of political processes and public policies: one only has to look at the IANA transition or global innovation policy for concrete examples [DeNardis]. Similarly one can look at the Raven process in which the IETF after a long discussion refused to standardize wiretapping (which resulted in [RFC2804]. That was an instance where the IETF took a position that was largely political, although driven by a technical argument. It was similar to the process that led to [RFC6973], in which something that occurred in the political space (Snowden disclosures) engendered the IETF to act. This is summarized in [Abbate] who says: “protocols are politics by other means”. This emphasizes the interests that are at play in the process of designing standards. This position holds further that protocols can never be understood without their contextual embeddedness: protocols do not exist solely by themselves but always are to be understood in a more complex context – the stack, hardware, or nation-state interests and their impact on civil rights. Finally, this view is that that protocols are political because they affect or sometimes effect the socio-technical ordering of reality. The latter observation leads Winner to conclude that the reality of technological progress has too often been a scenario where the innovation has dictated change for society. Those who had the power to introduce a new technology also had the power to create a consumer class to use the technology, ‘with new practices, relationships, and identities supplanting the old, —and those who had the wherewithal to implement new technologies often molded society to match the needs of emerging technologies and organizations.’ [Winner].
Standards exist for nearly everything: processes, technologies, safety, hiring, elections, and training. Standards provide blue-prints for how to accomplish a particular task in a similar way to others trying to accomplish the same thing, while reducing overhead and inefficiencies. Standards enhance competition by allowing different entities to work from a commonly accepted baseline. And they exist in many forms: there can be informal standards, that are just agreed upon normal ways of interacting within a specific community (i.e. the process through which greetings to a new acquaintance are expressed through a bow, a handshake or similar). There can be formal standards, that are normally codified in writing.
And there can be de facto standards: standards that arise in market situations where one entity is particularly dominant, and downstream competitors are therefore tied to the dominant entity’s technological solutions [Ahlborn]. Under EU anti-trust law, de facto standards have been found to be able to restrict competition for downstream services for PC software products [CJEU2007], as well as downstream services dependent on health information [CJEU2004].
The World Trade Organisation (WTO) recognises a difference between standards and technical regulations, where standards are voluntary formal codes to which products or services may conform while technical regulations are mandatory requirements the fulfillment of which is required for a product to be accessible on one of the WTO country markets. The WTO rules have implications for how nation states, at least those that have signed on to the WTO agreements, may impose specific technical requirements on companies.
But there are many standardisation groups that were originally launched by nation states or groups of nation states. ISO, BIS, CNIS, NIST, ABNT and ETSI are examples of institutions that are, wholly or partially, sponsored by public money in order to ensure smooth development of formal standards. Even if under WTO rules these organisations cannot create the equivalent of a technical regulation, they have important normative functions in their respective countries.
The development of formal standards development faces a number of economic and organisational challenges. The cost and difficulty of organising many entities around a mutual goal, as well as the cost of research and development leading up to a mutually beneficial technological platform. In addition, one faces the problem of deciding what the mutual goal is.
These problems may be described as inter-organisational costs. Even after a goal is decided upon, coordination of multiple entities requires time and money. One needs communication platforms, processes and a commitment to mutual investment in a higher good. They are not simple tasks, and the more different communities are affected by a particular standardisation process, the more difficult the organisational challenges become.
The standards enabling interoperating networks, what we think of today as the Internet, were created as open, formal and voluntary standards. A platform for internet standardisation, the Internet Engineering Task Force (IETF), was created in 1992 to enable the continuation of such standardisation work.
The IETF has sought to make the standards process transparent (by ensuring everyone can access standards, mailing-lists and meetings), predictable (by having clear procedures and reviews) and of high quality (by having draft documents reviewed by members from its own epistemic community). This is all aimed at increasing the accountability of the process and the quality of the standard.
