NordVPN Promotion

Home / Blogs

IETF’s Descent Into the Political Rabbit Hole

The Internet Engineering Task Force (IETF) has a curious, non-linear history as a “non-organization” of technical innovators now approaching 47 years. As it approaches a landmark 100th official meeting, it has become embroiled in a controversy that takes it further down the political rabbit hole it has been deepening in recent years.

The IETF is considering cancelling its 100th meeting now scheduled in Singapore in November 2017 at a cost of US$80,000 in cancellation fees (for somebody), and eschewing US$150,000 in incentives, because “concerns were raised about anti-LGBT laws.” The controversy is now playing out on censored IETF lists, but at least one party making it through the IETF list gate-keepers opined:

If we were to go down this path, principled as it might be, is there anywhere we can meet physically at all?
http://www.telegraph.co.uk/news/worldnews/...
I can’t think of many countries that aren’t violating basic human rights in some way or the other…

Sadly missing is any sense of balance here. Singapore is in many ways one of the most progressive Administrations in the region. What it has achieved in helping bring telecommunication and Internet services on a large scale to the entire region and beyond is legendary and commendable. So someone has found some legislation on its books that is objectionable, but little if ever enforced. If that same tactic was used on other venues—including most in the U.S. over the decades—you would likely find equal or even more objectionable provisions in law. Cancelling here seems patently discriminatory, and counterproductive.

Although the matter remains unresolved, this gambit represents the latest episode in the IETF’s descent down the political rabbit hole over the past couple of decades. It is ironic for an organization which for its first decade and a half served as the technical thinktank for the U.S. Defense Advanced Research Projects Agency (DARPA)—probably the IETF’s most successful and innovative period.

After the IETF became adopted by the U.S. National Science Foundation in the 1980s, its diversity increased—as did some inevitable nudging into technical controversies that existed at the time over which internet protocols and applications would prevail for what John Quarterman described as The Matrix. (Unfortunately, that term was colored by the popular motion picture trilogy.) This part of the IETF’s evolution also enabled a certain organizational activism.

As the IETF continued to exist on a government dole, the participants asserted a purist position of being a non-organization—refusing to incorporate. That necessitated certain legal “patches”—namely the Internet Society assuming responsibility for the intellectual property, for formal relationships with intergovernmental bodies like the ITU, and providing significant liability insurance for those in decision making positions.

As the intoxicating years of the DARPA TCP/IP platforms trouncing all the other connectionless internets in the 1990s progressed, it became a commercially viable overlay within the global telecommunication infrastructure together with the global mobile networks that were even more pervasive and successful. Along the way, the IETF was as able to maintain the mythology that it was the keeper of the world’s internet standards and cobbled together its own funding.

The real political rabbit hole emerged in the new millennium as IETF political activists began going after the government hand that once fed it. They got on a high-horse and issued an activist’s manifest in the form of RFC 2804, “IETF Policy on Wiretapping.” In six pages of rambling, incoherent text, the document asserts that no matter the requirements—legal or business—they will not “consider requirements for wiretapping as part of the process for creating and maintaining IETF standards.”

What the IETF political policy did was simply write themselves out of entire technical sectors and shift the work to other venues—a certain outcome when the requirement exists for multiple business, regulatory, law enforcement, and cyber security purposes worldwide in every jurisdiction and setting. At the time, the IETF was a pawn in a growing legal battle in the U.S. over applying existing lawful interception provisions to the Internet and IP Telephony - which was ultimately lost. The requirement already existed everywhere else.

The political rabbit hole became significantly deeper in 2015, when many of the IETF political activists ramped up RFC 2804 to join Edward Snowden adoration and lament the “exploit Internet communications for intelligence purposes.” RFC 7624 leveraged the release of classified information to develop a roadmap and mantra for all future IETF work that must pass a political-correctness test. “Encrypt everything” became the new commandment—never mind that there are also pervasive business and governmental requirements for access to the intelligence for critical capabilities. The IETF has in many ways become dangerous. The only saving grace here is that the IETF—despite being legendary in its own mind - does not control business decisions of service providers and equipment vendors, nor the laws by which nations operate.

So, sadly in conjunction with the IETF’s 100th formal meeting, it finds itself embroiled in yet another political controversy that only diminishes its stature and ability to function. Fortunately there are copious other venues to do the work that are more effective, and are less concerned about meeting political tests.

