Internet Research Task Force (IRTF) N. ten Oever
Request for Comments: 8280 ARTICLE 19
Category: Informational C. Cath
ISSN: 2070-1721 Oxford Internet Institute
October 2017 Research into Human Rights Protocol Considerations
This document aims to propose guidelines for human rights
considerations, similar to the work done on the guidelines for
privacy considerations (RFC 6973). The other parts of this document
explain the background of the guidelines and how they were developed.
This document is the first milestone in a longer-term research
effort. It has been reviewed by the Human Rights Protocol
Considerations (HRPC) Research Group and also by individuals from
outside the research group.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Research Task Force
(IRTF). The IRTF publishes the results of Internet-related research
and development activities. These results might not be suitable for
deployment. This RFC represents the consensus of the Human Rights
Protocol Considerations Research Group of the Internet Research Task
Force (IRTF). Documents approved for publication by the IRSG are not
a candidate for any level of Internet Standard; see Section 2 of
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction ....................................................42. Vocabulary Used .................................................63. Research Questions .............................................124. Literature and Discussion Review ...............................125. Methodology ....................................................155.1. Data Sources ..............................................175.1.1. Discourse Analysis of RFCs .........................175.1.2. Interviews with Members of the IETF Community ......175.1.3. Participant Observation in Working Groups ..........175.2. Data Analysis Strategies ..................................185.2.1. Identifying Qualities of Technical Concepts
That Relate to Human Rights ........................185.2.2. Relating Human Rights to Technical Concepts ........205.2.3. Mapping Cases of Protocols, Implementations, and
Networking Paradigms That Adversely Impact Human
Rights or Are Enablers Thereof .....................216. Model for Developing Human Rights Protocol Considerations ......406.1. Human Rights Threats ......................................406.2. Guidelines for Human Rights Considerations ................426.2.1. Connectivity .......................................436.2.2. Privacy ............................................436.2.3. Content Agnosticism ................................446.2.4. Security ...........................................456.2.5. Internationalization ...............................466.2.6. Censorship Resistance ..............................476.2.7. Open Standards .....................................486.2.8. Heterogeneity Support ..............................506.2.9. Anonymity ..........................................516.2.10. Pseudonymity ......................................516.2.11. Accessibility .....................................536.2.12. Localization ......................................536.2.13. Decentralization ..................................546.2.14. Reliability .......................................556.2.15. Confidentiality ...................................566.2.16. Integrity .........................................586.2.17. Authenticity ......................................596.2.18. Adaptability ......................................606.2.19. Outcome Transparency ..............................617. Security Considerations ........................................618. IANA Considerations ............................................619. Research Group Information .....................................6210. Informative References ........................................62
Authors' Addresses ................................................81
"There's a freedom about the Internet: As long as we accept the rules
of sending packets around, we can send packets containing anything to
"The Internet isn't value-neutral, and neither is the IETF."
The ever-growing interconnectedness of the Internet and society
increases the impact of the Internet on the lives of individuals.
Because of this, the design and development of the Internet
infrastructure also have a growing impact on society. This has led
to a broad recognition that human rights [UDHR] [ICCPR] [ICESCR] have
a role in the development and management of the Internet [UNGA2013]
[NETmundial]. It has also been argued that the Internet should be
strengthened as an enabling environment for human rights [Brown].
This document aims to (1) expose the relationship between protocols
and human rights, (2) propose possible guidelines to protect the
Internet as an enabling environment for human rights in future
protocol development, in a manner similar to the work done for
privacy considerations [RFC6973], and (3) increase the awareness, in
both the human rights community and the technical community, of the
importance of the technical workings of the Internet and its impact
on human rights.
Document authors who want to apply this work to their own can go
directly to Section 6 of this document.
