Policy Considerations RUCUS BOF IETF 71 - Philadelphia March 10, 2005 John Morris
Overview Broad look at impact of laws Specific laws & policies Specific goals –“Requirements”?
Which laws? Why care? U.S. & E.U. Constitution & laws Why care? –Sometimes binding requirement –Sometimes useful –Often good policy and good practice
Will laws help fight against spam/spit/spim/sp…? Not much –Mainstream marketers generally follow laws –Law breakers (especially overseas) do not (e.g., U.S. “CAN-SPAM” law) Some –Can sometimes enforce expectations
Will laws hinder fight against spam/spit/sp…? Not much –Mostly decisions by private companies (not governments) –General support for fighting spam Possibly –Privacy restrictions Possibly a great deal –“Company town,” especially as IP- based communications become more and more pervasive
Can IETF help laws against spam/spit/sp…? Yes –Give users control –Allow users to set clear rules/expectations (this gives law something to enforce) But … –The solution set is likely to be mainly technical
Free speech concerns U.S. First Amendment –Even if not binding requirement on private companies, still good policy Some bulk is constitutionally-protected –E.g., political messages, and non- commmercial messages generally –Unclear whether imposed costs of spit/spim etc. might alter constitutional analysis –CAN-SPAM not yet challenged
Free speech (2) Rights to send & receive communications –Addressed by choice and consent –Maximize ability to “opt” in or out of spit/spim/etc. fighting –Maximize ability to fine tune control –As a fall back, ensure transparency and notice so users can understand what is being done Avoid “honeypot” for gov’t censorship Global/broad-based blacklist is problematic
Free speech (3) Anonymity is vital right –Very important in founding of U.S. Philadelphiensis - leading Anti- Federalist in 1787 Some “spoofing” is authorized One-to-one communications –Minimize burden, obstacles to one- to-one communications, EVEN unsolicited communications from unknown senders
Privacy concerrns Privacy of content –Some E.U. constraints on service providers viewing content Notice and consent is essential User control is very helpful –Some U.S. constraints on service providers disclosing content (but for network management, arguably can view content) Again, notice, consent & control –Avoid “honeypot” for gov’t surveillance
Privacy (2) Privacy of communication details - call detail (“CII” or “call identifying information in U.S. wiretapping/ CALEA contexts) –Again, notice, consent & control –Again, avoid “honeypot” for gov’t surveillance –“Subjects” are content
Goals Maximize user control Maximize transparency, notice & consent Avoid honeypots for government censorship or surveillance Permit anonymity Minimize burden on one-to-one communications
The end John B. Morris, Jr. Center for Democracy & Technology jmorris at cdt.org