* The author is, among other things, the onetime Executive Director, member of the initial board of the Internet Society, and a keeper of institutional history.

By Anthony Rutkowski, Principal, Netmagic Associates LLC

The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years.

Visit Page

Filed Under

Comments

Tony works hard to get things wrong Dave Crocker  –  May 26, 2016 8:45 PM

Where to begin?  Certainly Tony sets the stage with his condescending (and entirely and characteristically inaccurate) “non-organization” reference.  And his reference to the IETF mailing list as being censored is quite simply bizarre.  I can only guess what he might be implying, but I won’t waste my (or your) energy trying.  The reference to the IETF as a DARPA thinktank is amusing; while DARPA might have engendered the IETF, it has never been a direct factor in the IETF’s operation. I was the first independent commercial participant in the IETF, in 1987 and many others quickly followed.  Nor was the IETF ever “adopted”—whatever that means—by the NSF.

Tony’s diatribe about the IETF’s “going after the government hand” would be amusing, if it weren’t so misguided and just plain wrong.  Its silliness on its face is perhaps secondary to its factual error: by 2000, the government was long gone as a primary force in Internet development or operations.  Remember that the Internet went mass-market global by about 1994.

To date, the IETF’s forays into technical policy of the type Tony references are really nothing more than saying that the engineering that it does shall be good engineering.  That’s the essence of the RFC 2804 that Tony cites.  Backdoors make for very, very bad engineering.  And Tony takes exception to a policy of insisting that engineering be done well???

Tony appears to have been hooked by the fishing line of exceptional access, ignoring the profound technical and operational problems it creates that, so far, are insurmountable by the expert community that he seems intent on marginalizing.

All of which is remarkably irrelevant to the current IETF controversy, which concerns venues for IETF meetgins and is trying to grapple with a massive social change happening globally, with respect to the rights and non-rights of a significant portion of any group’s population.  Change like this has happened before.  It never happens quickly or easily and it never happens completely. 

We have previous examples of such changes and none is yet ‘finished’. And during the early stages of the changes—as we are now experiencing—the disparities from one place to another are striking.  Any organization seeking to provide an environment supportive of ‘modern’ views of social rights is faced with challenges of the type type the IETF is wrestling with.  As a small example, ignoring laws on the books carries risks on its face, as does ignoring actual daily practice.

Attending to major social change requires caution and serious consideration. 

Tony’s posting contributes nothing positive to those considerations.

d/

and Dave responds as he always has Anthony Rutkowski  –  May 26, 2016 9:58 PM

I’m sorry you read the article negatively, Dave.  We obviously characterize the same facts differently - as we have for decades. It is not unexpected.  Perhaps also not unexpectedly, I’ve received multiple notes strongly concurring with the article.  Different circles of friends; different perspectives.  The intent here is to engender a discussion on significant concerns, not determine orthodoxy.  Your involvement is a good start.

You will recall we strongly differed over the wisdom of your setting up an arrangement with the ITU Secretary-General on assuming DNS legal responsibility.  Arguably, my policy concerns expressed there, seem subsequently accurate.

I have had the luxury in participating in a great many bodies over the years, and thread through perhaps a score of them today - rather less so the IETF.  So I have the luxury of looking in largely from the outside, compare it within the larger ecosystem of similar bodies, and look at trends.  I’m simply an analyst raising a note of caution whether you care to recognize it or not as a longtime inhabitant within the IETF. 

You may blow away the adoration at IETF meetings of a thief of classified information, and pursuing his work across multiple IETF initiatives, as inconsequential, and as just “good engineering.”  Many others would disagree.  If actually implemented, some of those steps could cause considerable harm on multiple levels. 

The IETF is on a slippery road of major political activism that has collateral consequences like pondering the appropriateness of venues and their acceptance of social change.  We probably can agree on the humorous admonition that “social change requires caution” - whatever that means. :-)

Trust all remains well after all these years.  Your advocacy in the email history space is great.  ...and, thanks for the introduction to that fabulous nectar, Laksa.

