Re: [Repo-criteria-discuss] Resolving the C2 question

[Ivan Shmakov]

>>>>> Mike Gerwitz <address@hidden> writes:
>>>>> On Sat, Jul 15, 2017 at 07:55:41 +0000, Ivan Shmakov wrote:

 > (Your reply only went to the list; rms wasn't in To or Cc, so he
 > likely won't see your message.)

        I’m interested mainly in the community opinion on the matter.  I
        saw no reason to bother RMS with my questions; at least not yet.

 >> The problem at hand is that, for instance, Russian Federation
 >> asserts jurisdiction over all the communications that happen on its
 >> territory; and I find it hard to argue that they should not.

 >> It’s not unlike passing the customs office: you try to pass the
 >> goods that are forbidden in a country over its borders, and these
 >> goods are either turned around or destroyed by the authorities.
 >> Similarly, trying to transmit information that violates the law
 >> through the public networks may result in your access to said
 >> networks being blocked.

 > It's a bit different.

 > It's like a Russian citizen coming to the United States, copying data
 > onto a portable device from GitHub, and attempting to take it back to
 > Russia.  The traveler is the party under jurisdiction of those laws,
 > not GitHub.

        Although, if we take this example literally, the laws that
        regulate the use of public networks in Russia wouldn’t be
        applicable, as no Russian public network would be involved.

 > Or it's like a Russian ordering the data online from the United
 > States and it passing through customs to reach him/her.

        Yes.

        Or, just to be technical, to reach the Russian Internet user,
        the data would have to be passed through one or more networks,
        at least one of which would be subject to Russian laws.

        Yet another way to view this is that you operate a network (say,
        an Internet AS), and got a request from your peer to /not/ send
        some specific data down their way, for whatever reason.  Would
        it not make sense to be a good neighbor and comply?

        (FSF take notice: Internet shops sending goods to Russia are
        likely to become subject to VAT sometime this year or the next,
        and would have to register with the Federal Tax Service of
        Russia.  Similar legislation came into effect for online
        services January 1st this year.)

 >> So, in the end, my question is probably like this: suppose that one
 >> day Savannah ends up hosting, say, some advanced chemistry software
 >> that makes it easy to get a recipe for synthesizing meth.  Hence,
 >> Savannah becomes censored in Russia†.

 >> What will be pro’s and cons. – to the community – of Savannah
 >> remaining censored in its entirety by the Russian government, and
 >> similarly for the case it’s decided to apply self-censorship (to
 >> avoid governmental censorship) instead?

 > It's a matter of principle—conceding to another country's censorship.

 > But Savannah doesn't have the influence that GitHub does.  Savannah
 > would remain blocked, plain and simple, unless the administrators
 > found that whatever is being hosted violates Savannah's policies.

        I took a cursory glance over the GitHub materials that resulted
        in takedown requests by the Russian authorities.  As it seemed
        at the time, they were all malware and thus would indeed be
        against Savannah policies.

        Not that it changes much in the context of this discussion.

 > GitHub—should they say no—will disrupt an entire nation.  It
 > forces Russia's hand.  Either Russia will decide that its citizens'
 > access to the wealth of information on GitHub is worth it, or they
 > will decide that this tiny bit of information they disapprove of is
 > justification for blocking the entirety of GitHub and disrupting
 > countless people and services.

        Well, of course the authorities can lift the block, but in doing
        so /they/ will violate the law‡.  I don’t think that the
        prosecutor’s office would find that amusing, now would they?

        The proper solution would be to have that law repealed; perhaps
        to have it be found unconstitutional.  (One of the provisions of
        Article 29 of the Constitution is, literally, “censorship is
        prohibited”; and the only exception that same article makes is
        for state secrets.  It’s not impossible, however, that in the
        context of the article the word somehow has some specific
        meaning; such as ‘prior restraint’, for example.)

     ‡  I should really familiarize myself with the letter of that law,
        but AFAIK, it’s of the “MUST block” variety – not “MAY block.”

 > GitHub is under no obligation to follow Russia's laws aside from
 > business and community pressure.  They had to make a choice: try to
 > force Russia's hand and risk the consequences, or avoid the risk.

        I wouldn’t call that ‘risk.’  My dictionary says that word means
        /possible/ (negative) outcome.  There, it’s more like
        ‘inevitable’: failure to comply means your IPs get a nationwide
        block.  It’s as simple as that.

 > It's a tough spot to be in.  And I explained that to rms when I had
 > him clarify in private.  It would be very hard to stand strong and
 > watch as a whole nation of people suffers.  But certain things are
 > worth fighting for.  Is it worth it for GitHub?  Maybe not.  Clearly
 > not.  But is it worth it for GNU?  Absolutely.

        For GNU, there’s a risk that as the result of this stance, the
        general public in Russia will decide it’s /GNU/ (or FSF) who are
        acting unreasonably.

        Unless I be mistaken, the current arrangement with GitHub was
        negotiated by a group of concerned Russian citizens, so that
        the service (which was blocked at the time) could again become
        available in Russia.

 > We're not trying to control GitHub's actions.  But using GitHub for
 > GNU projects is an endorsement, and GNU needs to decide what
 > principles are worthy of such an endorsement.  Thus the repo
 > criteria.

 > We want to make sure GNU software is available to everyone, period.

        Sadly, that’s not going to happen.

 > So we wouldn't want a GNU package's primary project hosting to be on
 > a website that does not guarantee access to all to the extent that is
 > reasonably possible.

        The question is: is it “reasonably possible” to guarantee
        residents of Russia access to arbitrary information via
        Internet?  I wouldn’t think so.

 > Obviously, if GitHub had a presence in Russia, they would have to
 > follow Russian law within its territory.  And obviously GNU has to
 > follow all applicable United States laws, even if they're oppressive.

        So, the service that’s hosted in Russia (and thus applies
        censorship strictly to comply with the authorities’ orders)
        would be viewed more favorably in the context of the criteria?

        I recall that about the one or another time Wikipedia was
        blocked in Russia, one politician argued that there needs to be
        a “Russian” Wikipedia; that is, one that would be bound by
        Russian laws.

        In either case, the implication is that the Russian authorities
        will have much better ground to seek access to the service logs;
        such as the IPs the censored materials were published from.
        (And thus the identity of the user.)

        On the contrary, using a service located in a foreign country
        (that does not generally cooperate with Russian authorities)
        makes one reasonably safe from at least that threat.

        Hence, I’m concerned that this approach to the criteria may
        actually be harmful to the community.

[…]

-- 
FSF associate member #7257  np. Zeta Function — Fearofdark 3013 B6A0 230E 334A