<div dir="ltr"><br><div class="gmail_quote"><div dir="ltr"><div><div>Brian Carpenter
posed the question pasted below on the ietf discussion list. My
(verbose) comments on the thread may help get a handle on the limits of
multistakeholderism in the international context, which requires
understanding democracy not in terms of the regular representational
and/or participatory aspects, but key elements of the foundation that makes it work. It
addresses the present DMARC imbroglio triggered by Yahoo and a few
other industry cohorts. Read through the thread for the fuller
explanation.<br><br></div><span class=""><font color="#888888"><br></font></span></div><span class=""><font color="#888888">Seth<br></font></span><div><div><div class=""><br><br>
On Tuesday, April 15, 2014, Brian E Carpenter wrote:<br>
<br>
I thought that standard operating procedure in the IT industry<br>
was: if you roll something out and it causes serious breakage to<br>
some of your users, you roll it back as soon as possible.<br>
<br>
Why hasn't Yahoo rolled back its 'reject' policy by now?<br>
<br>
Regards<br>
Brian<br>
<br></div><div><br><div class="gmail_quote"><div class="">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Seth Johnson</b> <span dir="ltr"><<a href="mailto:seth.p.johnson@gmail.com" target="_blank">seth.p.johnson@gmail.com</a>></span><br>
</div><div class="">
Date: Tue, Apr 15, 2014 at 7:36 AM<br>Subject: Re: What I've been wondering about the DMARC problem<br>To: Miles Fidelman <<a href="mailto:mfidelman@meetinghouse.net" target="_blank">mfidelman@meetinghouse.net</a>><br>
Cc: IETF Discussion <<a href="mailto:ietf@ietf.org" target="_blank">ietf@ietf.org</a>><br>
<br><br></div><div class=""><div dir="ltr">Jimmy Wales is, perhaps partially unconsciously, referencing this with his point on a "culture of free expression."<div><br></div><div>Note:
I am not implying in making these observations that stewardship should
be by any particular country, or any number less than the totality for
that matter -- only that we rely on systems that we have claimed for the
people to create such a context, and the international arena (and the
various systems so far presented for "checks and balances" or even
simply handoff to privatized systems to multistakeholder-ish processes
that must not be government-led or inter-governmental) does not
presently support that.</div>
<div><br></div><div><br></div><div>Seth<span><font color="#888888"><br></font></span></div></div></div><div><div><div class="gmail_extra"><br><div><div class="h5"><br><div class="gmail_quote">On Tue, Apr 15, 2014 at 1:29 AM, Seth Johnson <span dir="ltr"><<a href="mailto:seth.p.johnson@gmail.com" target="_blank">seth.p.johnson@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra">(one insert/correction inline)<br></div><div class="gmail_extra">
<br><div class="gmail_quote">
<div>On Tue, Apr 15, 2014 at 1:20 AM, Seth Johnson <span dir="ltr"><<a href="mailto:seth.p.johnson@gmail.com" target="_blank">seth.p.johnson@gmail.com</a>></span> wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div>The
framework internationally is different. Within free countries, there's
a culture of expectations that certain things will be unacceptable, or
will be resisted by self-respecting citizens. That culture is based in a
system that guards fundamental liberties, and people are able to rely
on it to do so, though for private firms the limits aren't so definitive
as they are for the government.<br>
<br></div>Internationally, the limits are no longer so definitive, and
that's because even though governments will sign onto instruments like
the UDHR, those rights are not actually fundamental, even if we call
them that. Fundamental rights have an undeniable priority within
countries where they have been claimed in the founding act. On that
foundation, judges are always obliged to assess fundamental rights in
light of the unarguable fact that their priority over the government was
part of the original creation of the whole system. There's no founding
act in the international arena that sets the priority of people over
the governments of the world, so rights are actually at the indulgence
of governments, and governments can always assert their state interests
are so important that they warrant impinging on fundamental liberties.<br>
<br></div>We just saw an example of this with the Snowden disclosures.
