Markdown Version | Transcript | Session Recording | Session Materials

Session Date/Time: 16 Mar 2026 08:30

HRPC

Session: Human Rights Protocol Considerations (HRPC)
Date: IETF 125
Chair: Mallory Knodel (Sofia Celi absent)
Secretary: Loura

Summary

The HRPC Research Group met to discuss the intersection of protocol design, antitrust regulation, child safety, and organizational "standards of care." The session featured three primary presentations exploring how technical decisions in interoperability, content detection, and system incentives impact human rights.

Key Discussion Points

1. Chair's Introduction

Mallory Knodel opened the session, providing an overview of the group's mission to research how protocols strengthen or threaten human rights.

• Slide Reference: Chair's Welcome Slides
• Background: The group has moved its foundational work into RFC 8280 (Research on Human Rights Protocol Considerations) and the more recent RFC 9620 (Guidelines for Human Rights Protocol Considerations).
• Current Work: Mention was made of potential future work on association (draft-knodel-hrpc-association) and the group’s long history of connecting technical standards to the Universal Declaration of Human Rights.

2. Security vs. Interoperability in Antitrust Regulation

Dodji presented on the tension between government-mandated interoperability (antitrust) and security arguments made by dominant platforms.

• Slide Reference: Security vs interoperability v2
• Core Argument: Platform incumbents often cite security as a reason to resist interoperability mandates (e.g., the Digital Markets Act in the EU).
• Case Studies:
  • Messaging: WhatsApp/Meta's resistance to third-party interoperability.
  • In-App Payments: Apple’s restrictions on link-outs and external payment processing.
  • Hardware/NFC: Access to "tap-and-go" payment functionality on mobile devices.
• Technical Framework: Dodji categorized security concerns into Engineering (hard technical limits), Vetting (policy-based control), and Hybrid (physical/connected device constraints).
• Discussion:
  • Rodney Van Meter inquired about how these power dynamics affect smaller countries.
  • Mark (Nottingham) noted the difficulty of IETF's voluntary nature when dealing with "malicious compliance" by large actors.
  • Dirk Kutscher and Gianpaolo Scalone discussed the value of having standards ready before regulators act, to provide a blueprint that balances security and competition.

3. Children's Online Safety and Privacy

Kate (UCLA/COSPR) addressed the "protectionist" approach to child safety and its impact on privacy.

• Slide Reference: COSPR slides FINAL
• Key Findings: Current policy landscapes often reduce complex harm to simple content detection (CSAM).
• Technical Stats: While NCMEC reports show 36.2 million reports, only 0.18% typically involve "hands-on" abuse of a real child, suggesting current detection systems create massive amounts of "noise" and data collection without necessarily preventing abuse.
• The Privacy-Safety Link: Kate argued that safety and privacy are not antagonistic; anonymity and privacy are essential for help-seeking behavior among those at risk.
• Discussion:
  • Corinne asked about the impact on freedom of expression.
  • Andrew emphasized that while prevention is key, detection remains critical to prevent the re-victimization of children through image sharing.

4. Standards of Care: Governance in System Design

Shaye Akiwowo presented on "Standards of Care," moving the conversation from individual user behavior to structural organizational failure.

• Slide Reference: Standards of care: When online harm becomes organisational failure- IETF
• Core Argument: Online harm is a predictable outcome of design incentives (e.g., optimization for outrage or "nudification" AI).
• Governance Gap: Responsibility is often fragmented between engineers (metrics), product teams (engagement), and trust & safety (reactive).
• Proposed Approach: Implementing an "intersectionality" lens as a technical stress test—evaluating how protocols affect the most marginalized users before they scale.
• Question to the Room: Shaye asked if protocol developers consider downstream social harms. Shane (online) noted in the chat that while often considered out of scope for infrastructure, the HRPC group is the specific venue where these links are explored.

Decisions and Action Items

• Note Taking: Loura volunteered to take notes for the session.
• Draft Status: The group acknowledged that draft-irtf-hrpc-guidelines has been published as RFC 9620.

Next Steps

• IETF 126 (Vienna): The chairs plan to align active research drafts (e.g., the association draft) for further discussion in the next meeting.
• Mailing List: Participants were encouraged to continue the discussion on the HRPC mailing list, specifically regarding the "Standards of Care" and the engineering feasibility of interoperability mandates.

Related Documents

draft-irtf-hrpc-guidelines, draft-knodel-hrpc-association