"The controversy is now playing out on Brian Carpenter  –  May 26, 2016 11:29 PM

“The controversy is now playing out on censored IETF lists.”
There are no censored lists at the IETF, and most of them are unmoderated, apart from anti-spam precautions and provisions to deal with persistent abusive usage (which, no doubt, CircleID has too). For example, Tony is clearly reading the discussion in question, and he posted to the list a few hours ago.

So now we’ve cleared up that misrepresentation, let’s consider Tony’s wild assertion that the “IETF is on a slippery road of major political activism…”
I don’t think so, and Tony, in the best tradition of polemicists, mixes up two totally different things:
1) Security and privacy, where the IETF has been consistent since at least 1996 in objecting for technical reasons to regulatory measures that damage security and privacy. Nobody in the IETF was really surprised by the Snowden revelations: we all knew such things were possible, but it was interesting to get the gory details of how the 5 Eyes countries were actually doing it.
2) Holding a meeting in a place with laws in place that are unacceptable to LGTBQ participants. That’s a practical question: does such a venue damage our ability to get work done at the meeting.

I see no political activism here. I just see an organisation of geeks trying to do its geek work in an imperfect world.

FYI: I am a former Chair of the Internet Society Board of Trustees, a former Chair of the Internet Architecture Board, a former Chair of the IETF itself, and a current technical participant in the IETF.

Brian, you are conveniently ignoring RFCs 7258 Anthony Rutkowski  –  May 27, 2016 12:00 AM

Brian, you are conveniently ignoring RFCs 7258 and 7624 - which take this topic to an entirely new level of political activism and consequences. Taking stolen classified information and developing an entire program of activities based on defeating capabilities is egregious and goes considerably beyond fostering security and privacy. Putting the thief up on video screens at meetings in adoration is offensive to many. That concerted activism threads though multiple IETF groups today, and is rather more than just "geeks trying to do geek work." It was that way decades ago. It is not now. It is also clear that whenever anyone raises concerns about these developments in the IETF (or here), they are disparaged as making "wild assertions," "misrepresentations" and being a "polemicist." They are also encouraged to leave lists whenever raising opposing views. The IETF seems to have become increasingly insular in pursuing what by any measure is a definitive political agenda.

A geek responds... Brian Carpenter  –  May 27, 2016 1:55 AM

For those who don't know, RFC7258 identifies pervasive surveillance as a technical attack on Internet security, and RFC7624 goes into more specific details. That's not political. Nobody can deny that these technological aspects have regulatory implications; the Internet as a whole has regulatory and social implications, and the way they play out is different in every country. But making the basic Internet as secure as we reasonably can is a technical goal. The politicization (is that a word?) is outside the IETF. (I'm not naive: there are privacy polemicists too, but read those documents and judge for yourself whether they are technical or not.) "They are also encouraged to leave lists whenever raising opposing views." Evidence, please. Occasionally, people are asked to to tone it down, but actually posting bans are extremely rare in the IETF, and have only happened when there was a very widespread perception of abuse.

Politically oblivious geeks The Famous Brett Watson  –  May 27, 2016 10:37 AM

That's not political.
Oh, yes it is! And that's partly indicative of the problem here. I'm quite sympathetic to the "surveillance is an attack" stance, but to think of it as apolitical is a terrible, terrible mistake. The only thing worse than a political activist who thinks he is merely promoting common sense, is the technologist with a political agenda who thinks he's engaging in pure, apolitical engineering. Security is politics: it is exactly about enforcing policies, and selecting which kinds of policies can be enforced. Failure (or refusal) to recognise that simply makes one the kind of ideologue who can not be reasoned with, and must therefore be treated as an enemy by one's ideological opponents. For the record, this is the most engaging argument I've seen on CircleID in a long time. It has about the right amount of fire on both sides, and neither side is without its flaws. Anthony, you are a polemicist, but I think you're doing it constructively. There's a fine line between ruffling feathers and attacking, and I think that feathers are being appropriately ruffled here. And if factual inaccuracies are being introduced, they are not going unchallenged. I'm not across the Singapore issues, specifically, but let me make this observation: I would decline to attend any IETF meeting (or pretty much anything else) held in the USA because of my principled objection to being fingerprinted on arrival in the country. I'm sure I'm not alone in that regard, but that doesn't mean you should consider banning the USA as a venue for such meetings. You should certainly take it into consideration, much as you should consider whether or not the participants can accommodate the choice of venue for other, purely practical reasons (like general distance and cost), but to give it special consideration is to join me in my token political activism. At first glance, however, I don't see how this potential cancellation can be anything but a political stunt, or an admission of incompetence. If there were enough up-front objections expressed among the participants in relation to the venue, then the place should never have been booked. If people are only just starting to kick up a fuss about it now, then let individual members boycott as they feel they must, but ask them to raise their objections further in advance next time. To back out now is to be made into a political tool, if nothing else. The IETF mantra has long been "rough consensus and running code." If rough consensus was reached in regards to the venue, then proceed with it. If it wasn't, then admit the error but proceed anyhow: fix that mistake in the next iteration. To do otherwise does indeed smack of political activism, as Anthony suggests, and that is the core of the thesis here. To my way of thinking, any such digression into activism is utterly toxic to an engineering task force: it invites politics into the engineering process in the worst way, producing a politically-aligned body of engineers. I'd rather be dealing with a group of engineers who are making a conscious effort to set aside their political differences, thanks.

