idnits 2.17.00 (12 Aug 2021) /tmp/idnits49788/draft-irtf-hrpc-association-09.txt: -(7): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding -(643): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding -(1212): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 13 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document date (7 March 2022) is 68 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'AndersonGuarnieri' is defined on line 1160, but no explicit reference was found in the text == Unused Reference: 'UNSRFAA2012' is defined on line 1463, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 155 (Obsoleted by RFC 168) -- Obsolete informational reference (is this intentional?): RFC 1771 (Obsoleted by RFC 4271) -- Obsolete informational reference (is this intentional?): RFC 5751 (Obsoleted by RFC 8551) Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Human Rights Protocol Considerations Research Group N. ten Oever 3 Internet-Draft University of Amsterdam 4 Intended status: Informational G. Perez de Acha 5 Expires: 8 September 2022 Derechos Digitales 6 S. Couture 7 Université de Montréal 8 M. Knodel 9 Center for Democracy & Technology 10 7 March 2022 12 Freedom of Association on the Internet 13 draft-irtf-hrpc-association-09 15 Abstract 17 This document explores whether is a relation between the Internet 18 architecture and the ability of people to exercise their right to 19 peaceful assembly and the right to association online. It does so by 20 asking the question: what are the protocol development considerations 21 for freedom of assembly and association? The Internet increasingly 22 mediates our lives, our relationships, and our ability to exercise 23 our human rights. As a global assemblage, the Internet provides a 24 public space, yet it is predominantly built on private 25 infrastructure. Since Internet protocols and architecture play a 26 central role in the management, development, and use of the Internet, 27 we analyze the relation between protocols, architecture, and the 28 rights to assemble and associate to mitigate infringements on those 29 rights. This document concludes that the way in which infrastructure 30 is designed and implemented impacts people's ability to exercise 31 their freedom of assembly and association. It is therefore 32 recommended that the the potential impacts of Internet technologies 33 should be assessed, reflecting recommendations of various UN bodies 34 and norms. Finally, the document remarks that non-interoperable 35 platforms that do not allow for interoperability or data-portability, 36 render users unable to change platforms, therefore leading to a sort 37 of "forced association" that inhibits people to fully exercise their 38 freedom of assembly and association. 40 Status of This Memo 42 This Internet-Draft is submitted in full conformance with the 43 provisions of BCP 78 and BCP 79. 45 Internet-Drafts are working documents of the Internet Engineering 46 Task Force (IETF). Note that other groups may also distribute 47 working documents as Internet-Drafts. The list of current Internet- 48 Drafts is at https://datatracker.ietf.org/drafts/current/. 50 Internet-Drafts are draft documents valid for a maximum of six months 51 and may be updated, replaced, or obsoleted by other documents at any 52 time. It is inappropriate to use Internet-Drafts as reference 53 material or to cite them other than as "work in progress." 55 This Internet-Draft will expire on 8 September 2022. 57 Copyright Notice 59 Copyright (c) 2022 IETF Trust and the persons identified as the 60 document authors. All rights reserved. 62 This document is subject to BCP 78 and the IETF Trust's Legal 63 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 64 license-info) in effect on the date of publication of this document. 65 Please review these documents carefully, as they describe your rights 66 and restrictions with respect to this document. Code Components 67 extracted from this document must include Revised BSD License text as 68 described in Section 4.e of the Trust Legal Provisions and are 69 provided without warranty as described in the Revised BSD License. 71 Table of Contents 73 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 74 2. Vocabulary used . . . . . . . . . . . . . . . . . . . . . . . 4 75 3. Research question . . . . . . . . . . . . . . . . . . . . . . 5 76 4. Methodology . . . . . . . . . . . . . . . . . . . . . . . . . 5 77 5. Literature Review . . . . . . . . . . . . . . . . . . . . . . 6 78 5.1. FAA definition and core treaties . . . . . . . . . . . . 6 79 5.2. FAA in the digital era . . . . . . . . . . . . . . . . . 9 80 5.3. Specific questions raised from the literature review . . 13 81 6. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 13 82 6.1. Got No Peace: Spam and DDoS . . . . . . . . . . . . . . . 14 83 6.1.1. Spam . . . . . . . . . . . . . . . . . . . . . . . . 15 84 6.1.2. DDoS . . . . . . . . . . . . . . . . . . . . . . . . 16 85 6.2. Holistic Agency: Mailing Lists and Spam . . . . . . . . . 16 86 6.2.1. Mailing lists . . . . . . . . . . . . . . . . . . . . 16 87 6.2.2. Spam . . . . . . . . . . . . . . . . . . . . . . . . 17 88 6.3. Civics in Cyberspace: Messaging, Conferencing, and 89 Networking . . . . . . . . . . . . . . . . . . . . . . . 17 90 6.3.1. Email . . . . . . . . . . . . . . . . . . . . . . . . 18 91 6.3.2. Mailing lists . . . . . . . . . . . . . . . . . . . . 18 92 6.3.3. IRC . . . . . . . . . . . . . . . . . . . . . . . . . 18 93 6.3.4. WebRTC . . . . . . . . . . . . . . . . . . . . . . . 19 94 6.3.5. Peer-to-peer networking . . . . . . . . . . . . . . . 20 95 6.4. Universal Access: The Web . . . . . . . . . . . . . . . . 21 96 6.5. Block Together Now: IRC and Refusals . . . . . . . . . . 22 98 7. Conclusions: Can we learn anything from the previous case 99 studies? . . . . . . . . . . . . . . . . . . . . . . . . 23 100 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24 101 9. Work Space . . . . . . . . . . . . . . . . . . . . . . . . . 25 102 10. Security Considerations . . . . . . . . . . . . . . . . . . . 25 103 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 104 12. Research Group Information . . . . . . . . . . . . . . . . . 25 105 13. Informative References . . . . . . . . . . . . . . . . . . . 25 106 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33 108 1. Introduction 110 We shape our tools and, thereafter, our tools shape us.  112 - John Culkin (1967) 114 Article 21 of the Covenant protects peaceful assemblies wherever 115 they take place: outdoors, indoors and online; in public and 116 private spaces; or a combination thereof. 118 - General Comment 37 of the Human Rights Committee (2020) 120 In the digital age, the exercise of the rights of peaceful 121 assembly and association has become largely dependent on business 122 enterprises, whose legal obligations, policies, technical 123 standards, financial models and algorithms can affect these 124 freedoms. 126 - Annual Report to the UN Human Rights Council by the Special 127 Rapporteur on the rights to freedom of peaceful assembly and 128 of association (2019). 130 The current draft continues the work started in "Research into Human 131 Rights Protocol Considerations" [RFC8280] by investigating the impact 132 of Internet protocols on a specific set of human rights, namely the 133 right to peaceful assembly and the right to association. Taking into 134 consideration the international human rights framework regarding the 135 human right to peaceful assembly and the right to association, the 136 present document seeks to deepen the relationship between this human 137 right and Internet architecture, protocols, and standards. In that 138 way, we continue the work of the Human Rights Protocol Consideration 139 Research Group, as laid out in its charter, where one of the research 140 aims is "to expose the relation between protocols and human rights, 141 with a focus on the rights to freedom of expression and freedom of 142 assembly" [HRPC-charter]. The conclusions may inform the development 143 of new guidelines for protocol developers in draft-irtf-hrpc- 144 guidelines. 146 The research question of this document is: what are the protocol 147 development considerations for the right to peaceful assembly and the 148 right to association? 150 2. Vocabulary used 152 Architecture The design of a structure 154 Autonomous System (AS) Autonomous Systems are the unit of routing 155 policy in the modern world of exterior routing [RFC1930]. 157 Within the Internet, an autonomous system (AS) is a collection of 158 connected Internet Protocol (IP) routing prefixes under the 159 control of one or more network operators on behalf of a single 160 administrative entity or domain that presents a common, clearly 161 defined routing policy to the Internet [RFC1930]. 163 The classic definition of an Autonomous System is a set of routers 164 under a single technical administration, using an interior gateway 165 protocol and common metrics to route packets within the AS, and 166 using an exterior gateway protocol to route packets to other ASs 167 [RFC1771]. 169 Border Gateway Protocol (BGP) An inter-Autonomous System routing 170 protocol [RFC4271]. 