Detrimental effect of IETF Mandates

Over the past fifty years, participants in what began as the DARPA internet community have been turning out diverse technical specifications for TCP/IP network architectures and services. The first twenty years under government agency sponsorship were marked by rather free-wheeling sharing of ideas and collegial accommodation of divergent views typically found in most professional, academic activities. The work was eventually institutionalized in the form of what are now two venerable legacy bodies—the Internet Engineering Task Force (IETF) that is overseen by an Internet Architecture Board (IAB).

However, during the past twenty years, the encouragement of divergent views and culture of accommodation began to disappear through the adoption of mandates that often expressed divisive socio-political views. A kind of self-similar set of perspectives became embedded through a set of pronouncements that began to dictate what work would ensue and what specifications would be developed and what would be shunned. Those involved believed they had a right to decide and dictate through technical specifications, the capabilities available in the global internet marketplace. Anyone who disagreed was encouraged to go elsewhere, and controls were attempted over work in other venues.

This trend of increasing intolerance is not a good one for the internet community, including the venerable institutions involved, especially during a period of rapid industry and technology change. The behavior is being manifested again through the pursuit of a new draft document entitled “The Internet is for End Users” with prominent acknowledgment given to Edward Snowden as inspiration.

The Internet is for End Users draft document

The drafting of this document began a year ago. It begins with a kind of self-assertion of power that the related standards activities under the purview of the IAB control the marketplace “because the underlying decisions afford some uses while discouraging others.” The text underscores the power, stating, “we are defining (to some degree) what is possible on the Internet itself.”

These possibilities are enumerated as “it has helped people overthrow governments and revolutionize social orders, swing elections, control populations, collect data about individuals, and reveal secrets. It has created wealth for some individuals and companies while destroying others.” However, omitted as to “what is possible” are rather massive criminal, terrorist, and cyberattack activities as well as the organized propagation of hate crimes, racism, and xenophobia. These are not insignificant matters, and the bad comes with the good.

This myopia of possibilities is carried over in treating “who are end users” where the existence of malevolent actors is simply ignored. The reality that “end users” may also include nation-state actors attacking elections in another state is not even considered. Indeed, the percentage of malevolent internet end users is not only very large, but typically includes highly motivated, technically knowledgeable, and frequently well-financed parties and groups and cost the world an estimated $6 trillion. Last but not least, internet-connected organizations are increasingly vulnerable to insider threats. The draft simply asserts that “goal” and “measurable success of the Internet” is to “empower users”—without ever attempting to mention, much less treat the potentially disastrous results of empowerment.

The IAB document asserts that the interests of end-users must be prioritized by the IETF “to ensure the long term health of the Internet.” The statement begs basic questions such as how you can ensure anything? What exactly constitutes long term health? What is “the Internet” today? And, what gives the IAB or IETF the right to be making these societal and market choices for the world?

These questions are especially significant in light of “the Internet,” being by definition, a virtual construct that makes use of the largely private network resources and end-point hosts of countless companies and homeowners worldwide. Making a choice to favor human end-users is, in fact, highly discriminatory and represents an allocation of resources that are not the IAB’s or IETF’s right to allocate or ensure.

The draft seeks to implement the proffered prioritization process by “consulting with the greater Internet community.” The proposed approach itself, however, is highly discriminatory. It discards the idea that a “government-sponsored” individual could play a role, but accepts that certain “civil society organizations” could be a “primary channel.” Not surprisingly, its own financial sponsors are accorded recognition. Edward Snowden is explicitly recognized as an especially important channel. An array of its own existing, highly divisive, one-sided pronouncements adopted over the past twenty years are proffered as dispositive mandates concerning network architectures, filtering, surveillance, and encryption.

At the end of the document, the flippant, if not utterly irresponsible position is taken that “if a user can be harmed, they probably will be, somewhere.” It is an amoral abdication of concern and responsibility for what harms that end-users inflict on each other and our societal systems.

The Internet is for All

The concept that “the Internet is for all” is grounded on the reality that it exists as a virtual information network on top of all the shared participant object resources worldwide. All of those participants decide autonomously what they share and to whom and on what basis. While all of those actions are subject to law, no organization has the right or the ability to dictate for those participants worldwide, their basis for sharing—including prioritization. It is the ultimate narcissistic arrogance.

Thirty years ago, when the IAB and IETF operated under U.S. Federal government agencies, it was open, inclusive, diverse, and tolerant. It welcomed, if not encouraged, disparate viewpoints and work. Different protocols were pursued in parallel, and means of interoperation developed. The robust venues were frequently contrasted with more constrained, political, less flexible, slow, and formal network standards bodies. Now—thirty years later—the two standards communities have traded places.

Over the years, the admirable qualities of the IAB and IETF began to erode through two developments. One factor was a kind of institutional distillation of participants and decision-making leadership with largely self-similar views and motivations. Thirty years ago, the IAB composition reflected the principal interested parties in the Internet community. That clearly is not the case today.

Another corrosive development was the adoption of divisive, socio-political mandates for the standards work—some promoted by highly controversial personalities—that have far-reaching consequences and further exacerbated self-similar participant engagement. The frequently highly-charged mandates also had the secondary effect of inciting intolerance of groups and views perceived as hostile. The effects can be seen in the high turnover attendance at IETF meetings in recent years, where nearly two-thirds of the several thousand total attendees over a several-year period attended only once; and descended to only five percent for those who persistently participated.

Useful steps have been taken to remedy some of these institutional challenges and should be expanded. The creation of the IETF Trust and IETF Administration LLCs and expansion of their roles in managing the IAB, IETF and its related bodies can help them become more inclusive and reverse the leadership self-similarity evolution. After many years of silence, the recent public statement on competition law that emphasizes consumer marketplace choice was an extraordinary positive step.

As others have pointed out, pronouncements like The Internet is for End Users are not only far removed from the appropriate role and expertise of the IAB, they also create a toxic collaborative environment that diverges significantly from its original strength—to attract and accommodate multiple academic, government, and industry communities with different protocol and service requirements. Useful next steps would include going back to organizational roots by eliminating the political mandates imposed on the creation of new groups and enable the pursuit of any discussions or work items for which there are some minimal number of participants—as is commonplace in most standards bodies. This should also facilitate collaboration with other standards bodies and enhance IETF viability in a 5G/F5G world. The Internet is for all. The IAB/IETF should embrace that maxim.