Standardizing Security: Surveillance, Human Rights, and TLS 1.3
17 Pages Posted: 21 Dec 2020
Date Written: December 10, 2020
Abstract
This paper conducts a detailed case study of the development of a new transport layer security (TLS) standard and its implications for the privacy of Internet users and the security and accountability of network operators. TLS version 1.3 was developed by the Internet Engineering Task Force (IETF) from 2014 - 2018 in reaction to a major political controversy over surveillance. Analyzing the controversies around its design, adoption and implementation illuminates the role of technical standards in the governance of cybersecurity and the Internet. It also contributes to an ongoing theoretical debate about the degree to which protocols or standards can be considered “political.” The paper develops a conceptual framework that identifies three distinct relationships between standards and political/social effects: 1) the political economy of the standardization process (PES); 2) the societal effects of a standard’s adoption, implementation and use (SES); and 3) protocols have politics (PHP), or politics and rights are embedded in the standard. In analyzing the development of TLS 1.3, we find that the PHP approach had limited explanatory value compared to the first and second approaches. By conveying the idea that political, economic and social effects can be hard coded into protocol designs, the protocols-have-politics view short-circuits careful analysis of the way standards contribute to governance.
Keywords: Internet governance, Cybersecurity, Standardization, Surveillance
JEL Classification: L15, O33
Suggested Citation: Suggested Citation