- From: Alan Karp <alanhkarp@gmail.com>
- Date: Wed, 5 Jan 2022 11:53:07 -0800
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: Bob Wyman <bob@wyman.us>, GNAP Mailing List <txauth@ietf.org>, W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANpA1Z2WBT69AJ6ynsYCHuOAAoB7F3fn+ebtV3fjBdeYTT-D+Q@mail.gmail.com>
RFCs have a Security Considerations section. Are you suggesting that these groups include a Human Rights Considerations section in addition? -------------- Alan Karp On Wed, Jan 5, 2022 at 7:14 AM Adrian Gropper <agropper@healthurl.com> wrote: > Bob's are important questions in the context of our specific protocol > work. I do not mean to scope this thread to general W3C or IETF groups or > their governance. *Bold* is used below to link to Bob's specific > questions. > > I might also argue to limit the scope to protocols and not VC, DID, > biometric templates, or other data models even though effective standards > for these drive quantitative and possibly qualitative improvements in the > efficiency of surveillance because a common language seems essential to > discussing protocols. Adverse consequences of the efficiency of common > interoperable language can be mitigated at the protocol level. > > I'm responding in personal terms to Bob's questions. *I urge all of us > engaged in the protocol engineering effort to bring their own perspective > on "Human Rights" and to advocate for specific technical solutions in > specific workgroups.* For example, I have chosen to focus attention on > authorization for verifiable credential issue. I hope others will > prioritize human rights impact of authentication protocols especially where > biometrics could be involved. > > *The specific aspects of our protocol work that give rise to human rights > issues relate to the efficiency of standardized digital credentials to > human persons.* What works for drugs in a supply chain or cattle on a > farm can and usually will be misused on people. Also, transferring > responsibility from an issuer to a subject of a VC is a burden that needs > to be recognized and mitigated. With respect to the UDHRs, I would point to > 12 (privacy and confidentiality), 13 (anonymity), 14 (limit the reach of > DHS and other state actors), 17 (the right to associate with and delegate > to others), 18 (associate with and delegate to communities one chooses), 20 > (association, again), 21 (secret elections), 22 (anonymity), 23 (trade > unions as delegates), 24 (burden of managing decisions in an asymmetric > power relationship with the state or with dominant private platforms), 29 > (duties to and scope of the community). > > *I'm suggesting that we formally address the issue of human rights as > applied to the VC-API standardization process.* I'm also suggesting that > we use a process in VC-API that formally harmonizes our work with IETF GNAP. > > Adrian > > On Tue, Jan 4, 2022 at 11:45 PM Bob Wyman <bob@wyman.us> wrote: > >> Adrian, >> Given that you're starting a new thread, I would appreciate it if you >> could do some context setting and clarifying: >> >> - *What do you mean by "Human Rights?" *Hopefully, you won't consider >> that a foolish question. The issue is, of course, that since Internet >> standards are developed in a multicultural, multinational context, it isn't >> obvious, without reference to some external authority, what a >> standards group should classify as a human right. Different cultures and >> governments tend to differ on this subject... As far as I know, the "best" >> source of what might be considered a broad consensus definition of human >> rights is found in the UN's 1948 Universal Declaration of Human Rights >> <https://www.un.org/en/about-us/universal-declaration-of-human-rights> >> (UDHR). >> - Does the UDHR contain the full set of rights that you think >> should be addressed by standards groups? If not, are there additional >> rights that you think should be considered? >> - In his document, Human Rights Are Not a Bug >> <https://www.fordfoundation.org/work/learning/research-reports/human-rights-are-not-a-bug-upgrading-governance-for-an-equitable-internet/>, >> Niels ten Oever refers to the UN Guiding Principles for Business >> and Human Rights >> <https://www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_en.pdf>, >> which adds to the rights enumerated in the UDHR a number of additional >> rights described in the International Labour Organization’s Declaration >> on Fundamental Principles and Rights at Work >> <https://www.ilo.org/declaration/lang--en/index.htm>. Given that >> you appear to endorse ten Oever's report, do you also propose the same >> combined set of rights? (ie. UDHR + ILO DFPRW?) >> - Some have argued that the Internet introduces a need to >> recognize rights that have not yet been enumerated either in the UDHR or in >> any other broadly accepted documents. If this is the case, how is a >> standards group to determine what set of rights they must respect? >> - *What specific aspects of the issues being addressed by this >> community group give rise to human rights issues?