Open, secure, and reliable connectivity is necessary (although not
sufficient) to exercise human rights such as freedom of expression
and freedom of association [FOC], as defined in the Universal
Declaration of Human Rights [UDHR]. The purpose of the Internet is
to be a global network of networks that provides unfettered
connectivity to all users, and for any content [RFC1958]. This
objective of stimulating global connectivity contributes to the
Internet's role as an enabler of human rights. The Internet has
given people a platform to exchange opinions and gather information;
it has enabled people of different backgrounds and genders to
participate in the public debate; it has also allowed people to
congregate and organize. Next to that, the strong commitment to
security [RFC1984] [RFC3365] and privacy [RFC6973] [RFC7258] in the
Internet's architectural design contributes to the strengthening of
the Internet as an enabling environment for human rights. One could
even argue that the Internet is not only an enabler of human rights
but that human rights lie at the base of, and are ingrained in, the
architecture of the networks that make up the Internet. Internet
connectivity increases the capacity for individuals to exercise their
rights; the core of the Internet -- its architectural design -- is
therefore closely intertwined with the human rights framework
[CathFloridi]. The quintessential link between the Internet's
infrastructure and human rights has been argued by many. [Bless1],
for instance, argues that "to a certain extent, the Internet and its
protocols have already facilitated the realization of human rights,
e.g., the freedom of assembly and expression. In contrast, measures
of censorship and pervasive surveillance violate fundamental human
rights." [DeNardis15] argues that "Since the first hints of Internet
commercialization and internationalization, the IETF has supported
strong security in protocol design and has sometimes served as a
force resisting protocol-enabled surveillance features." By doing
so, the IETF enabled the manifestation of the right to privacy,
through the Internet's infrastructure. Additionally, access to
freely available information gives people access to knowledge that
enables them to help satisfy other human rights; as such, the
Internet increasingly becomes a precondition for human rights rather
than a supplement.
Human rights can be in conflict with each other, such as the right to
freedom of expression and the right to privacy. In such cases, the
different affected rights need to be balanced. To do this, it is
crucial that the impacts on rights are clearly documented in order to
mitigate potential harm. This research aims to ultimately contribute
to making that process tangible and practical for protocol
developers. Technology can never be fully equated with a human
right. Whereas a specific technology might be a strong enabler of a
specific human right, it might have an adverse impact on another
human right. In this case, decisions on design and deployment need
to take this into account.
The open nature of the initial technical design and its open
standards, as well as developments like open source, fostered freedom
of communication. What emerged was a network of networks that could
enable everyone to connect and to exchange data, information, and
code. For many, enabling such connections became a core value.
However, as the scale and the commercialization of the Internet grew,
topics like access, rights, and connectivity have been forced to
compete with other values. Therefore, important characteristics of
the Internet that enable human rights might be degraded if they're
not properly defined, described, and protected as such. Conversely,
not protecting characteristics that enable human rights could also
result in (partial) loss of functionality and connectivity, along
with other inherent parts of the Internet's architecture of networks.
New protocols, particularly those that upgrade the core
infrastructure of the network, should be designed to continue to
enable fundamental human rights.
The IETF has produced guidelines and procedures to ensure and
galvanize the privacy of individuals and security of the network in
protocol development. This document aims to explore the possibility
of developing similar procedures for guidelines for human rights
considerations to ensure that protocols developed in the IETF do not
have an adverse impact on the realization of human rights on the
Internet. By carefully considering the answers to the questions
posed in Section 6 of this document, document authors should be
(1) able to produce a comprehensive analysis that can serve as the
basis for discussion on whether the protocol adequately protects
against specific human rights threats and (2) potentially stimulated
to think about alternative design choices.
This document was developed within the framework of the Human Rights
Protocol Considerations (HRPC) Research Group, based on discussions
on the HRPC mailing list (Section 9); this document was also
extensively discussed during HRPC sessions. This document has
received eleven in-depth reviews on the mailing list, and it received
many comments from inside and outside the IRTF and IETF communities.
2. Vocabulary Used
In the discussion of human rights and Internet architecture, concepts
developed in computer science, networking, law, policy-making, and
advocacy are coming together [Dutton] [Kaye] [Franklin] [RFC1958].
The same concepts might have a very different meaning and
implications in other areas of expertise. In order to foster a
constructive interdisciplinary debate and minimize differences in
interpretation, the following glossary is provided. It builds as
much as possible on existing definitions; when definitions were not
available in IETF documents, definitions were taken from other
Standards Development Organizations (SDOs) or academic literature.
