This week's newsletter catches you up on the last three months in internet standards.
The Star Monitor is a cooperative effort between Global Partners Digital and the Center for Democracy and Technology. Its aim is to help civil society organisations track discussions at internet standards bodies on a quarterly basis. Participation and leadership statistics of major plenary meetings are included, with links to each full report, when available. Hits in mainstream news, provided with context, link to their original sources. Lastly deeper analysis on key developments at each of the core fora round out the monitor. We always welcome feedback from readers to make this quarterly publication as useful as possible: You can write to email@example.com or firstname.lastname@example.org.
Participation and leadership statistics
For a handy guide to internet standards and infrastructure acronyms, use ARTICLE 19’s Internet Standards Almanac. Here is a table that tracks the I-star meetings that occurred in this past quarter:
Other notable governance-level happenings during this period include a representative of Intel taking up the chairship at ETSI and 3GPP holding a meeting in Chicago in November.
The following pulls together a curated list of the top news clips about any of the I-stars that made the industry or mainstream news, with a focus on sharing reports and reporting rather than press-release style items.
- The Office of the United Nations High Commissioner for Human Rights reported to the Human Rights Council its consultation on whether and how the human rights framework can lead to considerations in technical standards setting. “A/HRC/53/42 Human Rights and Technical Standard-Setting Processes for New and Emerging Digital Technologies,” Human Rights Council, September 18, 2023.
- The DNS Research Federation announced a new project to track and evaluate internet standards. Caeiro, Carolina. “Internet Standards Observatory: Selected Research Projects on Internet Standards and Fragmentation Announced.” DNS Research Federation, October 13, 2023.
- In a German tech industry publication, it was reported that the Human Rights Protocol Considerations research group of the IRTF invited a talk about the technical aspects of the internet shutdowns in Palestine. Ermert, Monika. “Vom Netz genommen: IETF hört Bericht über Lage in Gaza und der Westbank.” heise online, November 7, 2023. https://www.heise.de/news/Digitale-Besatzung-IETF-hoert-Bericht-ueber-Lage-in-Gaza-und-der-Westbank-9355184.html
- A Business Insider article describes the IETF and its activities. Esteban, Félix. “Internet no es libre y hay reglas: este es el organismo que lo controla.” Business Insider España, December 10, 2023. https://www.businessinsider.es/internet-no-libre-reglas-organismo-controla-1345562
- After the ITU resolved to develop a 6G standardisation framework at WRC-23, 3GPP will begin its industry-led implementation specifications. ETTelecom.com. “3GPP, Apple Eye 6G as ITU Releases Standards Development Framework.” ET Telecom, December 5, 2023. https://telecom.economictimes.indiatimes.com/news/industry/3gpp-apple-eye-6g-as-itu-releases-standards-development-framework/105752261
- OpenPGP is an end-to-end encryption protocol implemented in email and other services and though a new version was recently standardized in the IETF, other implementers have announced their intention to use a non-standard version of the protocol. Grüner, Sebastian. “Golem.de: IT-News Für Profis,” December 8, 2023. https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2Fnews%2Flibrepgp-gnupg-gruender-startet-openpgp-fork-2312-180159.html
- Email providers have together agreed upon how they will implement stricter protocol requirements to mitigate abuse and spam. Hill, Michael. “Google, Yahoo Announce New Email Authentication Requirements for 2024.” CSO Online, October 5, 2023. https://www.csoonline.com/article/654566/google-yahoo-announce-new-email-authentication-requirements-for-2024.html
- This article discusses new ideas for how the UK telcom regulator can stop people from seeing internet pornography, impacting ISP responsibilities. Jackson, Mark. “Expectations for UK ISPs as Ofcom Move to Tackle Internet Porn.” ISPreview UK, December 5, 2023. https://www.ispreview.co.uk/index.php/2023/12/expectations-for-uk-isps-as-ofcom-move-to-tackle-internet-porn.html
- ISOC has transferred its MANRS initiative to the Global Cyber Alliance, who will now be in charge of the programme to improve global internet security and routing standards. Marina. “Achieving Greater Heights for MANRS.” Global Cyber Alliance, November 2, 2023. https://www.globalcyberalliance.org/achieving-greater-heights-manrs/