172 Connectivity The extent to which a device or network is able to 173 reach other devices or networks to exchange data. The Internet is 174 the tool for providing global connectivity [RFC1958]. Different 175 types of connectivity are further specified in [RFC4084]. The 176 combination of the end-to-end principle, interoperability, 177 distributed architecture, resilience, reliability and robustness 178 are the enabling factors that result in connectivity to and on the 179 Internet. 181 Decentralization Implementation or deployment of standards, 182 protocols or systems without one single point of control. 184 Distributed system A system with multiple components that have their 185 behavior co-ordinated via message passing. These components are 186 usually spatially separated and communicate using a network, and 187 may be managed by a single root of trust or authority. 188 [Troncosoetal] 190 Infrastructure Underlying basis or structure for a functioning 191 society, organization or community. Because infrastructure is a 192 precondition for other activities it has a procedural, rather than 193 static, nature due to its social and cultural embeddedness 195 [PipekWulf] [Bloketal]. This means that infrastructure is always 196 relational: infrastructure always develops in relation to 197 something or someone [Bowker]. 199 Internet The Network of networks, that consists of Autonomous 200 Systems that are connected through the Internet Protocol (IP). 202 A persistent socio-technical system over which services are 203 delivered [Mainwaringetal], 205 A techno-social assemblage of devices, users, sensors, networks, 206 routers, governance, administrators, operators and protocols 208 An emergent-process-driven thing that is born from the collections 209 of the ASes that happen to be gathered together at any given time. 210 The fact that they tend to interact at any given time means it is 211 an emergent property that happens because they use the protocols 212 defined at IETF. 214 Right to peaceful assembly 'The right of peaceful assembly protects 215 the non-violent gathering by persons for specific purposes, 216 principally expressive ones.1 It constitutes an individual right 217 that is exercised collectively.2 Inherent to the right is thus an 218 associative element.' [UNGC37] 220 Right to association 'The right and freedom of association 221 encompasses both an individual's right to join or leave groups 222 voluntarily, the right of the group to take collective action to 223 pursue the interests of its members, and the right of an 224 association to accept or decline membership based on certain 225 criteria.' [FoAdef] 227 3. Research question 229 The research question of this document is: what are the protocol 230 development considerations for freedom of assembly and association? 232 4. Methodology 234 In this document, we deepen our exploration of human rights and 235 protocols by assessing one specific set of human rights: freedom of 236 association and assembly, abbreviated here as FAA. Our methodology 237 for doing so is the following: first, we provide a brief twofold 238 literature review addressing the philosophical and legal definitions 239 of FAA and how this right has already been interpreted or analyzed 240 concerning the digital. This literature review is not exhaustive nor 241 systematic but aims at providing some lines of questioning that could 242 later be used for protocol development. The second part of our 243 methodology looks at some cases of Internet protocols that are 244 relevant to the sub-questions highlighted in the literature review, 245 and analyze how these protocols facilitate and inhibit the right to 246 peaceful assembly and association. 248 5. Literature Review 250 5.1. FAA definition and core treaties 252 The rights to peaceful assembly and the freedom of association are 253 defined and guaranteed in national law and international treaties, 254 however, in this document we limit outselves to international 255 treaties. Article 20 of the Universal Declaration of Human Rights 256 [UDHR] states that "Everyone has the right to freedom of peaceful 257 assembly and association" and that "No one may be compelled to belong 258 to an association". Article 23 further guarantees that "Everyone has 259 the right to form and to join trade unions for the protection of his 260 interests". In the International Covenant on Civil and Political 261 Rights [ICCPR], article 21 stipulates that "The right of peaceful 262 assembly shall be recognized" and that "No restrictions may be placed 263 on the exercise of this right other than those imposed in conformity 264 with the law and which are necessary in a democratic society in the 265 interests of national security or public safety, public order (ordre 266 public), the protection of public health or morals or the protection 267 of the rights and freedoms of others" while article 22 states that 268 "Everyone shall have the right to freedom of association with others, 269 including the right to form and join trade unions". 271 General Comment No. 37 on the right of peaceful assembly by the 272 United Nations Human Rights Committee affirms that the right of 273 peaceful assembly protects non-violent online gatherings: "associated 274 activities that happen online or otherwise rely upon digital services 275 [...] are also protected" [UNGC37]. Interference with emerging 276 communications technologies that offer the opportunity to assemble 277 either wholly or partly online or play an integral role in 278 organizing, participating in and monitoring physical gatherings are 279 assumed to impede assemblies which are protected by this right. 280 Moreover, any restriction on the 'operation of information 281 dissemination systems' must conform with the tests for restrictions 282 on freedom of expression (see below). 284 Other treaties are sometimes cited as the source and framework to the 285 right to freedom of association and assembly. An example of this is 286 Article 5 of the International Convention on the Elimination of All 287 Forms of Racial Discrimination [CERD] which stipulates freedom of 288 peaceful assembly and association should be guaranteed "without 289 discrimination as to race, colour, national or ethnic origin"; 290 Article 15 of the Convention on the Rights of the Child [CRC] which 291 recognises to child pending the restrictions cited above; and Article 292 21 of the Convention on the Rights of Persons with Disabilities 293 [CRPD] which insist on usable and accessible formats and technologies 294 appropriate for persons with different kinds of disabilities. The 295 freedoms of peaceful assembly and association are also protected 296 under regional human rights treaties: article 11 of the European 297 Convention on Human Rights, articles 15 and 16 of the American 298 Convention on Human Rights, article 10 and 11 of the African Charter 299 on Human and Peoples' Rights. 301 From a more philosophical perspective, Brownlee and Jenkins 302 [Stanford] make some interesting distinctions in particular regarding 303 the concepts of association, assembly and interaction, deviating 304 somewhat from what is established in interpretations of international 305 human rights law. "Interaction" refers to any kind of interpersonal 306 and often incidental engagements in daily life, like encountering 307 strangers on a bus. Interaction is seen as a "prerequisite" for 308 association. Assembly, according to Brownlee and Jenkins has a more 309 political connotation and is often used to refer to activists, 310 protesters, or members of a group in a deliberating event. The 311 authors refer to association as more "persistent connections" and 312 distinguish between intimate associations, like friendship, love, or 313 family, and collective association like trade unions, commercial 314 business, or "expressive associations" like civil rights 315 organizations or LGBTQIA associations. For Brownlee and Jenkins 316 [Stanford], the right to association is linked to different relative 317 freedoms: permission (to associate or dissociate), claim-right (to 318 oppose others interfering with our conduct), power (to alter the 319 status of our association), immunity (from other people interfering 320 in our right). Freedom of association thus refers both to the 321 individual right to join or leave a group and to the collective right 322 to form or dissolve a group. 324 Freedoms of association and peaceful assembly, however, are relative 325 and not absolute. Excluding someone from an association based on its 326 sex, race or other individual characteristic is also often 327 contentious if not illegal. As mentioned above, international human 328 rights law provides the framework for legitimate restrictions on 329 these rights, as well as the right to privacy and the right to 330 freedom of expression and opinion. Restrictions can be imposed by 331 states, but only if this is lawful and proportionate. States must 332 document how these limitations are necessary in the interests of 333 national security or public safety, public order, the protection of 334 public health or morals, or the protection of the rights and freedoms 335 of others. Finally, states must also protect participants against 336 possible abuses by non-state actors. 