Accessibility: "Full Internet Connectivity", as described in
[RFC4084], to provide unfettered access to the Internet.
The design of protocols, services, or implementations that provide
an enabling environment for people with disabilities.
The ability to receive information available on the Internet.
Anonymity: The condition of an identity being unknown or concealed
Anonymous: A state of an individual in which an observer or attacker
cannot identify the individual within a set of other individuals
(the anonymity set) [RFC6973].
Authenticity: The property of being genuine and able to be verified
and be trusted [RFC4949].
Blocking: The practice of preventing access to resources in the
aggregate [RFC7754]. Both blocking and filtering can be
implemented at the level of "services" (web hosting or video
streaming, for example) or at the level of particular "content"
Censorship: Technical mechanisms, including both blocking and
filtering, that certain political or private actors around the
world use to block or degrade Internet traffic. For further
details on the various elements of Internet censorship, see
Censorship resistance: Methods and measures to mitigate Internet
Confidentiality: The property that data is not disclosed to system
entities unless they have been authorized to know the data
Connectivity: The extent to which a device or network is able to
reach other devices or networks to exchange data. The Internet is
the tool for providing global connectivity [RFC1958]. Different
types of connectivity are further specified in [RFC4084].
The end-to-end principle, interoperability, distributed
architecture, resilience, reliability, and robustness in
combination constitute the enabling factors that result in
connectivity to, and on, the Internet.
Content agnosticism: Treating network traffic identically regardless
Decentralized: Implementation or deployment of standards, protocols,
or systems without one single point of control.
End-to-end principle: The principle that application-specific
functions should not be embedded into the network and thus stay at
the endpoints. In many cases, especially when dealing with
failures, the right decisions can only be made with the
corresponding application-specific knowledge, which is available
at endpoints not in the network.
The end-to-end principle is one of the key architectural
guidelines of the Internet. The argument in favor of the
end-to-end approach to system design is laid out in the
fundamental papers by Saltzer, Reed, and Clark [Saltzer] [Clark].
In these papers, the authors argue in favor of radical
simplification: system designers should only build the essential
and shared functions into the network, as most functions can only
be implemented at network endpoints. Building features into the
network for the benefit of certain applications will come at the
expense of others. As such, in general system designers should
attempt to steer clear of building anything into the network that
is not a bare necessity for its functioning. Following the
end-to-end principle is crucial for innovation, as it makes
innovation at the edges possible without having to make changes to
the network, and it protects the robustness of the network.
[RFC2775] further elaborates on various aspects of end-to-end
Federation: The possibility of connecting autonomous and possibly
centralized systems into a single system without a central
Filtering: The practice of preventing access to specific resources
within an aggregate [RFC7754].
Heterogeneity: "The Internet is characterized by heterogeneity on
many levels: devices and nodes, router scheduling algorithms and
queue management mechanisms, routing protocols, levels of
multiplexing, protocol versions and implementations, underlying
link layers (e.g., point-to-point, multi-access links, wireless,
FDDI, etc.), in the traffic mix and in the levels of congestion at
different times and places. Moreover, as the Internet is composed
of autonomous organizations and internet service providers, each
with their own separate policy concerns, there is a large
heterogeneity of administrative domains and pricing structures."
As a result, per [FIArch], the heterogeneity principle proposed in
[RFC1958] needs to be supported by design.
Human rights: Principles and norms that are indivisible,
interrelated, unalienable, universal, and mutually reinforcing.
Human rights have been codified in national and international
bodies of law. The Universal Declaration of Human Rights [UDHR]
is the most well-known document in the history of human rights.
The aspirations from [UDHR] were later codified into treaties such
as the International Covenant on Civil and Political Rights
[ICCPR] and the International Covenant on Economic, Social and
Cultural Rights [ICESCR], after which signatory countries were
obliged to reflect them in their national bodies of law. There is
also a broad recognition that not only states have obligations
vis-a-vis human rights, but non-state actors do as well.
Integrity: The property that data has not been changed, destroyed,
or lost in an unauthorized or accidental manner [RFC4949].
Internationalization (i18n): The practice of making protocols,
standards, and implementations usable in different languages and
scripts (see Section 6.2.12 ("Localization")).