- Facebook engineer details the efforts and challenges involved in implementing end-to-end encryption within Facebook's Messenger platform. Millican, Jon. “Building End-to-End Security for Messenger.” Engineering at Meta (blog), December 7, 2023. https://engineering.fb.com/2023/12/06/security/building-end-to-end-security-for-messenger/
- The IAB published its stance on encryption and why it is against the controversial practice of mandatory client-side content scanning. Morgan, Cindy. “IAB Statement on Encryption and Mandatory Client-Side Scanning of Content.” Internet Architecture Board, December 15, 2023. https://www.iab.org/2023/12/15/iab-statement-on-encryption-and-mandatory-client-side-scanning-of-content/
- A unique visual exploration shows the internet’s expansion and transformation over the years. Newman, Lily Hay. “Go on a Psychedelic Journey of the Internet’s Growth and Evolution.” Wired, November 24, 2023. https://www.wired.com/story/ipv6-data-visualization/
- An article suggests the theoretical speeds of Wi-Fi 7 and new protocols could dramatically outpace current internet connections, emphasizing its potential for lower latency and faster streaming. Purdy, Kevin. “Wi-Fi 7’s Theoretical Speeds Make Your Internet Connection Seem Even More Sad.” Ars Technica, January 8, 2024. https://arstechnica.com/gadgets/2024/01/wi-fi-7-will-use-even-more-of-the-6-ghz-band-for-faster-streaming-lower-latency/
- Mashable covers the efforts by Google and Apple to create an IETF standard to enhance privacy and reduce the misuse of AirTags for stalking. Silva, Christianna. “Google and Apple Are Closer to Making AirTags Stalker Free.” Mashable, December 22, 2023. https://mashable.com/article/protection-privacy-airtag-google-apple
- Newly published W3C recommendations for the Web of Things 1.1 specifications are aimed at enhancing IoT interoperability and security. Van der Heil, Amy. “W3C Web of Things 1.1 Specifications Are W3C Recommendations.” W3C, December 5, 2023. https://www.w3.org/news/2023/w3c-web-of-things-1-1-specifications-are-w3c-recommendations
Broken down by forum, below is a deeper dive into the top items that touch on public interest issues. We include a non-exhaustive list of what’s being discussed and what’s considered controversial, whether the proposal is new or part of a broader effort. We make sure that each brief analysis ends with some action and where to go to learn more from a primary source like a version controlled document or a discussion mailing list.
Published RFCs of note:
- A working-group document in the IETF, RFC 9501, establishes that attendees should now be able to attend IETF meetings virtually for free.
- RFC 9505 is an informational document from the Internet Research Task Force that "describes technical mechanisms employed in network censorship that regimes around the world use for blocking or impairing Internet traffic."
In the last quarter several countries were talking about the perils of end-to-end encryption, which is something that the IETF works on quite extensively. “Messaging und Gruppen-Chats: Wie die IETF Sicherheit für Milliarden Menschen schafft.” netzpolitik.org, October 31, 2023. https://netzpolitik.org/2023/messaging-und-gruppen-chats-wie-die-ietf-sicherheit-fuer-milliarden-menschen-schafft and Knodel, Mallory. “‘Eaten by the Internet’: A New Publication on Infrastructure.” Center for Democracy and Technology (blog), November 27, 2023. https://cdt.org/insights/eaten-by-the-internet-a-new-publication-on-infrastructure
The threat of undermining end-to-end encryption through regulation is compounded by conversations within the IETF that challenge strong privacy assurances in standards. The IETF has been working extensively to roll out end-to-end encryption, pro-privacy protocols and more recently ensure that e2ee messaging is compliant with interoperability requirements (e.g of the Digital Markets Act). Undermining encryption would strengthen the ability of governments to carry out unchecked surveillance.
Inclusive language has been a consistent yet unresolved topic of debate in standards bodies for a few years. At the IEEE there is a current standardisation process, and as with others among SDOs, it was mostly sparked by the debate within the IETF. See also: Magby, Jamal. “Tech Talk: Talking Tech with Mallory Knodel and Niels Ten Oever On Inclusive Language in Internet Standards.” Center for Democracy and Technology (blog), December 5, 2023. https://cdt.org/insights/tech-talk-talking-tech-with-mallory-knodel-and-niels-ten-oever-on-inclusive-language-in-internet-standards/.