338 The Human Rights Committee explores a few restrictions related to 339 associated activities online or reliant upon digital services, that 340 are also protected under article 21, and stipulates that "States 341 parties must not, for example, block or hinder Internet connectivity 342 in relation to peaceful assemblies. The same applies to geotargeted 343 or technology-specific interference with connectivity or access to 344 content.". Additionally, "States should ensure that the activities 345 of Internet service providers and intermediaries do not unduly 346 restrict assemblies or the privacy of assembly participants." 347 [UNGC37]. 349 Interpreting international law, the right to freedom of peaceful 350 assembly and the right to freedom of association protects any 351 collective, gathered either permanently or temporarily for "peaceful" 352 purposes, online and offline. It is important to underline the 353 property of "freedom" because the right to freedom of association and 354 assembly is voluntary and uncoerced: anyone can join or leave a group 355 of choice, which in turn means one should not be forced to either 356 join, stay or leave. An assembly is an "intentional and temporary 357 gathering of a collective in a private or public space for a specific 358 purpose: demonstrations, indoor meetings, strikes, processions, 359 rallies, or even sits-in" [UNGA]. Association has a more formal and 360 established nature and refer to a group of individuals or legal 361 entities brought together in order to collectively act, express, 362 promote, pursue, or defend a field of common interests 363 [UNSRFOAA2012]. Think about civil society organizations, clubs, 364 cooperatives, NGOs, religious associations, political parties, trade 365 unions, or foundations. 367 When talking about the human right of freedom of association and 368 assembly, one should always take into account that 'all human rights 369 are indivisible, interrelated, unalienable, universal, and mutually 370 reinforcing' [ViennaDeclaration]. This means that in the analysis of 371 the impact of a certain variable on freedom of association and 372 assembly one should take other human rights into account too. When 373 devising an approach to mitigate a possible negative influence on 374 this right, one should also always take into account the possible 375 impact this might have on other rights. For example, the following 376 rights are often impacted in conjunction with freedom of association 377 and assembly: the right to political participation, the right to 378 (group) privacy, the right to freedom of expression, and access to 379 information. For instance, when the right to political participation 380 is hampered, this often happens in conjunction with a limitation of 381 the freedom of association and assembly because political 382 participation is often done collectively. When the right to privacy 383 is hampered, this privacy of particular groups is also impacted (so- 384 called 'group privacy' [Loi], which potentially has consequences for 385 the right to association and assembly. Where the freedom of 386 expression of a group is hampered, such as in protests or through 387 Internet shutdowns, this both hampers other people's ability to 388 receive the information of the group, and impact the right to 389 assembly of the people who seek to express themselves as a group 390 [Nyokabi]. 392 Finally, if the right to association and assembly is limited by 393 national law, this does not mean it is consistent with international 394 human rights law. In such a case, the national law would therefore 395 not be legitimate [Glasius]. 397 5.2. FAA in the digital era 399 Before discussing freedom of association and assembly as it pertains 400 to digital environments, we must first recognize that the United 401 Nations Human Rights Council adopted resolutions on the promotion, 402 protection and enjoyment of human rights on the Internet in 2012, 403 2014, 2016 and 2018, affirming and reaffirming "... that the same 404 rights that people have offline must also be protected online ..." 405 [UNHRC2018]. Therefore the digital environment is no exception to 406 application of this right by any means. Various other resolutions 407 and report have established the online applicability of the freedoms 408 of association and assembly, most recently and authoritatively by the 409 Human Rights Committee in General Comment 37 (2020)[UNGC37]. The 410 questions that remain, however, are how these rights should be 411 conceptualized and implemented in different parts and levels of 412 digital environments. 414 The right to freedom of assembly and association online is the 415 subject of increasing discussions and analysis. Especially since 416 social media played an important role in several revolutions in 2011, 417 which has led to increasing and ever more sophisticated attacks by 418 autocratic governments on online communities and other associational 419 activities occurring on the Internet [RutzenZenn]. In 2016, the 420 Council of Europe published a report, "Report by the Committee of 421 experts on cross-border flow of Internet traffic and Internet freedom 422 on Freedom of assembly and association on the Internet" [CoE] which 423 noted that while the Internet and technologies are not explicitly 424 mentioned in international treaties, these treaties nevertheless 425 apply to "the online environment". The report argue the "Internet is 426 the public sphere of the 21st century", something demonstrated by the 427 fact that informal associations can be gathered at scale in a matter 428 of hours on the Internet, and that digital communication tools often 429 serve to facilitate, publicize or otherwise enable presential 430 associations or assemblies, like a protest or demonstration. They 431 note, on the other hand, the negative ways in which the Internet can 432 also be used to promote or facilitate terrorism, urban violence and 433 hate speech, thus insisting on the "extremely important and urgent" 434 need to fight online terrorist activities such as recruitment or 435 mobilization, while at the same time respecting the right to peaceful 436 assembly and association of other users. The report mentions the 437 following examples that could be help further our reflection: 439 * Instances of network shutdowns in the Arab Spring, to prevent 440 people from organising themselves or assembling 442 * California's Bay Area Rapid Transit (BART) shutdown of mobile 443 phone service, to prevent potential property destruction by 444 protesters and disruption of service 446 * The wholesale blocking of Google as a violation of freedom of 447 expression 449 * Telus, a telecom company which blocked customers' access to 450 websites critical of Telus during a Telecommunications Workers 451 Union strike against it 453 * The targeting of social media users who call for or organise 454 protests though the Internet in Turkey's Gezi Park protests 456 * Mass surveillance or other interferences with privacy in the 457 context of law enforcement and national security 459 * Use of VPNs (Virtual Private Networks) and the Tor network to 460 ensure anonymity 462 * Distributed Denial of Service attacks (DDoS) as civil 463 disobedience. 465 In 2019 the UN Special Rapporteur on the rights to freedom of 466 peaceful assembly and of association, notes the opportunities and 467 challenges posed by digital networks to the rights to freedom of 468 peaceful assembly and of association [UNSRFAA2019]. The report 469 recommends that international human rights norms and principles 470 should also be used as a framework "that guides digital technology 471 companies' design, control and governance of digital technologies". 472 The report states that "technical standards" in particular can affect 473 the freedom of association and assembly, and makes some 474 recommendations which could be relevant, including: 476 * "[Undertake] human rights impact assessments which incorporate the 477 rights to freedom of peaceful assembly and of association when 478 developing or modifying their products and services," 480 * "increase the quality of participation in and implementation of 481 existing multi-stakeholder initiatives," 483 * "collaborate with governments and civil society to develop 484 technology that promotes and strengthens human rights," 486 * "support the research and development of appropriate technological 487 solutions to online harassment, disinformation and propaganda, 488 including tools to detect and identify State-linked accounts and 489 bots," and 491 * "adopt monitoring indicators that include specific concerns 492 related to freedom of peaceful assembly and association." 