November 29, 2020

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

We Fight For the Users: An Appreciation of IETF’s RFC 8890

Here at the Electronic Frontier Foundation, we have a guiding motto: “I Fight For the Users.” (We even put it on t-shirts from time to time!) We didn’t pick that one by accident (nor merely because we dig the 1982 classic film “Tron”), but because it provides such a clear moral compass when we sit down to work every day.

Should your boss be able to spy on you through your computer? Well, you’re the user and we fight for you, so we say no.

What about your professor? Same logic applies here too.

Your spiteful, angry ex? No way.

What about tech giants, data-brokers or ad-tech companies? The user decides, not them.

Who decides who fixes your stuff? You do.

What about which ink goes in your printer? That’s your business, not some giant company’s.

When companies have their users’ backs, we have those companies’ backs. When the companies subordinate users’ interests in favor of their own, we have the users’ backs.

That’s not switching sides, that’s fighting for the user!

This summer, the Internet Engineering Task Force’s Internet Architecture Board began circulating RFC 8890: The Internet is for End Users, and we think it’s just terrific (RFC stands for “Request for Comment”; it’s what the IETF calls its internal documents, including its standards).

The document’s principal author is Mark “mnot” Nottingham, an Internet pioneer who works on core Internet standards like HTTP, the working group for which he co-chairs. Nottingham and colleagues have produced a thoughtful manifesto for how technologists should think about the work they do.

The paper starts out by acknowledging the increasing centrality of the Internet to every realm of our lives, and asserts that fact alone is no indicator of the success of the Internet. It’s not enough to “merely [advance] the measurable success of the Internet (e.g., deployment size, bandwidth, latency, number of users)”—all of these indicators can be improved by technology that is “used as a lever to assert power over users, rather than empower them.”

Music to our ears! In order to build an Internet fit for human habitation, the RFC demands that we prioritize the empowerment of “end-users”—”human users whose activities IETF standards support.”

But this is more complicated than it seems at first blush: end-users have different roles (“seller, buyer, publisher, reader, service provider, and consumer”) and many potentially conflicting interests: “privacy, security, flexibility, reachability.” And users are blended: kids who use the Internet and their parents; people who post photos to the Internet and the people pictured in those photos. The RFC notes that this complexity may make it hard to figure out who “the end-user” is at any moment, but still demands that we make the effort. (At EFF, we take the position that when it comes to surveillance, the public is the end-user we care about, even if the technology’s “user” is a law enforcement agency.)

The RFC lists several ways that end-users can be involved in technical architecture decisions, and ponders the strengths and drawbacks of each: the difficulty of discussing esoteric technology with users who lack the background to understand it; the imperfection of relying on government representatives to represent the interests of their citizens (and the conflicts between those governments and the governments of other states).

The authors land on civil society groups (that’s us!) as the go-to group to represent users’ interests with both technical depth and a genuine ethical posture. Further, it demands that IETF working groups find ways to directly engage with specialist user groups representing different priorities, meeting them where they are rather than inviting them to participate in esoteric standards-setting committees.

The paper moves on to a discussion of the term “user-agent”—the technical name for a browser in standards like HTTP. The term “user-agent” has a profound implication for the fundamental architecture of the Internet: a user-agent should take orders from the user, not anyone else. Your agent should fetch and display the content you want to see and block the content you don’t want to see. It should keep your information consumption habits private unless you decide to share them. It should run the code you choose.

Alas, as the RFC points out, the latest wave of Internet of Things devices have all but abandoned the idea of serving as user-agents. Instead these sensor-studded, actuator-connected gadgets act as outposts for the corporations that sold them, sneaking around behind our backs to spy on us, corralling us into arranging our affairs to suit the manufacturer’s shareholders’ interests at the expense of our own.

As we’ve pointed out, even browsers, the original “user agents,” sometimes put the interests of the monopolists who made them ahead of the user’s.

The paper concludes with some sober advice for technologists building the Internet: don’t rush to the assumption that users’ needs have to be traded off for technical necessities; don’t sideline users’ needs for “architectural purity.”

The IETF is an Internet original, a 34-year-old institution that does the hard, unglamorous work of setting and updating standards. The “rough consensus and running code” ethic it defined gave birth to the Internet as it once was, and as it has become. As an organization that is nearly as old as the IETF, we’re so pleased that they, too, are here to fight for the users.