We've been through a long period where we couldn't get our government to
actually do much for us, or conversely to not invade our liberties --
because the claims that the government was snooping pervasively were
kept marginal in various ways.</div>
</div></div></div></div></div></div></blockquote><div><br></div><div><fixed> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">
<div><div>
<div>
<div><div><div>But once documentation moved those considerations out of
the frame of "conspiracy" or zealotry by activist organizations, we
suddenly began seeing the appeals work again: "that's not the kind of
country we are, what we set up for ourselves," we started saying again.</div>
</div></div></div></div></div></div></blockquote><div></fixed><br></div><div><br></div><div>(eom)<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr"><div><div><div><div><div><div><div>And while it's still
in a bit of denial, we are seeing a gradual grudging retracting --
again, because the basis in fundamental liberties is unarguably related
to how we set the government up in the founding act(s).<br>
<br></div>This is for governments and the more definitive relationship
between fundamental liberties and the government; that is, that they are
limits on the government. The judicial system treats fundamental
rights violations by the government in terms of "strict scrutiny," which
means a governmental act that impinges on fundamental liberties must
serve a compelling state interest, and even then, must be narrowly
tailored. For private parties, it's more that the working system
creates a culture of people who enjoy this ability to live in a system
where these limits on the government are actually at play -- and that's a
context that more easily supports attitudes of resistance and pushback
from people who see their dignity invaded by private firms that do
excessive things.<br>
<br></div>None of this exists internationally. The best you can place
some faint hope in is that national/state interests will be "balanced"
against rights expressed in a treaty. That's a totally different
standard from strict scrutiny. And relying on even that is unrealistic,
because governments have the "epistemic priority" -- and so they often,
quite freely, simply claim their sovereignty and act according to what
they claim is an important state interest. They simply have that
wherewithal at the international level.<br>
<br></div>All of which is preface to say that the result is that
governments and private parties (and corporations, who have concocted
trans-state "rights" through judges acting to fill in gaps in the law
over the years) know the rules don't apply the same way in the
international arena.<br>
<br></div>In fact, given the transitions currently being attempted,
whether with the IANA functions or "Internet governance" more generally,
Yahoo's DMARC behavior may really be a sort of dry run, testing the
ability to take advantage of the moves to put concerns related to the
operation of the Internet into an international frame, which folks are
pushing for without really recognizing what's missing in that context,
what they have sort of unconsciously relied on and taken for granted
within systems of checks and balances that are rooted solidly at
national levels.<br>
<br></div>The checks and balances don't work the same internationally,
and that circumstance can be exploited (and is, all the time, these
days).<br><br></div><div>People might push back, but they don't really
do so with the same sense of fundamental recourse assured by a solidly
rooted system. And Yahoo knows this. And we're just shoring that up by
saying we can just switch multistakeholderism to the international
arena.<br>
<br></div></div><div>(All of this is aside from other factors not
generally acknowledged -- that there are actually inter-governmentally
endorsed frames in place that will have a bearing on IANA type functions
or domain names (Names, Numbers, Addresses and Identifiers/NNAI, in the
ITU parlance), regardless of the fact the IANA transition defines
itself as non-governmentally-led or inter-governmental. Looking at this
in that light, Yahoo may be forcing the creation of a context in which
it can start to exercise those frameworks.)<span><font color="#888888"><br>
<div><div><div><div><br><br></div><div>Seth
</div></div></div></div></font></span></div></div><div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 15, 2014 at 12:07 AM, Miles Fidelman <span dir="ltr"><<a href="mailto:mfidelman@meetinghouse.net" target="_blank">mfidelman@meetinghouse.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Important business users, with Yahoo accounts? Is that a joke?<br>
<br>
Just as a reference point:<br>
- I just logged into my long-unused, and un-publicized yahoo email account - and the only thing there is Spam<br>
- the lion's share of mail that comes from yahoo, to my normal account, is spam<br>
- unfortunately, a good number of people on the email lists that I run
seem to have Yahoo mail accounts - and a good amount of the mail that
comes from those accounts is... you guessed it... spam - because yahoo
email accounts seem to be vulnerable to cracking and exploitation<br>
<br>
So, just who is it that Yahoo is protecting here?<div><div><br>
<br>
Abdussalam Baryun wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
The standard procedure in many companies is business scoped, so they
identify important business users and the business returns/damages. Most
important users are not IT experts, and use email for personal
exchange. Yahoo has signed an agreement with users to protect its
information system, so all seem to follow that, and all users are free
to stop using services or not.<br>
<br>
AB<br>
<br>
On Tuesday, April 15, 2014, Brian E Carpenter wrote:<br>
<br>
I thought that standard operating procedure in the IT industry<br>
was: if you roll something out and it causes serious breakage to<br>
some of your users, you roll it back as soon as possible.<br>
<br>
Why hasn't Yahoo rolled back its 'reject' policy by now?<br>
<br>
Regards<br>
Brian<br>
<br>
</blockquote>
<br>
<br></div></div><div><div>
-- <br>
In theory, there is no difference between theory and practice.<br>
In practice, there is. .... Yogi Berra<br>
<br>
</div></div></blockquote></div><br></div>
</div></div></div></blockquote></div><br></div></div>
</blockquote></div><br></div></div></div>
</div></div></div><br></div></div></div></div>
</div></div>