494 In one of their "training kits" [APCtraining], the Association of 495 Progressive Communications addressed different impacts of the 496 internet on association and assembly and raised three particular 497 issues worthy to note here: 499 1. Organization of protests. Internet and social media are enablers 500 of protests, such as it was seen in the "Arab Spring". Some of 501 these protests - like online petitions or campaigns - are similar 502 to offline association and assembly, but other protest forms are 503 inherent to the Internet capacity like hacking, DDOS and are 504 subject to controversy within the Internet community, some people 505 finding it legitimate, and others not. 507 2. Surveillance. While the Internet facilitates association, the 508 association in turn leaves a lot of traces that can be used in 509 turn for law enforcement but also for repressing political 510 dissents. As they note, even the threat of surveillance can have 511 deter facilitation. 513 3. Anonymity and pseudonymity can be useful protection mechanism for 514 those who'd like to attend legitimate association without facing 515 retribution. On the other hand, anonymity can be used to harm 516 society, such as in online fraud or sexual predation. 518 Online association and assembly are the starting point of civic mass- 519 mobilization in modern democracies, and even more so where physical 520 gatherings have been impossible or dangerous [APC]. Throughout the 521 world -from the Arab Spring to Latin American student movements and 522 the #WomensMarch- the Internet has played a crucial role by providing 523 means for the fast dissemination of information otherwise mediated by 524 the press, or even forbidden by the government [Pensado]. According 525 to Hussain and Howard the Internet helped to "build solidarity 526 networks and identification of collective identities and goals, 527 extend the range of local coverage to international broadcast 528 networks" and as platform for contestation for "the future of civil 529 society and information infrastructure" [HussainHoward]. The IETF 530 itself, defined as an 'open global community' of network designers, 531 operators, vendors, and researchers [RFC3233] is also protected by 532 freedom of assembly and association . Discussions, comments and 533 consensus around RFCs are possible because of the collective 534 expression that freedom of association and assembly allow. The very 535 word "protocol" found its way into the language of computer 536 networking based on the need for collective agreement among a group 537 of assembled network users [HafnerandLyon]. 539 [RFC8280] is a paper by the Human Rights Protocol Consideration 540 Resarch Group in the Internet Research Taskforce on internet 541 protocols and human rights that discusses issues of FAA, 542 specifically: 544 * The expansion of DNS for generic namespace as an enabler of 545 association for minorities. The paper argues that specifically 546 the expansion of the DNS to allow for new generic Top Level 547 Domains (gTLDs) can have negative impacts on freedom of 548 association because of restrictive policies by some registries and 549 registrars, on the other hand could gTLDs could also enable 550 communities to build clearly identifiable spaces for association 551 (such as .gay). 553 * The impact of Distributed Denial of Service attacks on freedom of 554 association. Whereas DDoS has been used as a tool for protest, in 555 many cases this is infringing on other parties freedom of 556 expression. Furthermore, often devices (such as IoT devices and 557 routers) are inscribed in such DDoS attacks whereas the owner or 558 user did not consent to this. Thus they do not have the 559 possibility to exit this assembly. Therefore the draft concluded 560 that that IETF "should try to ensure that their protocols cannot 561 be used for DDoS attacks" 563 * The impact of middleboxes on the ability of users to connect to 564 the Internet and therefore their ability to exercise their right 565 to freedom of association and assembly. Lack of connectivity can 566 significantly impact freedom of assembly and association of a 567 user. Especially if the user cannot retrieve the reason for their 568 inability to connect, and if there thus is no possibility to for 569 the user to have access to due process to dispute the lack of 570 (secure or private) connectivity in general or to a specific 571 service. 573 In June 2020, the United Nations High Commissioner for Human Rights 574 concluded that technologies can be enablers of the excercise of FAA, 575 but technology is also significantly used to interfere with the 576 ability of people to exercise their right to freedom of association 577 and assembly. Specifically, the report mentions network shutdowns, 578 the usage of technology to surveil or crack down on protesters, 579 leading to human rights violations. This includes facial recognition 580 technology, and the uses of other ways to violate the (group) privacy 581 of people engaged in an assembly or association. The report makes it 582 explicit that companies play a significant role enabling, for 583 instance by developing, providing or selling the technology, but also 584 by directly exercising these violations [UNHRC2020]. 586 5.3. Specific questions raised from the literature review 588 Here are some questions raised from the literature review that can 589 have implications for protocol design: 591 1. Should protocols be designed to enable legitimate limitations on 592 association in the interests of "national security or public 593 safety, public order (ordre public), the protection of public 594 health or morals or the protection of the rights and freedoms of 595 others", as stated in the ICCPR article 21 [ICCPR]? Where in the 596 stack do we care for FAA? 598 2. Can protocols facilitate agency of membership in associations, 599 assemblies and interactions? 601 3. What are the features of protocols that enable freedom of 602 association and assembly? 604 4. Does protocol development sufficiently consider usable and 605 accessible formats and technologies appropriate for all persons, 606 including those with different kinds of abilities? 608 5. Can a protocol be designed to legitimately exclude someone from 609 an association? 611 In the following sections we attempt to answer these questions with 612 specific examples of standardized protocols in the IETF. 614 6. Analysis 616 As the Internet mediates collective action and collaboration, it 617 impacts on freedom of association and assembly. To answer our 618 research question regarding how internet architecture enables and/or 619 inhibits such human rights, we researched several independent and 620 typical cases related to protocols that have been either adopted by 621 the IETF, or are widely used on the Internet. Our goal is to figure 622 h they facilitate freedom of assembly and association, or how they 623 inhibit it through their design or implementation. 625 We are aware that some of the following examples go beyond the use of 626 Internet protocols and flow over into the application layer or 627 examples in the offline world whereas the purpose of the current 628 document is to break down the relationship between Internet protocols 629 and the right to freedom of assembly and association. Nonetheless, 630 we do recognize that in some cases the line between them and 631 applications, implementations, policies and offline realities are 632 often blurred and hard -if not impossible- to differentiate. 634 We use the literature review to guide our process of inquiry for each 635 case, and to dive deeper in what can be found interesting about each 636 case as it relates to freedom of association. 638 6.1. Got No Peace: Spam and DDoS 640 Should protocols be designed to enable legitimate limitations on 641 association in the interests of “national security or public safety, 642 public order (ordre public), the protection of public health or morals 643 or the protection of the rights and freedoms of others”, as stated in 644 the ICCPR article 21 {{ICCPR}}? Where in the stack do we care for FAA? 646 The 2020 report by the United Nations Special Rapporteur on Human 647 Rights [UNHRC2020] described how technology is often used to limit 648 freedom of assembly and association, such as for instance through 649 network shutdowns and the surveillance of groups. Because access to 650 the Internet is crucial not only for freedom of association and 651 assembly, but also for the right to development, and the right to 652 freedom of expression and information [Nyokabi], the United Nation 653 Special Rapporteur argues that: 655 (b) Avoid resorting to disruptions and shutdowns of Internet or 656 telecommunications networks at all times and particularly during 657 assemblies, including those taking place in electoral contexts 658 and during times of unrest; 659 Whereas the states have the obligation to protect human rights, there 660 has been an increasing call for non-state actors, such as companies, 661 to respect human rights [UNGPBHR]. The UN adopted guiding principles 662 on business and human rights [UNGPBHR] and talks within the HRC are 663 ongoing about an international legally binding instrument to regulate 664 the activities of transnational corporations and other business 665 enterprises. This includes a chain-responsibility of actors, which 666 means that not just the company's own processes should not negatively 667 impact human rights, but they should also engage in due diligence 668 processes, such as human rights impact assessments. This includes an 669 assessment of whether the products that are sold, or the services 670 that are provided, can be used to engage in human rights violations, 671 or whether human rights violations occur in any stage of the supply 672 chain of the company. If this is the case, measures should be taken 673 to mitigate this. 675 In the case of dual-use technologies, this means that technology 676 could be used for legitimate purposes, but could also be used to 677 limit freedom of association or assembly, it might mean that 678 producers or sellers should limit the parties they sell to, or even 679 better, ensure that the illegitimate use of the technology is not 680 technically possible anymore, or made more difficult. 