The IETF implements what has been referred to as an “informal ex ante disclosure policy” for patents [Contreras], which includes the possibility for participants to disclose the existence of a patent relevant for the standard, royalty-terms which would apply to the implementors of that standard should it enter into effect, as well as other licensing terms that may be interesting for implementors to know. The community ethos in the IETF seems to lead to 100% royalty-free disclosures of prior patents which is a record number, even among other comparable standard organisations [Contreras].
In spite of a strong community ethos and transparent procedures, the IETF is not immune to externalities. Sponsorship to the IETF is varied, but is also of the nature that ongoing projects that are in the specific interest of one or some group of corporations may be given more funding than other projects (see [draft-finance-thoughts]). The IETF has faced three periods of decreased commitment from participants in funding its meetings in the past ten years, leading, naturally, to self-scrutiny, see for instance [IAOC69], [IAOC77], [IAOC99].
Roman engineers complained about inadequate legacy standards they needed to comply with, which hampered them in their engineering excellence. In that sense not much has changed in the last 2100 years. When starting from a tabula rasa, one does not need to take other systems, layers or standards into account. The need for interoperability, and backward compatability makes engineering work harder. And once a standard is designed, it does not automatically means it will be broadly adopted at as fast pace. Examples of this are IPv6, DNSSEC, DKIM, etc. The need for interoperability means that a new protocol needs to take into account a much more diverse environment than early protocols, and also be amendable to different needs: protocols needs to relate and negotiate in a busy agora, as do the protocol developers. This means that some might get priority, whereas others get dropped.
There is a competition between layers, and even contestation about what the borders of different layers are. This leads to competition between layers and different solutions for similar problems on different layers, which in its turn leads to further ossification, which leads to more contestation.
Coordinating transnational stakeholders in a process of negotiation and agreement through the development of common rules is a form of global governance [Nadvi]. Standards are among the mechanisms by which this governance is achieved. Conformance to certain standards is often a basic condition of participation in international trade and communication, so there are strong economic and political incentives to conform, even in the absence of legal requirements [Russell]. [RogersEden] argue:
“As unequal participants compete to define standards, technological compromises emerge, which add complexity to standards. For instance, when working group participants propose competing solutions, it may be easier for them to agree on a standard that combines all the proposals rather than choosing any single proposal. This shifts the responsibility for selecting a solution onto those who implement the standard, which can lead to complex implementations that may not be interoperable. On its face this appears to be a failure of the standardization process, but this outcome may benefit certain participants— for example, by allowing an implementer with large market share to establish a de facto standard within the scope of the documented standard.”
It is indisputable that the Internet plays an increasingly important role in the lives of individuals. The community that produces standards for the Internet therefore also has an impact on society, which it itself has recognised in a number of previously adopted documents [RFC1958].
The IETF cannot ordain what standards are to be used on the networks, and it specifically does not determine the laws of regions or countries where networks are being used, but it does set open standards for interoperability on the Internet, and has done so since the inception of the Internet. Because a standard is the blue-print for how to accomplish a particular task in a similar way to others, the standards adopted have a normative effect. The standardisation work at the IETF will have implications on what is perceived as technologically possible and useful where networking technologies are being deployed, and its standards output reflect was is considered by the technical community as feasible and good practice.
This calls for providing a methodology in the IETF community to evaluate which routes forward should indeed be feasible, what constitutes the “good” in “good practice” and what trade-offs between different feasible features of technologies are useful and should therefore be made possible. Such an analysis should take societal implication into account.
The risk of not doing this is threefold: (1) the IETF might make decisions which have a political impact that was not intended by the community, (2) other bodies or entities might make the decisions for the IETF because the IETF does not have an explicit stance, (3) other bodies that do take these issues into account might increase in importance to the detriment of the influence of the IETF.
This does not mean the IETF does not have a position on particular political issues. The policies for open and diverse participation [RFC7704], the anti-harassment policy [RFC7776], as well as the Guidelines for Privacy Considerations [RFC6973] are testament of this. But these are all examples of positions about the IETF’s work processes or product. What is absent is a way for IETF participants to evaluate their role with respect to the wider implications of that IETF work.