Engineer as anarchist Anthony Rutkowski  –  May 27, 2016 2:42 PM

A good overview, Brett. You forgot the preface to your quote, however, which is "we reject kings, presidents, and voting." One could write an entire book on the history of the IETF as a political instrument. Indeed, in the early 90s, the concept of engineer anarchists was alive and well in the IETF, and external bodies referred to it as an orthodox religion. Every organization has a lineage and communities attracted to its particular sandbox. I think we are agreed on "digression into activism being toxic" - and at the moment, RFCs 7258 and 7624 and their implementation across the IETF as religious commandments, is about as toxic as it gets.

A technical-legal geek replies Anthony Rutkowski  –  May 27, 2016 2:22 PM

It is preposterous to suggest "that's not political." To stand up world's most notorious cyber criminal at meetings and build RFCs and an institutional agenda around his stolen materials is about as political as it gets. Especially when the result is the effective elimination of network forensics for all kinds of perfectly legitimate and critical requirements. With each passing day, there is considerable related activity occurring on this matter in judicial, legislative, executive, corporate, and standards venues. Characterizing what is the IETF is doing as "making the basic Internet...secure" rather than political action is not an assertion that is accepted in the outside world. And, yes, I was asked to leave perpass after objecting to its course of action as unacceptable. It was clear that opposing views were not welcome.

Also, get significantly more liability insurance for the IETF leadership Anthony Rutkowski  –  May 26, 2016 11:33 PM

The IETF’s following the Snowden agenda and facilitating end-to-end encryption of everything without providing for access to stream information, exposes IETF leadership to considerable penalties. Bonding with Snowden has significant risks for the IETF and its leadership.  The insurance amounts provided by the Internet Society in the early 90s are likely inadequate under the new political-driven agenda.

For example, Cox recently received a $25 million judgement against it for violating the Digital Millennium Copyright Act (DMCA) safe harbor provisions by failing to adequately implement a repeat infringer policy. Consider a litigation hypothetical where one of the well-financed copyright groups brings an action against the IETF leadership for contributory infringement by developing a multi-stream end-to-end encryption protocol that prevents identification of infringers.  The available IETF insurance money might provide a significant incentive.

Consider another hypothetical where somebody suffers major personal and financial harm in a terrorist attack where the non-discovery of the perpetrators resulted from an encryption capability devised by the IETF explicitly undertaken to prevent critical information from being discovered.  The parties suffering the harm or their heirs bring a suit for consequential damages against the IETF leadership.

There are many similar examples that are consequential to political-technical agenda being pursued within the IETF.  The causes of action can also potentially be instituted in any jurisdiction worldwide.  Even if an award doesn’t occur, the litigation costs can be substantial.  Last year, in a ground-breaking case, ETSI was sued for contributory infringement in a standards development case.  Although an agreement was eventually reached, the litigation cost ETSI more than a million dollars.

