Niels, All, I was looking at the RIPE Database Terms & Conditions, and i guess your proposal/idea doesn't go against it, and may even roughly match with "Scientific research into network operations and topology" on Article 3. However i don't see how this can change anything in real life routing ahead of cost and performance variables. Specifically about your examples, GDPR compliance is mandatory for a broad set of orgs, so i don't see any real value in adding an ASN to that as-set. Is this "yet another quality seal/we're part of this bunch" approach? Sorry for the lack of optimism here :-) Regards, Carlos On Fri, 8 Mar 2019, Niels ten Oever via db-wg wrote:

Dear Database WG,

Recent public debates on the ethics and social implications of digital technology, as well as the feedback I received on my presentation at RIPE77 [0], have stimulated me to think more about how value frameworks can inform routing decisions.

Based on the analysis of several discussions in the IETF community [1], the ICANN community [2], and the recent book by David Clarke [3], I thought a voluntary declaration of values might be relevant for discussion in the RIPE community. A way of doing this could be the discussion of the introduction of two AS-SET objects in the routing database. This could enable Autonomous Systems to declare the values frameworks they adhere to. An example of possible objects would be:

[object0] as-set: AS-GDPR remarks: members of this set declare to be compliant with the General Data Protection Regulation of the European Union mbrs-by-ref: ANY [/object0]

[object1] as-set: AS-UNGP remarks: members of this set declare to have adopted and implemented the United Nations Guiding Principles on Business and Human Rights mbrs-by-ref: ANY [/object1]

Members of these sets would declare to live up to these values. Based on these sets, other AS-es could, for example, choose to preferentially route via AS-es that are member of (one of) these sets.

These value frameworks (the GDPR and UNGPs) were chosen because these are widely known and adopted standards in our community [4], so the understanding of these values should not be subject to a lot of interpretation and discussion.

Do you think this would be a reasonable approach, and if so, would you consider becoming a member of (one of) these sets? Or do you think there are better ways to achieve this?

Looking forward to hear what you think.

Best,

Niels

PS I posted a similar e-mail to the routing WG to discuss the routing implications of this proposal. Please accept my apologies if this is considered as cross-posting, but I thought both aspects of this proposal might be interesting to discuss.

[0] https://ripe77.ripe.net/archives/video/2113/ [1] For instance in the discussions on RFC1958, RFC3935, RFC6873, RFC7258, and RFC8280 [2] Most notably resulting in the addition of a commitment to human rights during the IANA transition, but of course as well during the extensive WHOIS discussions [3] https://mitpress.mit.edu/books/designing-internet [4] For instance SIDN has engaged in a Human Rights Impact Assessment https://www.sidn.nl/a/over-sidn/mensenrechten-daar-voldoen-we-toch-aan , and Cisco, Ericsson, Google, NTT, Orange, AT&T, IBM and many others have adopted the UNGPs - Cisco https://www.business-humanrights.org/en/cisco-systems-0?keywords=cisco - Ericsson https://www.business-humanrights.org/en/ericsson-0?keywords=ericsson#a117755 - Google https://www.business-humanrights.org/en/google-0?keywords=google - NTT https://www.business-humanrights.org/en/nippon-telegraph-and-telephone-ntt-g... http://www.ntt.co.jp/csr_e/report.html - Orange https://www.business-humanrights.org/en/orange-0 - AT&T https://www.business-humanrights.org/en/att-0?keywords=AT&T - IBM https://www.business-humanrights.org/en/ibm-0?keywords=IBM

-- Niels ten Oever Researcher and PhD Candidate Datactive Research Group University of Amsterdam

PGP fingerprint 2458 0B70 5C4A FD8A 9488 643A 0ED8 3F3A 468A C8B3