There are instruments that can help the IETF develop an approach to address the politics of standards. Part of this can be found in [RFC8280] as well as the United National Guiding Principles for Business and Human Rights [UNGP]. But there is not a one-size-fits-all solution. The IETF is a particular organization, with a particular mandate, and even if a policy is in place, its success depends on the implementation of the policy by the community.
Since ‘de facto standardization is reliant on market forces’ [Hanseth] we need to live with the fact standards bodies have a political nature [Webster]. This does not need to be problematic as long as there are sufficient accountability and transparency mechanisms in place. The importance of these mechanisms increases with the importance of the standards and their implementations. The complexity of the work inscribes a requirement of competence in the work in the IETF, which forms an inherent barrier for end-user involvement. Even though this might not be intentional, it is a result of the interplay between the characteristics of the epistemic community in the IETF and the nature of the standard setting process.
Instead of splitting hairs about whether ‘standards are political’ [Winner] [Woolgar] we argue that we need to look at the politics of individual standards and invite document authors and reviewers to take these dynamics into account.
As this draft concerns a research document, there are no security considerations as described in [RFC3552], which does not mean that not addressing the issues brought up in this draft will not impact the security of end-users or operators.
This document has no actions for IANA.
Thanks to Andrew Sullivan, Brian Carpenter, Mark Perkins and all contributors and reviewers on the hrpc mailinglist.
The discussion list for the IRTF Human Rights Protocol Considerations working group is located at the e-mail address hrpc@ietf.org. Information on the group and information on how to subscribe to the list is at: https://www.irtf.org/mailman/listinfo/hrpc
Archives of the list can be found at: https://www.irtf.org/mail-archive/web/hrpc/current/index.html
[Abbate] | Abbate, J., "Inventing the Internet", MIT Press , 2000. |
[Ahlborn] | Ahlborn, C., Denicoló, V., Geradin, D. and A. Padilla, "Implications of the Proposed Framework and Antitrust Rules for Dynamically Competitive Industries", DG Comp’s Discussion Paper on Article 82, DG COMP, European Commission , 2006. |
[BramanI] | Braman, S., "Internationalization of the Internet by design: The first decade", Global Media and Communication, Vol 8, Issue 1, pp. 27 - 45 , 2012. |
[BramanII] | Braman, S., "The Framing Years: Policy Fundamentals in the Internet Design Process, 1969–1979", The Information Society Vol. 27, Issue 5, 2011 , 2010. |
[Carey] | Carey, J., "Communication As Culture", p. 139 , 1992. |
[CJEU2004] | Court of Justice of the European Union, ., "ECLI:EU:C:2004:257, C-418/01 IMS Health", Cambridge, UK: Cambridge University Press , 2004. |
[CJEU2007] | Court of Justice of the European Union, ., "ECLI:EU:T:2007:289, T-201/04 Microsoft Corp.", Cambridge, UK: Cambridge University Press , 2007. |
[Contreras] | Contreras, J., "Technical Standards and Ex Ante Disclosure: Results and Analysis of an Empirical Study", Jurimetrics: The Journal of Law, Science & Technology, vol. 53, p. 163-211 , 2013. |
[DeNardis] | Denardis, L., "The Internet Design Tension between Surveillance and Security", IEEE Annals of the History of Computing (volume 37-2) , 2015. |
[draft-finance-thoughts] | Arkko, J., "Thoughts on IETF Finance Arrangements", 2017. |
[Feenberg] | Feenberg, A., "Critical Theory of Technology", p.5-6 , 1991. |
[Hanseth] | Hanseth, O. and E. Monteiro, "Insribing Behaviour in Information Infrastructure Standards", Accounting, Management and Infomation Technology 7 (14) p.183-211 , 1997. |