682 6.1.1. Spam 684 In the 1990s as the internet became more widely adopted, spam came to 685 be defined as irrelevant or unsolicited messages that were posted 686 many times to multiple news groups or mailing lists [Marcus]. Here 687 the question of consent, but also harm, are crucial. In the 2000s a 688 large part of the discussion revolved around the fact that certain 689 corporations. protected by the right to freedom of association, 690 considered spam to be a form of "commercial speech", thus encompassed 691 by free expression rights [Marcus]. Yet spam can be not only a 692 nuisance, but a threat to systems and users. 694 This leaves us with an interesting case around spam mitigation: spam 695 is currently handled mostly by mail providers on behalf of the user. 696 Next to that, countries are increasingly adopting regulatory opt-in 697 regimes for mailing lists and commercial e-mail, with a possibility 698 of serious fines in case of violation. Yet many ask is spam not the 699 equivalent of the fliers and handbills ever present in our offline 700 world? The big difference between the proliferation of such messages 701 offline and online is the scale. It is not hard for a single person 702 to message a lot of people online, whereas if that person needed to 703 go house by house the scale and impact of their actions would be much 704 smaller. Inversely if it were a common practice to expose people to 705 unlimited unwanted messages online, users would be drowned in such 706 messages. This puts a large burden on filtering, and in both 707 filtering and sifting through many message, other expressions would 708 be drowned out and would be severely hampered. Allowing illimited 709 sending of unsolicited messages would be a blow against freedom of 710 speech: when everyone talks, nobody listens. 712 Here the argument is very similar to DDoS attacks, considered next: 713 Legitimate uses of online campaigning, or online protesting, are 714 drowned out by a malicious use which constitutes an attack on the 715 internet infrastructure and thus the assembly or association itself. 717 6.1.2. DDoS 719 Distributed Denial of Service attacks are leveled against a server or 720 service by a controller of a host or multiple hosts by overloading 721 the server or service's bandwidth or resources (volume-based floods) 722 or exploit protocol behaviours (protocol attacks). DDoS attacks can 723 thus stifle and complicate the rights to assemble online for media 724 and human rights organisations whose websites are the target of DDoS. 725 At the same time there are comparisons made between DDoS attacks and 726 sit-in protests [Sauter]. However the main distinction is 727 significant: only a small fragment of "participants" (from 728 controllers to compromised device owners) in DDoS attacks are aware 729 or willing [RFC8280]. Notably DDoS attacks are increasingly used to 730 commit crimes such as extortion, which infringe on others' human 731 rights. 733 Because of the interrelation of technologies, it cannot be said that 734 there is one point in the technical stack where one can locate the 735 characteristics of "peaceful" or "non-peaceful" association visible 736 to protocol developers. In the cases of spam blocking and DDoS 737 mitigation, "peaceful or non-peaceful" is not a meaningful heuristic, 738 or even characteristic, of problematic content. If anything, their 739 commonality is their unrequested and nature, next to scale and 740 volume. This allows us to draw the conclusion that DDoS and spam are 741 not examples of freedom of association or assembly. 743 6.2. Holistic Agency: Mailing Lists and Spam 745 Can protocols facilitate agency of membership in associations, 746 assemblies and interactions? 748 6.2.1. Mailing lists 750 Since the beginning of the Internet mailing lists have been a key 751 site of assembly and association [RFC0155] [RFC1211]. In fact, 752 mailing lists were one of the Internet's first functionalities 753 [HafnerandLyon]. 755 In 1971 four years after the invention of email, the first mailing 756 list was created to talk about the idea of using Arpanet for 757 discussion. What had initially propelled the Arpanet project forward 758 as a resource sharing platform was gradually replaced by the idea of 759 a network as a means of bringing people together [Abbate]. More than 760 45 years after, mailing lists are pervasive and help communities to 761 engage, have discussions, share information, ask questions, and build 762 ties. Even as social media and discussion forums grow, mailing lists 763 continue to be widely used [AckermannKargerZhang] and are still a 764 crucial tool to organise groups and individuals around themes and 765 causes [APC3]. 767 Mailing lists' pervasive use are partly explained because they allow 768 for "free" association: people subscribe (join) and unsubscribe 769 (leave) as they please, and it functions on low bandwith connections. 770 Mailing lists also allow for association of specific groups on closed 771 lists. This free association online enables agency of membership, a 772 key component of freedom of association and assembly. 774 6.2.2. Spam 776 As we mentioned before, there are interesting implications for 777 freedom of association and assembly when looking at spam mitigation. 778 Here we want to specifically note that if we consider that the rights 779 to assembly and association also mean that "no one may be compelled 780 to belong to an association" [UDHR], spam infringes both rights if an 781 op-out mechanism is not provided and people are obliged to receive 782 unwanted information, or be reached by people they do not know. 784 6.3. Civics in Cyberspace: Messaging, Conferencing, and Networking 786 What are the features of protocols that enable freedom of 787 association and assembly? 789 Civic participation is often expressed as the freedom to associate 790 and assemble, along with a whole other set of enabling rights such as 791 freedom of expression and the right to privacy. Former UN Special 792 Rapporteur David Kaye established a strong relationship between 793 technology that allows anonymity and uses encryption have positive 794 effects on freedom of expression [Kaye]. Here we look at messaging, 795 such as email, mailing lists and internet relay chat; video 796 conferencing and peer-to-peer networking protocols to investigate the 797 common features that enable freedom of association and assembly 798 online. 800 6.3.1. Email 802 Similarly to freedom of expression's enabling and universal right to 803 impart one's ideas openly, "the right to whisper", or 804 confidentiality, is the ability to limit to whom one imparts one's 805 ideas. An encrypted email project, the LEAP Encryption Access 806 Project, says, "like free speech, the right to whisper is a necessary 807 precondition for a free society. Without it, civil society 808 languishes and political freedoms are curtailed. As the importance 809 of digital communication for civic participation increases, so too 810 does the importance of the ability to digitally whisper." [LEAP] 812 6.3.2. Mailing lists 814 Not only are mailing lists a good example of how protocols can 815 facilitate the necessary ingredient of agency in freedom of 816 association, mailing lists are an example of messaging technology 817 that has other features that enable freedom of association and 818 assembly. 820 The archival function of mailing lists allows for posterior 821 accountability and analysis. The ubiquity and interoperability of 822 email, and by extension email lists, provides a low barrier to entry 823 to an inclusive medium. 825 Association and assembly online can be undermined when right to 826 privacy is at risk. And one of the downsides of mailing lists are 827 similar to the privacy and security concerns generally associated 828 with email. At least with email, end-to-end encryption such as 829 OpenPGP [RFC4880] and S/MIME [RFC5751] can keep user communications 830 authenticated and confidential. With mailing lists, this protection 831 is not as possible because with many lists the final recipients are 832 typically not known by the sender. There have been experimental 833 solutions to address this issue such as Schleuder [Schleuder], but 834 this has not been standardized or widely deployed. 