* Also, if you >> accept that one or some number of documents contain a useful list of such >> rights, can you identify which specific, enumerated rights are at risk? >> (e.g. if the UDHR is the foundation text, then I assume privacy issues >> would probably be considered in the context of the UDHR's Article 12 >> <https://www.un.org/en/about-us/universal-declaration-of-human-rights#:~:text=Article%2012,interference%20or%20attacks.> >> .) >> - *Are you suggesting that this group should formally address the >> issue of rights*, with some sort of process, or just that we should >> be aware of the issues? >> - ten Oever suggests that "Those who design, standardize, and >> maintain the infrastructure on which we run our information societies, >> should assess their actions, processes, and technologies on their societal >> impact." You apparently agree. Can you say how this should be done? >> - The UN Guiding Principles for Business and Human Rights describe >> a number of procedural steps that should be taken by either governments or >> corporations. Are you aware of a similar procedural description that would >> apply to standards groups? >> - I think it was in the video that it was suggested that, in >> Internet standards documents, "a section on human rights considerations >> should become as normal as one on security considerations." Do you agree? >> If so, can you suggest how such a section would be written? >> >> bob wyman >> >> >> On Tue, Jan 4, 2022 at 9:05 PM Adrian Gropper <agropper@healthurl.com> >> wrote: >> >>> This is a new thread for a new year to inspire deeper cooperation >>> between W3C and IETF. This is relevant to our formal objection issues in >>> W3C DID as well as the harmonization of IETF SECEVENT DIDs and GNAP with >>> ongoing protocol work in W3C and DIF. >>> >>> The Ford Foundation paper attached provides the references. However, >>> this thread should not be about governance philosophy but rather a focus on >>> human rights as a design principle as we all work on protocols that will >>> drive adoption of W3C VCs and DIDs at Internet scale. >>> >>> https://redecentralize.org/redigest/2021/08/ says: >>> >>> *Human rights are not a bug* >>>> Decisions made by engineers in internet standards bodies (such as IETF >>>> <https://www.ietf.org/> and W3C <https://www.w3.org/>) have a large >>>> influence on internet technology, which in turn influences people’s lives — >>>> people whose needs may or may not have been taken into account. In the >>>> report Human Rights Are Not a Bug >>>> <https://www.fordfoundation.org/work/learning/research-reports/human-rights-are-not-a-bug-upgrading-governance-for-an-equitable-internet/> >>>> (see also its launch event >>>> <https://www.youtube.com/embed/qyYETzXJqmc?rel=0&iv_load_policy=3&modestbranding=1&autoplay=1>), >>>> Niels ten Oever asks *“how internet governance processes could be >>>> updated to deeply embed the public interest in governance decisions and in >>>> decision-making culture”*. >>>> “Internet governance organizations maintain a distinct governance >>>> philosophy: to be consensus-driven and resistant to centralized >>>> institutional authority over the internet. But these fundamental values >>>> have limitations that leave the public interest dangerously neglected in >>>> governance processes. In this consensus culture, the lack of institutional >>>> authority grants disproportionate power to the dominant corporate >>>> participants. While the governance bodies are open to non-industry members, >>>> they are essentially forums for voluntary industry self-regulation. Voices >>>> advocating for the public interest are at best limited and at worst absent.” >>>> The report describes how standards bodies, IETF in particular, focus >>>> narrowly on facilitating interconnection between systems, so that *“many >>>> rights-related topics such as privacy, free expression or exclusion are >>>> deemed “too political””*; this came hand in hand with the culture of >>>> techno-optimism: >>>> “There was a deeply entrenched assumption that the internet is an >>>> engine for good—that interconnection and rough consensus naturally promote >>>> democratization and that the open, distributed design of the network can by >>>> itself limit the concentration of power into oligopolies. >>>> This has not proved to be the case.” >>>> To improve internet governance, the report recommends involving all >>>> stakeholders in decision procedures, and adopting human rights impact >>>> assessments (a section on *human rights considerations* should become >>>> as normal as one on *security considerations*). >>>> The report only briefly touches what seems an important point: that >>>> existing governance bodies may become altogether irrelevant as both tech >>>> giants and governments move on without them: >>>> “Transnational corporations and governments have the power to drive >>>> internet infrastructure without the existing governance bodies, through new >>>> technologies that set de facto standards and laws that govern “at” the >>>> internet not “with” it.” >>>> How much would having more diverse stakeholders around the table help, >>>> when ultimately Google decides whether and how a standard will be >>>> implemented, or founds a ‘more effective’ standardisation body instead? >>> >>> >>> Our work over the next few months is unbelievably important, >>> >>> - Adrian >>> >>
Received on Wednesday, 5 January 2022 19:53:33 UTC