Unofficial Draft
Copyright © 2023 the document editors/authors. Text is available under the Creative Commons Attribution 4.0 International Public License; additional terms may apply.
In response to the call for input from the UN Office of the High Commissioner for Human Rights, this unofficial draft provides context on the human rights impacts of technical standard-setting for the Web, authored by a group of long-time W3C participants. This document has no official standing of any kind and does not represent the support or consensus of any standards organization. The authors do not speak on behalf of the World Wide Web Consortium or the W3C groups in which they participate, but have tailored this draft to focus primarily on W3C processes and standards.
As transformational information communications technologies, the Internet and the Web are essential sites for supporting human rights in the modern world. As the Human Rights Council has noted, “the same rights that people have offline must also be protected online” [UNHRC2018].
Technical standards are ubiquitous and diverse and necessary to define the protocols that make up, among other technologies, the Internet and the Web. While the practices of standard-setting vary, the World Wide Web Consortium (W3C) is a member-driven public interest organization with an open, multistakeholder process that develops voluntary standards through consensus.
Given the vast landscape of technical standards development today, it is critical to assess standards development on a technology-specific basis in order to ensure appropriate consideration and support of human rights within individual standards development processes. For example, free expression, free association, privacy and security, accessibility, and internationalization are key examples of human rights interests where the design of the Web makes a difference for the rights enjoyed by users of technology around the world. As such, the design of the standards that underlie the Web have a bearing on the enjoyment of these rights, and W3C as a standards organization takes responsibility for incorporating human rights considerations into its processes.
The Internet and Web provide key capabilities for communication, including expression of all kinds including commercial activity and political speech, and organization of various kinds, providing for association and assembly. For example, the Web has made it possible to publish and consume online content in dramatically cheaper and more accessible ways, without relying on traditional forms of book, newspaper and magazine publishing. Standards for real-time communication, including through audio and video, have provided for remote connectivity, especially important during pandemic conditions, and WebRTC standards make such connectivity possible peer-to-peer [webrtc] [rtcweb-overview].
The design of the Internet’s architecture, including design decisions in technical standards, affects both the potential for free assembly and association and the potential harms or limits to association [draft-association].
W3C has lead the way in setting standards for accessibility online: enabling people with disabilities to use services of all kinds on the Web. As noted by the Convention on the Rights of Persons with Disabilities, access to information and communication technologies, including the Internet and new communications technologies, is a basic right of people with disabilities [CRPD]. Web Content Accessibility Guidelines describe how to make Web sites accessible and usable and define success criteria so that conformance at different levels can be consistently evaluated by governments and other organizations [WCAG22].
This work has been developed in a true multistakeholder fashion through the Web Accessibility Initiative, with substantial engagement from a variety of industry sectors, as well as academics, government and civil society. Supporting this basic human right cannot be left to governments or any single stakeholder alone.
Internationalization (i18n) is the practice of designing technology to be used by people of different cultures, regions and languages. For W3C, i18n is an essential part of universal, world-wide access to the Web, especially for those who use different scripts or languages from the developers of popular applications.
By considering different languages, writing systems and cultural expectations in the design of Web standards, internationalization provides better access to and usability of Web applications and enables the creation and consumption of sites and services in a wide range of the world’s languages.
Surveillance has been a substantial threat, amplified in new and emerging technologies, to the human rights of people on the Internet. And it’s an area where technical standard-setting has been able to respond. Pervasive monitoring was identified as an attack by the Internet standardization community and documented by the Internet Engineering Task Force (IETF), the world’s premier Internet standards organization [RFC7258]. In response, tremendous engineering efforts have been made, including the design of new protocols, to encrypt more online traffic and protect it from active and passive monitoring and tampering. Technical standard-setting has been one venue for the multistakeholder discussion, design and collaboration necessary to respond to expansive, intrusive government surveillance.
W3C-specific standards to enable broader use of encryption include (but are not limited to) the Web Cryptography API for providing fundamental encryption in the browser [WebCryptoAPI], and Secure Contexts to limit dangerous or powerful functionality to cases where encryption is used [secure-contexts]. Broader than just preventing surveillance, privacy has been deeply considered in a wide range of Web standards, including APIs for access to device sensors (geolocation, cameras and microphones, and virtual reality devices), real-time communications, and permissions.
W3C has incorporated considerations for human rights into its standards development process, both from an institutional perspective and at the level of individual specification review and design decisions.