Huh? Dave Crocker  –  May 27, 2016 3:43 PM

Tony, it is a little difficult to follow your comments and purported concerns, given that you continue to toss off so many unanchored references, fail to respond to specifics and fail to offer them.  Still, you have nicely provided an excuse to remind you and others that the technical work of the IETF has quite a bit of historical basis, long preceding any current furor.  Possibly relevant to issues you are seeking to touch:

1.  Rather than being in response to anyone’s purported recent ‘agenda’[*], the IETF has always valued end-to-end design, which was best articulated in:

    Saltzer, J.H., Reed, D.P., and Clark, D.D., “End-to-End
    Arguments in System Design,” ACM TOCS, Vol 2, Number 4, November
    1984, pp 277-288.

    http://cyberlaw.stanford.edu/e2e/papers/Saltzer_Clark_Reed_Originale2e.pdf

2.  The technical and operational impediments to ‘exceptional access’ have been amply documented in:

    https://www.cl.cam.ac.uk/~rja14/Papers/doormats.pdf

and elsewhere.  I will remind you that it was written by quite a long list of remarkably accomplished security experts.  So anyone claiming that exceptional access is safely feasible needs to provide a competent design and gain agreement among technical experts.  Absent that, claims that it can be achieved with realistic levels of safety fall into the realm of fantasy, not legal liability.

d/


[*] The reference to Snowden is curious on two counts.  First, he’s never been part of any IETF activity, though there was a skype’d session with him outside of an IETF event.  More significantly, what the heck is the reference to “the Snowden agenda”?  Where is this documented and how is it relevant to IETF work.  Details, please!

Whatever Anthony Rutkowski  –  May 27, 2016 5:19 PM

I’m having somewhat the same problem in your direction, Dave.  Let’s ascribe this divergence as we have so many times over the decades to different backgrounds, conceptualizations, and weighing what is relevant, and agree to disagree.  As to your two well-known citations, there are obviously significant divergent perspectives on encryption that get played out constantly in many different fora - confirming that the subject matter is indeed political, and that the IETF leadership ascribes to one side of that debate.

As to agendas, RFC 7624 speaks for itself and makes clear it serves as a benchmark for all subsequent IETF work.  The reference to “Snowden revelations” and entire clauses wrapped around his stolen materials also establish the character of the agenda.  It is difficult to spin this other than a precipitous descent into a political rabbit hole.  A less gracious characterization is that it makes the IETF participants potentially criminally or civilly complicit in the ensuing loss of critical capabilities under the laws in most countries concerning financial services, intellectual property, cyber security, law enforcement, and national security.  Most vendors and providers will likely eschew implementing the resulting specifications, or work around them.  As already opined digression into political activism is toxic.

That’s all.

False divergence Dave Crocker  –  May 27, 2016 6:02 PM

Tony,

“there are obviously significant divergent perspectives on encryption that get played out constantly in many different fora”:  I will ask you to move from your pattern here, of making broad claims that fail to include any specific anchor, and will challenge you to document a view that counters that of Keys Under Doormats and has been formulated by anything close to an equivalent body of technical experts.  Again, absent that, your pronouncements fall in the category of wishful thinking—or political ploy or…well, nothing constructive—and not technical and operational reality.

As for RFC 7624, it’s actually quite easy to ‘spin’ it as something other than going down a political rabbit hole:  for a goal of privacy, pervasive monitoring introduces a new category and degree of threat.  That’s a technical assessment, not a political one. 

As always you are encouraged to counter with substance, though your pattern through this thread doesn’t provide much hope.

d/

Technically true The Famous Brett Watson  –  May 28, 2016 2:46 AM

... for a goal of privacy, pervasive monitoring introduces a new category and degree of threat. That's a technical assessment, not a political one.
Technically true (which is the best kind of true). It's the "for a goal of privacy" part which contains the political element, so the political element is baked in as a "given", framing the problem and dictating the kind of solution to be sought. I'm sympathetic to the politics, but don't kid yourself that it isn't political just because the politics are encapsulated behind a layer of engineering. Peel back the solution, and the problem description is as political as it gets.