"In the IETF, 'internationalization' means to add or improve the
handling of non-ASCII text in a protocol" [RFC6365].
A different perspective, more appropriate to protocols that are
designed for global use from the beginning, is the definition used
by the World Wide Web Consortium (W3C) [W3Ci18nDef]:
"Internationalization is the design and development of a product,
application or document content that enables easy localization for
target audiences that vary in culture, region, or language."
Many protocols that handle text only handle one charset
(US-ASCII), or they leave the question of encoding up to local
guesswork (which leads, of course, to interoperability problems)
[RFC3536]. If multiple charsets are permitted, they must be
explicitly identified [RFC2277]. Adding non-ASCII text to a
protocol allows the protocol to handle more scripts, hopefully all
scripts in use in the world. In today's world, that is normally
best accomplished by allowing Unicode encoded in UTF-8 only,
thereby shifting conversion issues away from ad hoc choices.
Interoperable: A property of a documented standard or protocol that
allows different independent implementations to work with each
other without any restriction on functionality.
Localization (l10n): The practice of translating an implementation
to make it functional in a specific language or for users in a
specific locale (see Section 6.2.5 ("Internationalization")).
(cf. [RFC6365]): The process of adapting an internationalized
application platform or application to a specific cultural
environment. In localization, the same semantics are preserved
while the syntax may be changed [FRAMEWORK].
Localization is the act of tailoring an application for a
different language, script, or culture. Some internationalized
applications can handle a wide variety of languages. Typical
users only understand a small number of languages, so the program
must be tailored to interact with users in just the languages they
know. The major work of localization is translating the user
interface and documentation. Localization involves not only
changing the language interaction but also other relevant changes,
such as display of numbers, dates, currency, and so on. The
better internationalized an application is, the easier it is to
localize it for a particular language and character-encoding
Open standards: Conform with [RFC2026], which states the following:
"Various national and international standards bodies, such as
ANSI, ISO, IEEE, and ITU-T, develop a variety of protocol and
service specifications that are similar to Technical
Specifications defined here. National and international groups
also publish 'implementors' agreements' that are analogous to
Applicability Statements, capturing a body of implementation-
specific detail concerned with the practical application of their
standards. All of these are considered to be 'open external
standards' for the purposes of the Internet Standards Process."
Openness: Absence of centralized points of control -- "a feature
that is assumed to make it easy for new users to join and new uses
to unfold" [Brown].
Permissionless innovation: The freedom and ability to freely create
and deploy new protocols on top of the communications constructs
that currently exist.
Privacy: The right of an entity (normally a person), acting on its
own behalf, to determine the degree to which it will interact with
its environment, including the degree to which the entity is
willing to share its personal information with others [RFC4949].
The right of individuals to control or influence what information
related to them may be collected and stored, and by whom and to
whom that information may be disclosed.
Privacy is a broad concept relating to the protection of
individual or group autonomy and the relationship between an
individual or group and society, including government, companies,
and private individuals. It is often summarized as "the right to
be left alone", but it encompasses a wide range of rights,
including protections from intrusions into family and home life,
control of sexual and reproductive rights, and communications
secrecy. It is commonly recognized as a core right that underpins
human dignity and other values such as freedom of association and
freedom of speech.
The right to privacy is also recognized in nearly every national
constitution and in most international human rights treaties. It
has been adjudicated upon by both international and regional
bodies. The right to privacy is also legally protected at the
national level through provisions in civil and/or criminal codes.
Reliability: Ensures that a protocol will execute its function
consistently as described and function without unexpected results.
A system that is reliable degenerates gracefully and will have a
documented way to announce degradation. It also has mechanisms to
recover from failure gracefully and, if applicable, allow for
partial healing [dict].
Resilience: The maintaining of dependability and performance in the
face of unanticipated changes and circumstances [Meyer].