836 6.3.3. IRC 838 Internet Relay Chat (IRC) is an application layer protocol that 839 enables communication in the form of text through a client/server 840 networking model [RFC2810]. In other words, a chat service. IRC 841 clients are computer programs that a user can install on their 842 system. These clients communicate with chat servers to transfer 843 messages to other clients. Features of IRC include: federated 844 design, transport encryption, one-to-many routing, creation of topic- 845 based "channels", and spam or abuse moderation. 847 For the purposes of civic participation and freedom of association 848 and assembly in particular it is critical that IRC's federated design 849 allows many interoperable, yet customisable, instances and basic 850 assurance of confidentiality through transport encryption. We 851 investigate the particular aspect of agency in membership through 852 moderation in the section 'Block Together Now: IRC and Refusals' 853 below. 855 6.3.4. WebRTC 857 Multi-party video conferencing protocols like WebRTC [RFC6176] 858 [RFC7118] allow for robust, bandwidth-adaptive, wideband and super- 859 wideband video and audio discussions in groups. However, it comes 860 with many different configuration options, which can leave users open 861 to unexpected privacy leakages: 863 ‘The WebRTC protocol was designed to enable responsive real-time 864 communications over the Internet, and is instrumental in 865 allowing streaming video and conferencing applications to run in 866 the browser. In order to easily facilitate direct connections 867 between computers (bypassing the need for a central server to act 868 as a gatekeeper), WebRTC provides functionality to automatically 869 collect the local and public IP addresses of Internet users (ICE 870 or STUN). These functions do not require consent from the user, 871 and can be instantiated by sites that a user visits without their 872 awareness. The potential privacy implications of this aspect of 873 WebRTC are well documented, and certain browsers have provided 874 options to limit its behavior.’ {{AndersonGuarnieri}} 876 Even though some multi-party video conferencing tools facilitate 877 freedom of assembly and association, their own configuration might 878 might pose concrete risks for those who use them. On the one hand 879 WebRTC is providing resilient channels of communications, but on the 880 other hand it also exposes information about those who are using the 881 tool which might lead to increased surveillance, identification and 882 the consequences that might be derived from that. This is especially 883 concerning because the usage of a VPN does not protect against the 884 exposure of IP addresses [Crawford]. 886 The risk of surveillance is also exists in an offline space, but this 887 is generally slight easier to analyze for the end-user. Security and 888 privacy expectations of the end-user could be either improved or made 889 explicit. This in turn would result in a more secure and/or private 890 exercise of the right to freedom of assembly or association. 892 6.3.5. Peer-to-peer networking 894 At the organizational level, peer production is one of the most 895 relevant innovations from Internet mediated social practices. 896 According to [Benkler] these networks imply 'open collaborative 897 innovation and creation, performed by diverse, decentralized groups 898 organized principally by neither price signals nor organizational 899 hierarchy, harnessing heterogeneous motivations, and governed and 900 managed based on principles other than the residual authority of 901 ownership implemented through contract.' [Benkler]. 903 In his book The Wealth of Networks, [Benkler2] significantly expands 904 on his definition of commons-based peer production. In his view, 905 what distinguishes commons-based production is that it doesn't rely 906 upon or propagate proprietary knowledge: "The inputs and outputs of 907 the process are shared, freely or conditionally, in an institutional 908 form that leaves them equally available for all to use as they choose 909 at their individual discretion." [Benkler2]. To ensure that the 910 knowledge generated is available for free use, commons-based projects 911 are often shared under an open license 913 Peer-to-peer (P2P) is essentially a model of how people interact in 914 real life because "we deal directly with one another whenever we wish 915 to" [Vu]. Usually if we need something we ask our peers, who in turn 916 refer us to other peers. In this sense, the ideal definition of P2P 917 is that "nodes are able to directly exchange resources and services 918 between themselves without the need for centralized servers" where 919 each participating node typically acts both as a server and as a 920 client [Vu]. [RFC5694] has defined it as peers or nodes that should 921 be able to communicate directly between themselves without passing 922 intermediaries, and that the system should be self-organizing and 923 have decentralized control [RFC5694]. With this in mind, the 924 ultimate model of P2P is a completely decentralized system, which is 925 more resistant to speech regulation, immune to single points of 926 failure and has a higher performance and scalability. Nonetheless, 927 in practice some P2P systems are supported by centralized servers and 928 some others have hybrid models where nodes are organized into two 929 layers: the upper tier servers and the lower tier common nodes [Vu]. 931 Since the ARPANET project, the original idea behind the Internet was 932 conceived as what we would now call a peer-to-peer system [RFC0001]. 933 Over time it has increasingly shifted towards a client/server model 934 with "millions of consumer clients communicating with a relatively 935 privileged set of servers" [NelsonHedlun]. 937 Whether for resource sharing or data sharing, P2P systems are 938 enabling freedom of assembly and association. Not only do they allow 939 for effective dissemination of information, but they leverage 940 computing resources by diminishing costs allowing for the formation 941 of open collectives at the network level. At the same time, in 942 completely decentralized systems the nodes are autonomous and can 943 join or leave the network as they want -a characteristic that makes 944 the system unpredictable: a resource might be only sometimes 945 available, and some other resources might be missing or incomplete 946 [Vu]. Lack of information might in turn makes association or 947 assembly more difficult. 949 Additionally, when architecturally assessing the role of P2P systems 950 we could say that: "the main advantage of centralized P2P systems is 951 that they are able to provide a quick and reliable resource locating. 952 Their limitation, however, is that the scalability of the systems is 953 affected by the use of servers. While decentralized P2P systems are 954 better than centralized P2P systems in this aspect, they require a 955 longer time in resource locating. As a result, hybrid P2P systems 956 have been introduced to take advantage of both centralized and 957 decentralized architectures. Basically, to maintain the scalability, 958 similar to decentralized P2P systems, there are no servers in hybrid 959 P2P systems. However, peer nodes that are more powerful than others 960 can be selected to act as servers to serve others. These nodes are 961 often called super peers. In this way, resource locating can be done 962 by both decentralized search techniques and centralized search 963 techniques (asking super peers), and hence the systems benefit from 964 the search techniques of centralized P2P systems." [Vu]. 966 6.4. Universal Access: The Web 968 Does protocol development sufficiently consider usable and accessible 969 formats and technologies appropriate for persons with different kinds 970 of abilities? 972 The W3C has done significant work to ensure that the Web is 973 accessible to people with diverse physical abilities [W3C]. The 974 implementation of these accessibility standards for instance help 975 people who have issues with seeing or rendering images to understand 976 what the image actually contains. Making the web more accessible for 977 people with diverse physical abilities enables them to excercise 978 their right to online assembly and association. While there are 979 accessibility standards implemented for the web, this is less the 980 case for the Internet. 982 The IETF uses English as its primary working language, both in its 983 documentation and in its communication. This is also the case for 984 reference implementations. It is estimated that roughly 20% of the 985 Earth's population speaks English, whereas only 360 million speak 986 English as their first language. [RFC2277] describes that 987 '"Internationalization is for humans. This means that protocols are 988 not subject to internationalization; text strings are.", this implies 989 that protocol developers, as well as people that work with protocols, 990 are not people, or that protocol developers are all in command of the 991 English language. This means that it is significantly easier for 992 people who have a command of the English language to become a 993 protocol developer - and it might lead to the development of separate 994 protocols that are developed within large language communities that 995 are not using the English language or the Latin script. This makes 996 it harder for people who seek to shape their own space of association 997 and assembly on the Internet to do so. And is thus driving these 998 communities into, often proprietary and non-interoperable services 999 such as Facebook. 