Human Rights — QUIC!
How the Internet’s new transport protocol (QUIC) will change digital and human rights for all users
With the provisioning of a new transport protocol, QUIC — or Quick UDP Internet Connections — , the IETF has advanced the Internet’s future health. QUIC will usher in a new era of packet transfer efficiency, latency/loss resistance, and strong security practices (thanks to TLS 1.3!) across the global Internet.
Developed at Google in the early 2010’s, QUIC is a new transport protocol built on top of UDP (traditionally only used for sending video and streaming content). QUIC is an evolution on the original Internet transport protocol, TCP/IP, developed by Bob Kahn and Vint Cerf in the early 70’s. The adoption of QUIC adoption has shaken up the IETF and internet infrastructure communities over the last half decade.
QUIC has generally been accepted and technically battle-tested on some of the biggest content transport networks. Based on these results, it appears ready to grace the global stage. This a net positive for Internet users everywhere and rightly should be celebrated.
However, few have asked what these technical advancements might mean for the digital rights of end users on the Internet. And, whether this new infrastructure will greatly affect the lives of those users who are already on the margins.
I will examine an element of the QUIC IETF proposal review process, specifically the Human Rights Review conducted and reported on in April 2019 by researchers from Harvard and the University of Amsterdam. This review was conducted by looking through the IETF draft documents and proposal timeline for QUIC. While IETF proposals, and specifically, published RFCs are often backlogged into the deep trenches of Internet and knowledge of the civic infrastructure community, it remains vitally important that there be a broader popular understanding of the review and accountability processes that go into some of the biggest structural engineering questions of all-time.
The big takeaway is that global internet engineering projects like QUIC have proven, time and again, that building anything on the Internet’s “Stack” will require bulletproof methods, protocols, and multi- stakeholder review processes to fairly consider the needs of all the Internet’s end-user types.
Below are some additional takeaways from the Human Rights Reports.
The Good
Zero Round Trip Time:
- Arguably the best advancement for the rights of all end users, improved speeds of transport over QUIC will result in Zero Round Trip Time for existing connections and a few millisecond run times for first-time, multi-hop connections. This is going to hopefully usher in a better and faster Internet for all. From the data shown in the report (https://blog.chromium.org/2015/04/a-quic-update-on-googles-experimental.html), the speed is up to 8% better globally.
Content Agnosticism/Censorship Resistant:
- The 2010’s has created a rise in the blatancy of ISP level and network level interference and censorship. These attacks on global digital and human rights have also occurred through nationalized telecoms shutting down networks and DNS resolvers during times of unrest (or even during a student testing week in Syria). While QUIC can not change the outcome in these instances, it does provide more safeguards against censorship and tampering via middleboxes on the transport level.
Secure (TLS 1.3):
- The addition of a new TLS protocol (1.3) in 2018 has created a much needed pro-privacy dimension to the QUIC protocol. The IETF has always been an ally to encryption, making encryption a default setting in QUIC. This a great step towards the security of the Internet’s end users against the recent attacks of middleware or man-in-the-middle (DNS level spoofing) intrusions.
The Bad
Big Tech “Favoritism”(Consolidation ?’s):
- As QUIC’s origin story is well known, I won’t go into further details than mentioned previously or in the Human Rights Report. I will say that there is wariness when the largest Internet company worldwide (at the time of reading, this may change), is the one who is leading the future of the Internet’s transport protocol development. Unlike the origins of TCP/IP, which were also open to potential corruption by the funders of the ARPANET (U.S. Navy), there is something uneasy about the world’s largest web crawler being the origins of the proposal. The report has a section darkly titled, “Privacy, Power and Consolidation” (4.15.3). Although the section’s title is ominous, the report finds inconclusive evidence of potential implications, or long term foul play. The report states: “On the other hand, this creates a concentration of different kinds of traffic with one end point, thus giving the service provider access to more categories of privacy sensitive information. In the current reality of the Internet, the biggest hosts are controlled by large, consolidated, transnational corporations. This creates an extreme power differential between end users on the one hand, and service providers and content operators on the other hand” (draft-martini-hrpc-quichr-00, 4.15.3). Only time can tell if this will lead to unexpected implications. This will certainly be one area to watch for in the future.
The In-Between
Spin Bit “Controversies”:
- One of the main debates during the QUIC development process was around the inclusion of a single added bit (yes, just one bit). While seemingly inconsequential to most, the draftees of the QUIC protocol that was reviewed had developed an experimental approach that used an additional bit, as a spin bit, to be a mechanism for enhanced privacy. While the inclusion of the spin bit did not make it into the final QUIC draft, the spin bit will definitely be something that is an example of concerted design questioning. In my eyes, this bodes well for the scrutiny that was placed on this protocol.
References :