ECH was standardized at the IETF and with a growing number of implementations, centralized security solutions situated on the network– as opposed to the ends– are beginning to feel the negative effects. Moriarty, Kathleen. “Security Control Changes Due to TLS Encrypted ClientHello.” RIPE Labs, December 11, 2023. https://labs.ripe.net/author/kathleen_moriarty/security-control-changes-due-to-tls-encrypted-clienthello.
ICANN and the RIRs
ICANN’s policy processes led to guidance in May 2019 about the issues with WHOIS vis a vis the GDPR, though this guidance was slow to implement and registries and registrars increasingly focused on compliance with local and regional jurisdictional law. In November ICANN launched a service to facilitate look up requests that meet certain requirements, but unlike WHOIS it’s a service that ICANN doesn’t really provide: the Registration Data Request Service (RDRS) simply connects requestors with registrars. See: Carlson, Gwen. “Press Release: ICANN Launches Global Service to Simplify Requests for Nonpublic Domain Name Registration Data - ICANN,” November 28, 2023. https://www.icann.org/resources/press-material/release-2023-11-28-en
At the end of October RIPE NCC published a new policy document on Voluntary Transfer Lock, motivated by Ukrainian internet operators who were losing their IP and ASN space to Russia.
For the past few years AFRINIC, the regional internet registry responsible for IP address allocation in Africa, has been effectively dysfunctional due to dozens of legal suits that have exploited the loose, community-driven structure of the RIR system. Last quarter, the Mauritius court, where AFRINIC is registered, has ruled that AFRINIC will be placed under receivership (https://www.capacitymedia.com/article/2c6pnx4ymt7sd5c493wg0/news/exclusive-afrinic-placed-in-receivership-board-elections-to-be-held-in-six-months). The decision is currently being challenged, but brings potential resolution to a case brought by Cloud Innovation. Regardless of outcome the community should be ready to build back in strong numbers. The AfriNIC situation has created uncertainty in the internet governance ecosystem, regionally but also globally, and it is therefore necessary for a resolution to the case to be carried out in a way that strengthens trust and reinforces a transparent community driven structure.
At the WRC-23 there was a heated debate about the use of the 6GHz band for unlicensed spectrum, which given the particular physical characteristics of this frequency, would be ideal for expansion of new kinds of wireless networks that small internet service providers and community networks might provide to extend internet and telecommunications access. Sadly the WRC-23 outcome seems to have built toward consensus to give 6GHz to mobile operators. This will have the impact of consolidating this spectrum among a few providers and reduce market share, and ability for new entrants to the market.
The Global Privacy Control (GPC) is a browser setting that allows a user to communicate their preference – and to exercise their legal rights where they have them – to opt out of sharing and selling of their personal information. This single method of opt-out gives internet users an easier way to control how their data is used for online behavioral advertising or whether their data is sold to data brokers. Today, multiple browsers, including Brave, DuckDuckGo and Mozilla’s Firefox, provide a GPC built-in setting. For other browsers, users can download a browser extension. Many websites advertise their support of the control already, and many more will do so in complying with privacy regulations. Residents of California, for example, can use GPC in their browsers today to automatically opt-out of sharing of their data when visiting publishers like the New York Times and Washington Post, or retail company websites like Nike or L.L. Bean. But in order to benefit more users and websites in more places, GPC needs to become a standard.
The implications of an architectural model that any "sender pays" ISPs, too, in addition to client subscribers, include: unequal delivery speeds, content providers avoid entering the market, higher prices for subscribers, and all without guaranteeing more and better networks. They are also far reaching: South Korea, India and the EU might enact these proposals, but the entire fabric of the global internet would be impacted, as per the Internet Architecture Board. The proposal was ultimately rejected due to its unpopularity.
The Internet Architecture Board also signed a letter against EU's eIDAS legislation: eidas-open-letter.org. See also: Hoffman-Andrews, Jacob. “Article 45 Will Roll Back Web Security by 12 Years.” Electronic Frontier Foundation, November 7, 2023. https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years