RFC 9620: A Call for Human Rights in Internet Protocols
The Internet Research Task Force (IRTF) has released a new document, RFC 9620, aimed at drawing the attention of protocol and architecture developers to critical human rights issues.
The document is informational and does not constitute a mandatory standard. However, its authors hope it will serve as a valuable guide for engineers in the creation and improvement of communication technologies.
RFC 9620 highlights that the technologies used for data transmission can either support or undermine human rights. The document suggests questions developers should ask themselves during the design phase of protocols to assess how their decisions might impact rights such as:
- The right to freedom of expression;
- The right to freedom of information;
- The right to non-discrimination;
- The right to equal protection;
- The right to participate in cultural life, arts, and science;
- The right to freedom of assembly and association;
- The right to privacy;
- The right to security.
For example, if a user is denied access to certain services or content, it may prevent them from disclosing information about abuses by authorities or other organizations. Monitoring their communications could restrict their freedom of assembly or participation in political processes. In extreme cases, data leakage through protocols could lead to serious consequences, including physical danger, when government agencies use the information collected to persecute citizens.
The document recommends evaluating the impact of protocols on human rights during the standard development phase. Among the key considerations suggested are the following:
- Decentralization:
- Can the protocol be deployed without a single point of control?
- Can the protocol operate within a distributed system?
- Does the protocol create additional centralized points of control?
- Censorship Resistance:
- Does the protocol architecture facilitate censorship?
- Does the protocol contain “bottlenecks” that could be exploited to block traffic?
- Can the protocol be made more resilient to censorship?
- Does the protocol provide transparency in restricting access to resources and explain the reasons for such limitations?
- Data Integrity:
- Does the protocol ensure the preservation and accuracy of data?
- Does it prevent deliberate or accidental data alteration?
- Content Signals:
- Does the protocol contain explicit or implicit elements in its headers or payload that could be used to differentiate traffic?
- Are there ways to minimize data leaks to network intermediaries?
- Can the protocol be made transparent to detect the negative consequences of traffic differentiation that may affect net neutrality?
Moreover, developers should consider compliance with security standards, avoid proprietary technologies that hinder protocol scalability, and ensure the ability to verify the authenticity of data and its attributes.
The need for such a document stems from the fact that, in the past, protocol developers have sometimes created technologies that, perhaps unintentionally, became tools for human rights violations. For instance, the proposal by the Chinese company Huawei to create a new internet protocol, “New IP,” raised concerns among experts. This protocol is positioned as a platform for the “tactile internet” and holographic communications, but experts warn that New IP could enable mass surveillance and erode internet anonymity.
Analysts from Chatham House, the Oxford Information Labs, and the Oxford Internet Institute have pointed out that New IP could be used for mass surveillance and pose a threat to the rights to privacy, freedom of expression, and assembly.
The document is not an IETF standard but rather an informative guide. Nevertheless, it was approved by consensus of the Human Rights Protocol Considerations (HRPC) Research Group and reviewed by both group members and external experts. This underscores the document’s significance for internet protocol developers who wish to incorporate human rights considerations into their work.
RFC 9620 also urges developers to review their decisions at various stages of protocol development and actively involve those whose rights may be affected in the process.