[Heidegger] | Heidegger, M., "The Question Concerning Technology and Other Essays", Garland: New York, 1977 , 1977. |
[IAOC69] | IAOC, ., "IAOC Report Chicago", 2007. |
[IAOC77] | IAOC, ., "IAOC Report Anaheim", 2010. |
[IAOC99] | IAOC, ., "IAOC Report Prague", 2017. |
[Nadvi] | Nadvi, K. and F. Wältring, "Making sense of global standards", In: H. Schmitz (Ed.), Local enterprises in the global economy (pp. 53–94). Cheltenham, UK: Edward Elgar. , 2004. |
[Postman] | Postman, N., "Technopoly: the Surrender of Culture to Technology", Vintage: New York. pp. 3–20. , 1992. |
[RFC0049] | Meyer, E., "Conversations with S. Crocker (UCLA)", RFC 49, DOI 10.17487/RFC0049, April 1970. |
[RFC0101] | Watson, R., "Notes on the Network Working Group meeting, Urbana, Illinois, February 17, 1971", RFC 101, DOI 10.17487/RFC0101, February 1971. |
[RFC0144] | Shoshani, A., "Data sharing on computer networks", RFC 144, DOI 10.17487/RFC0144, April 1971. |
[RFC0164] | Heafner, J., "Minutes of Network Working Group meeting, 5/16 through 5/19/71", RFC 164, DOI 10.17487/RFC0164, May 1971. |
[RFC0196] | Watson, R., "Mail Box Protocol", RFC 196, DOI 10.17487/RFC0196, July 1971. |
[RFC0286] | Forman, E., "Network Library Information System", RFC 286, DOI 10.17487/RFC0286, December 1971. |
[RFC0313] | O'Sullivan, T., "Computer based instruction", RFC 313, DOI 10.17487/RFC0313, March 1972. |
[RFC0316] | McKay, D. and A. Mullery, "ARPA Network Data Management Working Group", RFC 316, DOI 10.17487/RFC0316, February 1972. |
[RFC0542] | Neigus, N., "File Transfer Protocol", RFC 542, DOI 10.17487/RFC0542, August 1973. |
[RFC0549] | Michener, J., "Minutes of Network Graphics Group meeting, 15-17 July 1973", RFC 549, DOI 10.17487/RFC0549, July 1973. |
[RFC0613] | McKenzie, A., "Network connectivity: A response to RFC 603", RFC 613, DOI 10.17487/RFC0613, January 1974. |
[RFC1958] | Carpenter, B., "Architectural Principles of the Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996. |
[RFC2804] | IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, DOI 10.17487/RFC2804, May 2000. |
[RFC3552] | Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003. |
[RFC5218] | Thaler, D. and B. Aboba, "What Makes for a Successful Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008. |
[RFC6973] | Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M. and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013. |
[RFC7258] | Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2014. |
[RFC7704] | Crocker, D. and N. Clark, "An IETF with Much Diversity and Professional Conduct", RFC 7704, DOI 10.17487/RFC7704, November 2015. |
[RFC7776] | Resnick, P. and A. Farrel, "IETF Anti-Harassment Procedures", BCP 25, RFC 7776, DOI 10.17487/RFC7776, March 2016. |
[RFC8280] | ten Oever, N. and C. Cath, "Research into Human Rights Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280, October 2017. |
[RogersEden] | Rogers, M. and G. Eden, "The Snowden Disclosures, Technical Standards, and the Making of Surveillance Infrastructures", International Journal of Communication 11(2017), 802-823 , 2017. |
[Russell] | Russell, A., "Open standards and the digital age: History, ideology, and networks", Cambridge, UK: Cambridge University Press , 2014. |
[UNGP] | Ruggie, J. and United Nations, "United Nations Guiding Principles for Business and Human Rights", 2011. |
[Webster] | Webster, J., "Networks of Collaboration or Conflict? The Development of EDI", The social shaping of inter-organizational IT systems and data interchange, eds: I. McLougling & D. Mason, European Commission PICT/COST A4 , 1995. |
[Winner] | Winner, L., "Upon openig the black box and finding it empty: Social constructivism and the philosophy of technology", Science, Technology, and Human Values 18 (3) p. 362-378 , 1993. |
[Woolgar] | Woolgar, S., "Configuring the user: the case of usability trials", A sociology of monsters. Essays on power, technology and dominatior, ed: J. Law, Routeledge p. 57-102. , 1991. |