On 26 January 2021 EDRi’s annual PrivacyCamp event was organised online for the first time. Over six hours, in three parallel tracks, activists and officials discussed hot privacy topics. CENTR participated in a multi-disciplinary panel on wiring digital justice.
In a discussion co-moderated by Francesca Musiani from the Centre for Internet and Society and Stefania Milan, from the University of Amsterdam, five speakers – including Amelia Andersdotter from CENTR – discussed perspectives on embedding digital rights into technical architectures through standardisation, procurement and regulation.
Speakers represented a broad range of experiences from multilateral processes in the International Telecommunications Union (Mehwish Ansari, ARTICLE19), to on-the-ground protection of journalists and activists in Belarus (Kseniia Ermoshina, CIS) and procurement of public networks in Canadian municipalities (Bianca Wylie, CIGI). Niels ten Oever addressed the core differences between technical development and the standardisation of modern network technologies and the development and standardisation mechanisms used for telephone networks.
While telephone network standards have traditionally been agreed in multilateral processes between government delegations, modern network technologies are standardised in processes where companies interact directly with one another over the future of technical development. Amelia Andersdotter added that it has become more common for technologies to be standardised even before they are launched to end-consumers, while earlier technical standardisation has focused on creating compromises between pre-existing national technologies.
While the panel remained high level, the discussion briefly touched on how better coordination between mechanisms for procurement and consumer demand could be leveraged to disseminate already existing privacy standards. There was no clear agreement on a good direction for moving forward. While procurement and customer demand were observed as essential for successes, including the involvement of regulatory authorities for recommendations and guidelines, there was no conclusion. Panellists agreed that there were, in general, good frameworks for impact assessment for human rights and privacy impacts for a large number of internet technologies. Niels ten Oever highlighted RFC8280 for assessing human rights impact of internet protocols, and Amelia Andersdotter highlighted the recently adopted P802E Privacy Recommendations for Network Technologies from the IEEE-SA. Both standards aim at giving engineers involved in designing and implementing new technologies tools to assess their work with respect to established privacy and human rights frameworks from international law.
For the CENTR community, the timely implementation of human rights friendly features remains important. CENTR engineers are not only building better privacy and human rights features into DNS resolvers and other technical test-beds, but also actively contributing to filling the gaps by participating in Internet Engineering Task Force (IETF) processes. Some highlights include Stephane Bortzmeyer’s (AFNIC) work on data minimization in DNS queries, or the implementation of DNS privacy features in the KNOT and FRED softwares maintained by CZNIC.
Bridging the gap between technical standards governance and society governance is still an open issue, ripe with challenges for both engineers and policy makers and in need of more discussion.