"Privacy" is a set of technical functions Dave Crocker  –  May 28, 2016 3:25 AM

Brett, actually, the construct of privacy has nothing to do with politics, any more than putting a lock on your front door or blinds on your windows does. It concerns a person's and organization's ability to control the disclosure of their information. Politics provides surrounding permissions and constraints and excedptions, but that's quite separate from the technical aspects of being able to provide privacy. Like most things in systems design and use, this needs a layered model. We joke about politics being layer 9 of the 7-layer ISO model for networking, but it really is a reasonable reference.

a quantum of solace Anthony Rutkowski  –  May 27, 2016 7:19 PM

On the matter of Keys Under Doormats, the answer is simple.  It is a nice academic exercise similar to many similar ones - almost always motivated by ongoing political developments on which they have their own views.  However, those keys under doormats enable legal obligations to be met with minimal risk of adverse consequences.  Put another way, the comparative benefits of having access to the keys is so divergent that few competent officials responsible for national security have ever weighed the matter differently.  There is a thousand year history of materials over at the National Cryptologic Museum that support that assessment, as well as long histories of international agreements.  One also wonders what some of the Doormat authors would have been doing during the last World War - helping the Third Reich improve their encryption?

As for RFC 7624 - that was undertaken by those whose values are very different than my own.  It is action that seems on its face egregious and immoral; but like you say, it can be spun.  As to countering and hope, the avenues lay in not convincing you, but in the pushback and counter measures of countless bodies other than the IETF, in the business decisions by potential vendors and providers, and in legal systems that will impose penalties on the implementation of the Snowden agenda of RFC 7624.

Dismissing experts Dave Crocker  –  May 27, 2016 7:39 PM

Tony, that’s impressive.  You wave off the forty years of practical expertise in that document, by the folks who literally invented this field of security and you feel competent to class their work as merely ‘academic’.  Even better is that you also fail to supply any concrete reference to substantive technical work that counters their diligent and detailed effort.  Since it doesn’t exist, that’s not a surprise.

And since RFC 7624 was the product of the usual open IETF processes, where was your substantive input to its development and the input of those agreeing with you?

As for ‘spinning’ that was your term, not mine, and indeed it’s all you seem intent on.  My term is “technical analysis”.  That’s what the RFC provides.

The Snowden Agenda is toxic to IETF Anthony Rutkowski  –  May 27, 2016 8:04 PM

What is impressive is the assertion that the latest article written by a group of folks with a well known political-technical agenda they have been pursuing for years, is cited as the definitive finding on the subject.  Next time you are in the neighborhood, try visiting the David Kahn collection at the National Cryptologic Museum.  Or, get a copy of David’s book, The Codebreakers.

There is no way that Snowden agenda of RFC 7624 can be spun as anything other than a toxic gambit for the IETF that dispenses with its technical analysis stature, and makes it complicit in the grievous adverse consequences.

Now to something more pleasant like some good wine and cheese.  That’s all.

The Rutkowski Agenda Dave Crocker  –  May 28, 2016 3:31 AM

So, Tony, you seem to be resorting to nothing more than tired repetitions of your tired, vague, scatological utterances, with a notable lack of even the smallest effort to anchor your accusatory innuendo in any sort of documented substance.  You keep referring back to the experience of prior decades, and indeed, I’d forgotten just how little substance you bring to debate.  Thanks for the reminder.

An IAHC Reunion? Anthony Rutkowski  –  May 28, 2016 12:21 PM

Dave, It goes without saying that we have different constructs and views on these developments and issues. It is also good to see the dialogue such as it is. I also trust that these matters will be resolved in some fashion within our legal systems and business decisions, and whatever anchoring occurs there. What either of us thinks about the subject doesn't really matter in those processes. However, your intervention here in what is an ICANN centric blog, brings back memories of your famous foray into non-technical domains as the father (or at least chief apologist) of the IAHC (International AdHoc Committee) almost twenty years ago. That was a decidedly unanchored attempt to convey the DNS governance to the ITU through a private agreement - although you probably have your own construct. I suppose that wasn't politics either. :-) Any reflections 20 years later?

IAHC Dave Crocker  –  May 28, 2016 2:14 PM

Most folk will not know the reference to the IAHC. As its name states, it was an ad hoc effort; its scope was to formulate a proposal for some additional top-level domain names: International Ad Hoc Committee (IAHC) https://en.wikipedia.org/wiki/IAHC It does not take a careful reading to see that it had nothing to do with DNS governance, per se[*], and nothing to do with conveying anything to the ITU, although one of the ITU's folk was on the committee, along with one of a number of other groups. I was on the committee and edited its report. I'm quite pleased with the work we did. No apologies called for... d/ [*] However in worrying about the administration of a larger number of top-level domain names, it did turn out to develop the term Generic TLD, to formulate proposal for the model of a registrar/registry split that is now in use, and invented a version of the domain name dispute resolution mechanism that was eventually adopted.