Robustness: The resistance of protocols and their implementations to
errors, and resistance to involuntary, legal, or malicious
attempts to disrupt their modes of operation [RFC760] [RFC791]
[RFC793] [RFC1122]. Or, framed more positively, a system can
provide functionality consistently and without errors despite
involuntary, legal, or malicious attempts to disrupt its mode of
Scalability: The ability to handle increased or decreased system
parameters (number of end systems, users, data flows, routing
entries, etc.) predictably within defined expectations. There
should be a clear definition of its scope and applicability. The
limits of a system's scalability should be defined. Growth or
shrinkage of these parameters is typically considered by orders of
Strong encryption / cryptography: Used to describe a cryptographic
algorithm that would require a large amount of computational power
to defeat it [RFC4949]. In the modern usage of the definition of
"strong encryption", this refers to an amount of computing power
currently not available, not even to major state-level actors.
Transparency: In this context, linked to the comprehensibility of a
protocol in relation to the choices it makes for users, protocol
developers, and implementers, and to its outcome.
Outcome transparency is linked to the comprehensibility of the
effects of a protocol in relation to the choices it makes for
users, protocol developers, and implementers, including the
comprehensibility of possible unintended consequences of protocol
choices (e.g., lack of authenticity may lead to lack of integrity
and negative externalities).
3. Research Questions
The Human Rights Protocol Considerations (HRPC) Research Group in the
Internet Research Task Force (IRTF) embarked on its mission to answer
the following two questions, which are also the main two questions
that this document seeks to answer:
1. How can Internet protocols and standards impact human rights, by
either enabling them or creating a restrictive environment?
2. Can guidelines be developed to improve informed and transparent
decision-making about the potential impact of protocols on human
4. Literature and Discussion Review
Protocols and standards are regularly seen as merely performing
technical functions. However, these protocols and standards do not
exist outside of their technical context, nor do they exist outside
of their political, historical, economic, legal, or cultural context.
This is best exemplified by the way in which some Internet processes
and protocols have become part and parcel of political processes and
public policies: one only has to look at the IANA transition,
[RFC7258] ("Pervasive Monitoring Is an Attack"), or global innovation
policy, for concrete examples [DeNardis15]. According to [Abbate],
"protocols are politics by other means." This statement would
probably not garner IETF consensus, but it nonetheless reveals that
protocols are based on decision-making, most often by humans. In
this process, the values and ideas about the role that a particular
technology should perform in society are embedded into the design.
Often, these design decisions are partly "purely technical" and
partly inspired by a certain world view of how technology should
function that is inspired by personal, corporate, and political
views. Within the community of IETF participants, there is a strong
desire to solve technical problems and to minimize engagement with
political processes and non-protocol-related political issues.
Since the late 1990s, a burgeoning group of academics and
practitioners researched questions surrounding the societal impact of
protocols, as well as the politics of protocols. These studies vary
in focus and scope: some focus on specific standards [Davidson-etal]
[Musiani]; others look into the political, legal, commercial, or
social impact of protocols [BrownMarsden] [Lessig] [Mueller]; and yet
others look at how the engineers' personal set of values get
translated into technology [Abbate] [CathFloridi] [DeNardis15]
Commercial and political influences on the management of the
Internet's infrastructure are well documented in the academic
literature and will thus not be discussed here; see [Benkler],
[Brown-etal], [DeNardis15], [Lessig], [Mueller], and [Zittrain]. It
is sufficient to say that the IETF community consistently tries to
push back against the standardization of surveillance and certain
other issues that negatively influence an end user's experience of,
and trust in, the Internet [DeNardis14]. The role that human rights
play in engineering, infrastructure maintenance, and protocol design
is much less clear.
It is very important to understand how protocols and standards impact
human rights, in particular because SDOs are increasingly becoming
venues where social values (like human rights) are discussed,
although often from a technological point of view. These SDOs are
becoming a new focal point for discussions about "values by design"
and the role of technical engineers in protecting or enabling human
rights [Brown-etal] [Clark-etal] [DeNardis14] [CathFloridi] [Lessig]
In the academic literature, five clear positions can be discerned in
relation to the role of human rights in protocol design and how to
account for these human rights in protocol development: Clark
et al. [Clark-etal] argue that there is a need to design "for
variation in outcome -- so that the outcome can be different in
different places, and the tussle takes place within the design (...)"
