Human Rights Protocol Considerations Research Group N. ten Oever Internet-Draft Article19 Intended status: Informational February 06, 2017 Expires: August 10, 2017 Anonymity, Human Rights and Internet Protocols draft-tenoever-hrpc-anonymity-00 Abstract Anonymity is less discussed topic in the IETF than for instance security [RFC3552] or privacy [RFC6973]. This can be attributed to the fact anonymity is a hard technical problem or that anonymizing user data is not of specific market interest. It remains a fact that 'most internet users would like to be anonymous online at least occasionally' [Pew]. This document aims to break down the different meanings and implications of anonymity on a mediated computer network. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 10, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect ten Oever Expires August 10, 2017 [Page 1] Internet-Draft anon February 2017 to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Vocabulary Used . . . . . . . . . . . . . . . . . . . . . . . 2 3. Research Questions . . . . . . . . . . . . . . . . . . . . . 3 4. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 7. Research Group Information . . . . . . . . . . . . . . . . . 4 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 8.1. Informative References . . . . . . . . . . . . . . . . . 4 8.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction There seems to be a clear need for anonymity when harassment on the Internet on the increase [Pew2] and the UN Special Rapporteur for Freedom of Expression call anonymity 'necessary for the exercise of the right to freedom of opinion and expression in the digital age' [UNHRC2015]. Nonetheless anonymity is not getting much discussion at the IETF, providing anonymity does not seem a (semi-)objective for many protocols, even though several documents contribute to improving anonymity such as [RFC7258], [RFC7626], [RFC7858]. There are initiatives on the Internet to improve end users anonymity, most notably [torproject], but this all relies on adding encryption in the application layer. This document aims to break down the different meanings and implications of anonymity on a mediated computer network and to see whether (some parts of) anonymity should be taken into consideration in protocol development. 2. Vocabulary Used Concepts in this draft currently strongly hinges on [AnonTerm] Anonymity A state of an individual in which an observer or attacker cannot identify the individual within a set of other individuals (the anonymity set). [RFC6973] ten Oever Expires August 10, 2017 [Page 2] Internet-Draft anon February 2017 Linkability Linkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attacker's perspective means that within the system (comprising these and possibly other items), the attacker can sufficiently distinguish whether these IOIs are related or not. [AnonTerm] Pseudonymity Dervided from pseudonym, a persistent identity which is not the same as the entity's given name. Unlinkability Unlinkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attacker's perspective means that within the system (comprising these and possibly other items), the attacker cannot sufficiently distinguish whether these IOIs are related or not. [AnonTerm] Undetectability The impossibility of being noticed or discovered Undetectability of an item of interest (IOI) from an attacker's perspective means that the attacker cannot sufficiently distinguish whether it exists or not [AnonTerm] Unobservability Unobservability of an item of interest (IOI) means: undetectability of the IOI against all subjects uninvolved in it and anonymity of the subject(s) involved in the IOI even against the other subject(s) involved in that IOI. [AnonTerm] 3. Research Questions Premise: activity on the network has the ability for is to be anonymous or authenticated While analyzing protocols for their impact on users anonymity, would it make sense to ask the following questions: 1. How anonymous is the end user to: o local network operator o other networks you connect to o your communications peer on the other end of the pipe 2. How well can they distinguish my identity from somebody else (with a similar communication) (ie linkability) ten Oever Expires August 10, 2017 [Page 3] Internet-Draft anon February 2017 3. How does the protocol impact pseudonomity? o in case of long term pseudonymity o in case of short term pseudonymity 4. How does the protocol, in conjunction with other protocols, impact pseudonymity? 5. Could there be advice for prootocol developers and implementers to improve anonimity and pseudonymity? 4. Use Cases - multiple identities concurrently used, mixing them in operations / keeping them distinct (talking to XMPP, alias, etc) - when you change identity, do cross stack analysis, so you have no bleedover, anonymity on a cross protocol, cross stack level 5. Security Considerations As this draft concerns a research document, there are no security considerations. 6. IANA Considerations This document has no actions for IANA. 7. Research Group Information The discussion list for the IRTF Human Rights Protocol Considerations proposed working group is located at the e-mail address hrpc@ietf.org [1]. Information on the group and information on how to subscribe to the list is at https://www.irtf.org/mailman/listinfo/hrpc Archives of the list can be found at: https://www.irtf.org/mail- archive/web/hrpc/current/index.html 8. References 8.1. Informative References ten Oever Expires August 10, 2017 [Page 4] Internet-Draft anon February 2017 [AnonTerm] Pfitzmann, A. and M. Hansen, "A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management", 2010, . [Pew] Rainie, L., Kiesler, S., Kang, R., and M. Madden, "Anonymity, Privacy, and Security Online", 2013, . [Pew2] Duggan, M., "Online Harassment", 2014, . [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003, . [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, . [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2014, . [RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626, DOI 10.17487/RFC7626, August 2015, . [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., and P. Hoffman, "Specification for DNS over Transport Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 2016, . [torproject] The Tor Project, ., "Tor Project - Anonymity Online", 2007, . ten Oever Expires August 10, 2017 [Page 5] Internet-Draft anon February 2017 [UNHRC2015] Kaye, D., "Anonymity, Privacy, and Security Online (A/ HRC/29/32)", 2015, . 8.2. URIs [1] mailto:hrpc@ietf.org Author's Address Niels ten Oever Article19 EMail: niels@article19.org ten Oever Expires August 10, 2017 [Page 6]