An alternative IAHC reality Anthony Rutkowski  –  May 28, 2016 4:25 PM

That is one of the most incredulous alternative recitations of what is generally regarded as one of the Internet's most infamous misadventures. Despite our divergent perspectives here, we can probably have a little fun and policy exploration with a 20th anniversary article and get all of the many people (who are still alive) to provide their views on the matter. I believe I still have my formal petition to the U.S. Dept of State, FCC, and NTIA on the IAHC - that with many other inputs, resulted in a demarche out of the Geneva embassy to the ITU, intervention by the President's chief policy advisor, NTIA's public policy proceeding, the formation of ICANN, and an international treaty resolution. Lots of good anchors and politics there! :-)

Depthless FUD Dave Crocker  –  May 28, 2016 8:30 PM

Tony, while it's probably ok that you feel so inclined to keep broadly slinging mud like this, your persistent failure to ever respond to facts with (relevant) facts really is quite tiresome. You seem entirely unable to engage with relevant specifics. Why is that? By way of example, note that there is nothing in your latest note that actually counters the specifics of the note you were supposedly responding to. But enough of feeding trolls.

Google as salvation Anthony Rutkowski  –  May 28, 2016 10:50 PM

Perhaps one way to exit this seemingly endless loop is to invite readers interested in any of these issues to simply do a Google search to find very large numbers of materials and dialogs at almost any level of desired granularity. Go do your own research - which is relatively easily done these days. And yes, you will find decades old dialogs like this with multiple people including the ones here. On the IAHC in particular, there is reasonably comprehensive treatment of the IAHC in a much broader contemporary context by a recent Brookings Institution report, "Converging on the future of global internet governance." See especially at 9 et seq.

Avoidable vs unavoidable politics The Famous Brett Watson  –  May 28, 2016 4:20 AM

Following up on my own idea of solutions being technical and problems being political, I’d like to draw attention to another distinction which has been more or less overlooked in this argument so far: the distinction between avoidable vs unavoidable politics.

If you’re documenting technical solutions to political problems, as is the essential nature of security-related engineering, then defining the problem is a necessary part of the process. In fact, it’s not only necessary, but important that it be done well. Opposing ideologies cannot reach a compromise on this part of the process: the problem statement will be an ideological instrument, acceptable to some, anathema to others. The only way around this issue is to have separate politically-aligned engineering groups, each producing their own problem statements and associated solutions.

If the IETF (or whatever other engineering body) refuses to support more than one standard along these lines (with clearly distinct problem statements), then it is engaging in partisan politics as well as engineering. To say, “we already have a security standard, we don’t want to create confusion” or similar is all very well, but doesn’t make the position non-partisan: exactly one ideology has received official blessing. The ideological element is unavoidable, but accusations of institutional politics can be avoided so long as solutions are judged on their technical merits, and competing solutions are excluded only to the extent that they actually identify the same problem.

I think it’s probably fair to accuse the IETF of engaging in partisan politics with regards to its framing of the security problem. Only an ideological opponent would call it “anarchist”, but it frames government as a potential threat rather than a trusted ally. If you’ll permit an oversimplification, the analysis has always been that privacy is an all-or-nothing proposition, so total privacy is the goal, including privacy from government eyes. Those who argue for authorised back doors have been rebuffed with the claim that this is effectively no privacy—a fig leaf, as it were—and excluded from the process.

Having said that, I think it’s an open question as to whether the IETF ought to be politically aligned in this regard. I think it is so aligned, as Anthony has said, and perhaps it would have been better if it had avoided such alignment in the first place, but here we are, and going back may not be feasible. The problem as I see it now is one of recognising the politics for what it is, and containing it (if not reversing it).

I’ll deal with the “containment” aspect first, even though recognition must come prior to containment, because the containment problem is (I hope) easier to understand. I’ve mentioned cases where a political problem statement is unavoidable, because the problem statement is intrinsically political and absolutely necessary to formulation of a technical solution. In other cases, however, politics can be avoided, and the issues with the Singapore venue are a case in point. This would seem to be a crossroads at which the IETF can choose to contain its political scope, or become further politically aligned, this time along LGBT lines.