1001 When Ramsey Nasser developed the Arabic programming language 1002 قلب (transliterated Qalb, Qlb and Alb) [Nasser] he 1003 called it 'engineering performance art' instead of engineering, 1004 because he knew that his language would not work. In part this is 1005 because all modern programming tools are based on the ASCII character 1006 set, which encodes Latin Characters and was originally based on the 1007 English Language. This highlights cultural biases of computer 1008 science and engineering. Despite long significant efforts, it is 1009 still largely impossible to register an email address in a language 1010 such as Devanagari, Arabic, or Chinese. Even if it is possible - it 1011 is to be expected that there will be a significant failure rate in 1012 sending and receiving emails with other services. This makes it 1013 harder for people who do not speak English and/or don't use the 1014 written Latin script to exercise their freedom of association and 1015 assembly. 1017 6.5. Block Together Now: IRC and Refusals 1019 Can a protocol be designed to legitimately exclude someone 1020 from an association? 1022 Previously we spoke about the privacy protecting features of IRC that 1023 enable freedom of association and assembly, including transport 1024 security. But now we turn to the ability to block users and 1025 effectively moderate discussions on IRC as a key feature of the 1026 technology that enables agency in membership, a key aspect of freedom 1027 of association and assembly. 1029 For order to be kept within the IRC network, special classes of users 1030 become "operators" and are allowed to perform general maintenance 1031 functions on the network: basic network tasks such as disconnecting 1032 (temporary or permanently) and reconnecting servers as needed 1033 [RFC2812]. One of the most controversial power of operators is the 1034 ability to remove a user from the connected network by 'force', i.e., 1035 operators are able to close the connection between any client and 1036 server [RFC2812]. 1038 IRC servers may deploy different policies for the ability of users to 1039 create their own channels or 'rooms', and for the delegation of 1040 'operator'-rights in such spaces. Some IRC servers support SSL/TLS 1041 connections for security purposes [RFC7194] which helps stop the use 1042 of packet sniffer programs to obtain the passwords of IRC users, but 1043 has little use beyond this scope due to the public nature of IRC 1044 channels. TLS connections require both client and server support 1045 (that may require the user to install TLS binaries and IRC client 1046 specific patches or modules on their computers). Some networks also 1047 use TLS for server to server connections, and provide a special 1048 channel flag (such as +S) to only allow TLS-connected users on the 1049 channel, while disallowing operator identification in clear text, to 1050 better utilize the advantages that TLS provides. 1052 7. Conclusions: Can we learn anything from the previous case studies? 1054 Communities, collaboration and joint action lie at the heart of the 1055 Internet. Even at a linguistic level, the words "networks" and 1056 "associations" are closely related. Both are groups and assemblies 1057 of people who depend on "links" and "relationships" [Swire]. Taking 1058 legal definitions given in international human rights law and related 1059 normative documents, we could assert that the rights to freedom of 1060 assembly and association protect collective activity online. These 1061 rights protect gatherings by persons for a specific purpose and 1062 groups with a defined aim over time for a variety of peaceful, 1063 expressive and non-expressive, purposes,. It is voluntary and 1064 uncoerced. 1066 Given that the Internet itself was originally designed as a medium of 1067 communication for machines that share resources with each other as 1068 equals [RFC0903], the Internet is now one of the most basic 1069 infrastructures for the right to freedom of assembly and association. 1070 Since Internet protocols and the Internet architecture play a central 1071 role in the management, development and use of the Internet, we 1072 established the relation between some protocols and the right to 1073 freedom of assembly and association. 1075 After reviewing several cases representative of FAA considerations 1076 inherent in protocols standardized at the IETF, we can conclude that 1077 the way in which infrastructure is designed and implemented impacts 1078 people's ability to exercise their freedom of assembly and 1079 association. This is because different technical designs come with 1080 different properties and characteristics. These properties and 1081 characteristics on the one hand enable people to assemble and 1082 associate, but on the other hand also add limiting, or even 1083 potentially endangering, characteristics. More often than not, this 1084 depends on the context. A clearly identified group for open 1085 communications, where messages are sent in cleartext and where 1086 peoples persistent identities are visible, can help to facilitate an 1087 assembly and build trust, but in other contexts the same 1088 configuration could pose a significant danger. Endangering 1089 characteristics should be mitigated, or at least clearly communicated 1090 to the users of these technologies. It is therefore recommended that 1091 the the potential impacts of Internet technologies should be 1092 assessed, reflecting recommendations of various UN bodies and norms. 1094 Lastly, the increasing shift towards closed and non-interoperable 1095 platforms in chat and social media networks have a significant impact 1096 on the distributed and open nature of the Internet. Often these non- 1097 interoperable platforms are built on open-protocols but do not allow 1098 for interoperability or data-portability. The use of social-media 1099 platforms has enabled groups to associate, but it has also rendered 1100 users unable to change platforms, therefore leading to a sort of 1101 "forced association" that inhibits people to fully exercise their 1102 freedom of assembly and association. 1104 8. Acknowledgements 1106 * Fred Baker, Jefsey, and Andrew Sullivan for work on Internet 1107 definitions. 1109 * Stephane Bortzmeyer, ICNL, and Lisa Vermeer for several concrete 1110 text suggestions that found their way in this document. 1112 * Mark Perkins and Gurshabad for finding a lot of typos. 1114 * Gurshabad Grover, an anonymous reviewer, ICNL, Lisa Vermeer, and 1115 Sandra Braman for full reviews. 1117 * The hrpc mailinglist at large for a very constructive discussion 1118 on a hard topic. 1120 9. Work Space 1122 Current work on this draft is happening at: https://github.com/IRTF- 1123 HRPC/draft-association Pull requests and issues are welcome. 1125 10. Security Considerations 1127 As this draft concerns a research document, there are no security 1128 considerations. 1130 11. IANA Considerations 1132 This document has no actions for IANA. 1134 12. Research Group Information 1136 The discussion list for the IRTF Human Rights Protocol Considerations 1137 Research Group is located at the e-mail address hrpc@ietf.org 1138 (mailto:hrpc@ietf.org). Information on the group and information on 1139 how to subscribe to the list is at 1140 https://www.irtf.org/mailman/listinfo/hrpc 1141 (https://www.irtf.org/mailman/listinfo/hrpc) 1143 Archives of the list can be found at: https://www.irtf.org/mail- 1144 archive/web/hrpc/current/index.html (https://www.irtf.org/mail- 1145 archive/web/hrpc/current/index.html) 1147 13. Informative References 1149 [Abbate] Janet Abbate, ., "Inventing the Internet", Cambridge: MIT 1150 Press (2013): 11. , 2013, 1151 . 1153 [AckermannKargerZhang] 1154 Ackerman, M.S., Karger, D.R., and A.X. Zhang, "Mailing 1155 Lists: Why Are They Still Here, What’s Wrong With Them, 1156 and How Can We Fix Them?", Mit. edu (2017): 1. , 2017, 1157 . 1160 [AndersonGuarnieri] 1161 Anderson, C. and C. Guarnieri, "Fictitious Profiles and 1162 WebRTC's Privacy Leaks Used to Identify Iranian 1163 Activists", 2016, 1164 . 1167 [APC] Association for Progressive Communications and . Gayathry 1168 Venkiteswaran, "Freedom of assembly and association online 1169 in India, Malaysia and Pakistan. Trends, challenges and 1170 recommendations.", 2016, 1171 . 1174 [APC3] Association for Progressive Communications, "Closer than 1175 ever", 2020, . 1177 [APCtraining] 1178 Sauter, D. and Association for Progressive Communications, 1179 "Multimedia training kit", 2013, 1180 . 1183 [Benkler] Benkler, Y., "Peer Production and Cooperation", 2009, 1184 . 1187 [Benkler2] Benkler, Y., "The wealth of Networks - How social 1188 production transforms markets and freedom", New Haven and 1189 London - Yale University Press , 2006, 1190 . 1192 [Bloketal] Blok, A., Nakazora, M., and B.R. Winthereik, 1193 "Infrastructuring Environments", Science as Culture 25:1, 1194 1-22. , 2016. 