[as] "Rigid designs will be broken; designs that permit variation
will flex under pressure and survive." They hold that human rights
should not be hard-coded into protocols for three reasons: First, the
rights in the UDHR are not absolute. Second, technology is not the
only tool in the tussle over human rights. And last but not least,
it is dangerous to make promises that can't be kept. The open nature
of the Internet will never, they argue, be enough to fully protect
individuals' human rights.
Conversely, Brown et al. [Brown-etal] state that "some key, universal
values -- of which the UDHR is the most legitimate expression --
should be baked into the architecture at design time." They argue
that design choices have offline consequences and are able to shape
the power positions of groups or individuals in society. As such,
the individuals making these technical decisions have a moral
obligation to take into account the impact of their decisions on
society and, by extension, human rights. Brown et al. recognize that
values and the implementation of human rights vary across the globe.
Yet they argue that all members of the United Nations have found
"common agreement on the values proclaimed in the Universal
Declaration of Human Rights. In looking for the most legitimate set
of global values to embed in the future Internet architectures, the
UDHR has the democratic assent of a significant fraction of the
planet's population, through their elected representatives."
The main disagreement between these two academic positions lies
mostly in the question of whether (1) a particular value system
should be embedded into the Internet's architectures or (2) the
architectures need to account for a varying set of values.
A third position, which is similar to that of Brown et al., is taken
by [Broeders], in which Broeders argues that "we must find ways to
continue guaranteeing the overall integrity and functionality of the
public core of the Internet." He argues that the best way to do this
is by declaring the backbone of the Internet -- which includes the
TCP/IP protocol suite, numerous standards, the Domain Name System
(DNS), and routing protocols -- a common public good. This is a
different approach than those of [Clark-etal] and [Brown-etal]
because Broeders does not suggest that social values should (or
should not) be explicitly coded into the Internet, but rather that
the existing infrastructure should be seen as an entity of public
Bless and Orwat [Bless2] represent a fourth position. They argue
that it is too early to make any definitive claims but that there is
a need for more careful analysis of the impact of protocol design
choices on human rights. They also argue that it is important to
search for solutions that "create awareness in the technical
community about impact of design choices on social values" and "work
towards a methodology for co-design of technical and institutional
Berners-Lee and Halpin [BernersLeeHalpin] represent a fifth position.
They argue that the Internet could lead to even newer capacities, and
these capacities may over time be viewed as new kinds of rights. For
example, Internet access may be viewed as a human right in and of
itself if it is taken to be a precondition for other rights, even if
it could not have been predicted at the time that the UDHR was
written (after the end of World War II).
It is important to contextualize the technical discussion with the
academic discussions on this issue. The academic discussions are
also important to document, as they inform the position of the
authors of this document. The research group's position is that
hard-coding human rights into protocols is complicated and changes
with the context. At this point, it is difficult to say whether or
not hard-coding human rights into protocols is wise or feasible.
Additionally, there are many human rights, but not all are relevant
for information and communications technologies (ICTs). A partial
catalog (with references to sources) of human rights related to ICTs
can be found in [Hill2014]. It is, however, important to make
conscious and explicit design decisions that take into account the
human rights protocol considerations guidelines developed below.
This will contribute to the understanding of the impact that
protocols can have on human rights, for both developers and users.
In addition, it contributes to (1) the careful consideration of the
impact that a specific protocol might have on human rights and
(2) the dissemination of the practice of documenting protocol design
decisions related to human rights.
Pursuant to the principle of constant change, because the function
and scope of the Internet evolve, so does the role of the IETF in
developing standards. Internet Standards are adopted based on a
series of criteria, including high technical quality, support by
community consensus, and their overall benefit to the Internet. The
latter calls for an assessment of the interests of all affected
parties and the specifications' impact on the Internet's users. In
this respect, the effective exercise of the human rights of the
Internet users is a relevant consideration that needs to be
appreciated in the standardization process insofar as it is directly
linked to the reliability and core values of the Internet [RFC1958]
[RFC2775] [RFC3439] [RFC3724].
This document details the steps taken in the research into human
rights protocol considerations by the HRPC Research Group to clarify
the relationship between technical concepts used in the IETF and
human rights. This document sets out some preliminary steps and
considerations for engineers to take into account when developing
standards and protocols.