It’s one thing to align on issues where you need to agree on a problem statement in order to find a technical solution; quite another to do so where this is not necessary. To do so alienates participants who might have been able to contribute to the problem. And if this unnecessary piece of politics enters the picture, then what next? Arguments will ensue as to which political alignment is the right one, starting with the easily-won battles where few oppose (and simply choose to leave quietly rather than face overwhelming opposition), but ending in the mire of political bickering among nearly-but-not-quite-like-minded folks determined that their precise framing of the world’s social issues is the right one.

A rabbit hole indeed, and note that at no point along this progression does anyone actually recognise that there are any politics in play. It’s all just a “principled” attempt to do the right thing. That brings me back to the other issue: recognition.

I note that in this discussion so far, Dave Crocker has (not unfairly) accused Anthony of “toss[ing] off so many unanchored references, fail[ing] to respond to specifics and fail[ing] to offer them.” On the other hand, Dave has conspicuously failed to acknowledge the presence of politics in the IETF, sticking to the line of it being purely about the engineering. This lack of recognition is a problem because without recognition there can be no containment, as discussed above, and also because it results in a stone-wall attitude of, “this is not politics, it’s engineering, and reality is not negotiable.”

If you’re going to engage in politics, you should bring some diplomacy skills to the table. The IETF rank and file are, generally speaking, very poorly suited to this task. There tends to be a trade-off between innate social skills and innate technical skills, and IETF participants will naturally gravitate towards the latter end of the spectrum. Stone-walling is all very well for a politically powerful entity, but it’s a poor strategy elsewhere: it invites harsh opposition from ideological opponents who are more powerful than you, and they will bring political weapons to the fight, like lawmaking and litigation—things which can and should be avoided by playing one’s cards right.

The problem at this point, however, is one of failing to recognise the problem.

a good analysis Anthony Rutkowski  –  May 28, 2016 4:38 PM

Just two clarifications.  The reference an anarchy has two connotations here.  A certain technical anarchy has always been part of the IETF’s DNA since its early DARPA days - by design. The intent was to generate new ideas as a DARPA funded and led activity, and it was very successful in the face of the rather constrained other internet efforts ongoing at the time in Europe and within the larger industry-government community as OSI.  Anarchy in the form of pure politics by some participants was also threaded through the IETF in later years.  There is copious written material and books on this topic.

The other clarification goes to surveillance capabilities as essential requirements for all kinds of needs beyond just the usual government intelligence acquisition.  It is essential for cyber security, for law enforcement access to evidence, for implementation of the Digital Millennium Copyright Act and its equivalents worldwide, for effective network management by providers, and for implementation of financial securities regulations.  Some of the requirements have existed since the beginning of social structures, and they are not going to diminish.

The shrill furor… Christopher Wilkinson  –  Jun 2, 2016 4:41 PM

Excuse me. This is not the IETF that I bought into.

1. IETF has been accepted - in some cases reluctantly - as the prime source of Internet standards. For that, an exclusively technical mandate has been required, and as far as I know, generally provided.

2. IETF is a significant partner in the IANA transition and ICANN accountability. In several respects: PTI, IPR … For that to be sustained, a high degree of stability and predictability is required.

So … please get the IETF act together.

CW

PS: Having participated in IAHC POC, IFWP, ECPOP and the initial 1997-98 ICANN transition, I could enter this thread at some length, but No. NOT in an IETF context.

Agreed, except Anthony Rutkowski  –  Jun 2, 2016 6:04 PM

Hi Christopher,

This is not the IETF that many people bought into.  With this said, a lot has changed over the past 20 years.  It is no longer clear what, if anything, the IETF is the prime source for.  It is one of reasons why it was so easy for Snowden and his followers to hijack the IETF and move forward with significant agendas - as is patent in the cited RFCs and many IETF group threads today.  Try a Google search on RFC 7624 or RFC 7258 at the IETF.ORG site.

Today, the global mobile industry promulgates its own internet standards.  The cable industry promulgates theirs.  Major industry players promulgate theirs.  The rapidly growing NFV-SDN industry which is massively shaping the future infrastructure - promulgates theirs in several non-IETF venues.  So what is left for the IETF?  That is unclear; and going down the political rabbit hole doesn’t help.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

NordVPN Promotion