1196 [Bowker] Bowker, G., "Information mythology and infrastructure", 1197 In: L. Bud (Ed.), Information Acumen: The Understanding 1198 and use of Knowledge in Modern 1199 Business,Routledge,London,1994,pp.231-247 , 1994. 1201 [CERD] United Nations, "Convention on the Elimination of all 1202 forms of Racial Discrimination", 1966, 1203 . 1206 [CoE] Council of Europe, "Freedom of assembly and association on 1207 the Internet", 2015, 1208 . 1212 [Crawford] Crawford, D., "The WebRTC VPN “Bug” and How to Fix", 2015, 1213 . 1216 [CRC] Wikipedia, ., "Lorum", 2000, 1217 . 1220 [CRPD] United Nations, "Convention on the Rights of Persons with 1221 Disabilities", 2007, 1222 . 1225 [FoAdef] Wikipedia, "Freedom of association", 2021, 1226 . 1228 [Glasius] Glasius, M., Schalk, J., and M. De Lange, "Illiberal Norm 1229 Diffusion: How Do Governments Learn to Restrict 1230 Nongovernmental Organizations?", 2020, 1231 . 1233 [HafnerandLyon] 1234 Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late. 1235 The Origins of the Internet", First Touchstone Edition 1236 (1998): 93. , 1998, . 1238 [HRPC-charter] 1239 Human Rights Protocol Consideration RG, ., "Charter for 1240 Research Group", 2015, 1241 . 1243 [HussainHoward] 1244 Hussain, M.M. and P.N. Howard, "What Best Explains 1245 Successful Protest Cascades? ICTs and the Fuzzy Causes of 1246 the Arab Spring", Int Stud Rev (2013) 15 (1): 48-66. , 1247 2013, . 1249 [ICCPR] United Nations General Assembly, "International Covenant 1250 on Civil and Political Rights", 1966, 1251 . 1254 [Kaye] Kaye, D., "The use of encryption and anonymity in digital 1255 communications", 2015, 1256 . 1259 [LEAP] LEAP, "The Right to Whisper", 2020, 1260 . 1262 [Loi] Loi, M. and M. Christen, "Two Concepts of Group Privacy", 1263 2020, . 1266 [Mainwaringetal] 1267 Mainwaring, S.D., Chang, M.F., and K. Anderson, 1268 "Infrastructures and Their Discontents: Implications for 1269 Ubicomp", DBLP Conference: Conference: UbiComp 2004: 1270 Ubiquitous Computing: 6th International Conference, 1271 Nottingham, UK, September 7-10, 2004. Proceedings , 2004, 1272 . 1275 [Marcus] Marcus, J., "Commercial Speech on the Internet: Spam and 1276 the first amendment", 1998, . 1279 [Nasser] Nasser, R., "قلب", 2013, 1280 . 1282 [NelsonHedlun] 1283 Minar, N. and M. Hedlun, "A Network of Peers: Models 1284 Through the History of the Internet", Peer to Peer: 1285 Harnessing the Power of Disruptive Technologies, ed: Andy 1286 Oram , 2001, . 1291 [Nyokabi] Nyokabi, D.M., Diallo, N., Ntesang, N.W., White, T.K., and 1292 T. Ilori, "The right to development and internet 1293 shutdowns: Assessing the role of information and 1294 communications technology in democratic development in 1295 Africa", 2019, 1296 . 1300 [Pensado] Jaime Pensado, ., "Student Activism. Utopian Dreams.", 1301 ReVista. Harvard Review of Latin America (2012). , 2012, 1302 . 1304 [PipekWulf] 1305 Pipek, V. and W. Wolf, "Infrastructuring: Towards an 1306 Integrated Perspective on the Design and Use of 1307 Information Technology", Journal of the Association for 1308 Information Systems (10) 5, pp. 306-332 , 2009. 1310 [RFC0001] Crocker, S., "Host Software", RFC 1, DOI 10.17487/RFC0001, 1311 April 1969, . 1313 [RFC0155] North, J., "ARPA Network mailing lists", RFC 155, 1314 DOI 10.17487/RFC0155, May 1971, 1315 . 1317 [RFC0903] Finlayson, R., Mann, T., Mogul, J., and M. Theimer, "A 1318 Reverse Address Resolution Protocol", STD 38, RFC 903, 1319 DOI 10.17487/RFC0903, June 1984, 1320 . 1322 [RFC1211] Westine, A. and J. Postel, "Problems with the maintenance 1323 of large mailing lists", RFC 1211, DOI 10.17487/RFC1211, 1324 March 1991, . 1326 [RFC1771] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP- 1327 4)", RFC 1771, DOI 10.17487/RFC1771, March 1995, 1328 . 1330 [RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation, 1331 selection, and registration of an Autonomous System (AS)", 1332 BCP 6, RFC 1930, DOI 10.17487/RFC1930, March 1996, 1333 . 1335 [RFC1958] Carpenter, B., Ed., "Architectural Principles of the 1336 Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, 1337 . 1339 [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and 1340 Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, 1341 January 1998, . 1343 [RFC2810] Kalt, C., "Internet Relay Chat: Architecture", RFC 2810, 1344 DOI 10.17487/RFC2810, April 2000, 1345 . 1347 [RFC2812] Kalt, C., "Internet Relay Chat: Client Protocol", 1348 RFC 2812, DOI 10.17487/RFC2812, April 2000, 1349 . 1351 [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, 1352 RFC 3233, DOI 10.17487/RFC3233, February 2002, 1353 . 1355 [RFC4084] Klensin, J., "Terminology for Describing Internet 1356 Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, 1357 May 2005, . 1359 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 1360 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 1361 DOI 10.17487/RFC4271, January 2006, 1362 . 1364 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. 1365 Thayer, "OpenPGP Message Format", RFC 4880, 1366 DOI 10.17487/RFC4880, November 2007, 1367 . 1369 [RFC5694] Camarillo, G., Ed. and IAB, "Peer-to-Peer (P2P) 1370 Architecture: Definition, Taxonomies, Examples, and 1371 Applicability", RFC 5694, DOI 10.17487/RFC5694, November 1372 2009, . 1374 [RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet 1375 Mail Extensions (S/MIME) Version 3.2 Message 1376 Specification", RFC 5751, DOI 10.17487/RFC5751, January 1377 2010, . 1379 [RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer 1380 (SSL) Version 2.0", RFC 6176, DOI 10.17487/RFC6176, March 1381 2011, . 1383 [RFC7118] Baz Castillo, I., Millan Villegas, J., and V. Pascual, 1384 "The WebSocket Protocol as a Transport for the Session 1385 Initiation Protocol (SIP)", RFC 7118, 1386 DOI 10.17487/RFC7118, January 2014, 1387 . 1389 [RFC7194] Hartmann, R., "Default Port for Internet Relay Chat (IRC) 1390 via TLS/SSL", RFC 7194, DOI 10.17487/RFC7194, August 2014, 1391 . 1393 [RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights 1394 Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280, 1395 October 2017, . 1397 [RutzenZenn] 1398 Rutzen, D. and J. Zenn, "Association and Assembly in the 1399 Digital Age", The International Journal of Not-for-Profit 1400 Law, Volume 13, Issue 4 , December 2011. 1402 [Sauter] Sauter, M., "The Coming Swarm", Bloomsbury , 2014. 1404 [Schleuder] 1405 Nadir, "Schleuder - A gpg-enabled mailinglist with 1406 remailing-capabilities.", 2017, 1407 . 1409 [Stanford] Brownlee, K. and D. Jenkins, "Freedom of Association", 1410 2019, 1411 . 1413 [Swire] Peter Swire, ., "Social Networks, Privacy, and Freedom of 1414 Association: Data Empowerment vs. Data Protection", North 1415 Carolina Law Review (2012) 90 (1): 104. , 2012, 1416 . 1419 [Troncosoetal] 1420 Troncoso, C., Isaakdis, M., Danezis, G., and H. Halpin, 1421 "Systematizing Decentralization and Privacy: Lessons from 1422 15 Years of Research and Deployments", Proceedings on 1423 Privacy Enhancing Technologies ; 2017 (4):307-329 , 2017, 1424 . 1427 [UDHR] United Nations General Assembly, "The Universal 1428 Declaration of Human Rights", 1948, 1429 . 1431 [UNGA] Hina Jilani, ., "Human rights defenders", A/59/401 , 2004, 1432 . 1435 [UNGC37] United Nations Human Rights Committee, "Human Rights 1436 Committee “General comment No. 37 (2020) on the right of 1437 peaceful assembly (article 21)”, CCPR/C/GC/3", 2020, 1438 . 1442 [UNGPBHR] United Nations, "Guiding Principles on Business and Human 1443 Rights", 2011, 1444 . 1447 [UNHRC2018] 1448 United Nations Human Rights Council, "UN Human Rights 1449 Council Resolution 'The promotion, protection and 1450 enjoyment of human rights on the Internet' (A/HRC/32/ 1451 L.20)", 2016, 1452 . 1454 [UNHRC2020] 1455 Michelle Bachelet, . and United Nations, "Impact of new 1456 technologies on the promotion and protection of human 1457 rights in the context of assemblies, including peaceful 1458 protests. Report of the United Nations High Commissioner 1459 for Human Rights A/HRC/44/24, 2020", 2000, 1460 . 1463 [UNSRFAA2012] 1464 Maina Kiai, ., "Report of the Special Rapporteur on the 1465 rights to freedom of peaceful assembly and of 1466 association", A/HRC/20/27 , 2012, 1467 . 1470 [UNSRFAA2019] 1471 Clément Voule, . and United Nations, "Report of the 1472 Special Rapporteur on the rights to freedom of peaceful 1473 assembly and of association", 2019, 1474 . 1476 [UNSRFOAA2012] 1477 Maina Kiai, . and United Nations, "Report of the Special 1478 Rapporteur on the rights to freedom of peaceful assembly 1479 and of association", A/HRC/20/27", 2012, 1480 . 1483 [ViennaDeclaration] 1484 United Nations, "Vienna Declaration and Programme of 1485 Action", 1993, 1486 . 1489 [Vu] Vu, Quang Hieu, ., Lupu, Mihai, ., and . Ooi, Beng Chin, 1490 "Peer-to-Peer Computing: Principles and Applications", 1491 2010, . 1493 [W3C] W3C, "Accessibility", 2015, 1494 . 1496 Authors' Addresses 1498 Niels ten Oever 1499 University of Amsterdam 1500 Email: mail@nielstenoever.net 1502 Gisela Perez de Acha 1503 Derechos Digitales 1504 Email: gisela@derechosdigitales.org 1506 Stéphane Couture 1507 Université de Montréal 1508 Email: stephane.couture@umontreal.ca 1510 Mallory Knodel 1511 Center for Democracy & Technology 1512 Email: mknodel@cdt.org