Standardizing Security: Surveillance, Human Rights, and TLS 1.3

17 Pages Posted: 21 Dec 2020

See all articles by Milton Mueller

Milton Mueller

Georgia Institute of Technology

Colin Kiernan

Independent

Date Written: December 10, 2020

Abstract

This paper conducts a detailed case study of the development of a new transport layer security (TLS) standard and its implications for the privacy of Internet users and the security and accountability of network operators. TLS version 1.3 was developed by the Internet Engineering Task Force (IETF) from 2014 - 2018 in reaction to a major political controversy over surveillance. Analyzing the controversies around its design, adoption and implementation illuminates the role of technical standards in the governance of cybersecurity and the Internet. It also contributes to an ongoing theoretical debate about the degree to which protocols or standards can be considered “political.” The paper develops a conceptual framework that identifies three distinct relationships between standards and political/social effects: 1) the political economy of the standardization process (PES); 2) the societal effects of a standard’s adoption, implementation and use (SES); and 3) protocols have politics (PHP), or politics and rights are embedded in the standard. In analyzing the development of TLS 1.3, we find that the PHP approach had limited explanatory value compared to the first and second approaches. By conveying the idea that political, economic and social effects can be hard coded into protocol designs, the protocols-have-politics view short-circuits careful analysis of the way standards contribute to governance.

Keywords: Internet governance, Cybersecurity, Standardization, Surveillance

JEL Classification: L15, O33

Suggested Citation

Mueller, Milton and Kiernan, Colin, Standardizing Security: Surveillance, Human Rights, and TLS 1.3 (December 10, 2020). TPRC48: The 48th Research Conference on Communication, Information and Internet Policy, Available at SSRN: https://ssrn.com/abstract=3746572 or http://dx.doi.org/10.2139/ssrn.3746572

Milton Mueller (Contact Author)

Georgia Institute of Technology ( email )

School of Public Policy
Schhol of Cybersecurity and Privacy
Atlanta, GA 30332
United States
404-385-4281 (Phone)

HOME PAGE: http://www.spp.gatech.edu/faculty/milt

Colin Kiernan

Independent ( email )

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
112
Abstract Views
807
Rank
441,712
PlumX Metrics