In the following sections, we describe: how standards development works, particularly for Web standards at the W3C; how human rights are considered in the Web standardization process; and how standard-setting at W3C can be inclusive and accessible to broad participation.
Technical standards are documents that technology designers use to build products and services that interoperate with products and services offered by other organizations. The most important goal of standardization is this interoperability, which allows web browsers to reach websites, laptops to connect to Wi-Fi, and mobile phones to make calls even though the technology that facilitates each of those connections is provided by many different organizations. Products and services that run on different platforms, are written in different programming languages, and operate under different regulatory regimes can all connect and interoperate when they implement the same standards. Without standards, there would be no Web, Internet, or cellular service as we know them today.
Technical standards are ubiquitous and diverse. The act of loading a
single web page—for example, by typing
https://www.ohchr.org/
into a web browser—may involve
hundreds of standards produced by different standards development
organizations (SDOs) that cover everything from network connectivity to
the routing of Internet traffic to the visual display of the web page in
the browser. Viewing the tech sector as a whole, there are thousands of
standards development organizations worldwide developing standards with
the involvement of tens of thousands of engineers, architects,
researchers, and other experts from the private and public sectors.
SDOs vary in terms of their governance, participation, outputs, and decision-making procedures. The W3C’s model relies on key features that have fueled the reach and success of web standards:
These principles largely track those found in widely referenced policies, including from the World Trade Organization Technical Barriers to Trade Committee [wto-international-standards] and the US Office of Management and Budget [omb-a-119].
Not all SDOs rely on these principles. Some are more formal, rely on one-nation-one-vote rules, or are government-driven—all of which can create challenges for the multistakeholder community to contribute, influence outcomes, and be part of the standards decisionmaking process. While the “big three” formal SDOs—the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO), and the International Telecommunication Union (ITU)—often garner attention in standards policy discussions, the vast global ecosystem of open, global SDOs and consortia fuel the bulk of the standards development work happening at the cutting edge of technological innovation today.
Finally, the W3C Patent Policy has been critical to the accessibility and broad reach of the web and web technologies. The policy requires that as a condition of participation in the development of a standard within a W3C working group, all members commit to making their own patented inventions implicated by the standard available on a royalty-free basis [w3c-patent-policy]. The web’s royalty-free foundation has fueled innovation and experimenation, lowering barriers to entry and making the web a platform for all.
“Web for All” is one of the foundational design principles guiding W3C’s work, per the W3C Mission:
The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C’s primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.
The social value of the Web and support for human rights are considered in the standardization process through the strategic selection of work, through the principles and guidelines developed to guide Web standards, and through the people, process and tools for wide review of Web standards.
The Web standards community itself has demonstrated a commitment to broadly considering the impact of new technical standards and emerging communication technologies [ethical-web-principles], explicitly centering the Universal Declaration of Human Rights [UDHR].
The Web standards community has also consistently identified the importance of prioritizing the people who use and are impacted by technology in the design of Internet and Web standards. Prioritizing people over the developers of technology, the corporations that buy, sell or operate technology, and the interests of other stakeholders helps to maintain trust and support human rights of people generally. This has been described as the priority of constituencies, and it is cited in the Web Platform Design Principles [design-principles] and the Internet Architecture Board’s statement that the Internet is for End Users [RFC8890].
Considering these ethical principles and priorities among the stakeholders themselves provides an opportunity to identify new areas altogether where human rights are implicated by interoperable technologies: including, for example, the impacts of the climate crisis and of misinformation. These are novel threats and challenges with impacts on human rights and so solutions and mitigations are not yet well established. Setting out principles and goals in a multistakeholder technical standard-setting body provides the starting point for more systematic community-wide consideration.
Even in relatively more established areas, statements of principles are valuable ways to support fundamental human rights in concrete and actionable ways. Privacy, for example, is a human right, but also a complex and contested concept. W3C has a task force of experts in privacy, Web architecture, user agents, and online advertising writing a detailed statement of privacy principles that can then be applied throughout the Web standards process [privacyprinciples].
W3C’s Advisory Board, elected by Member organizations, seeks to set out a fundamental Vision for the Web and its emerging development. The current draft in progress of that W3C Vision statement encodes some similar principles and priorities. The W3C Process provides for developing a community-wide consensus for Statements of this kind [w3c-process], not unlike similar processes at the IETF. Consensus community statements create both the opportunity and the responsibility for the participant stakeholders themselves to agree on principles and vision that consider benefits to society and the human rights of the individuals around the world who will use the resulting interoperable technology.
Seeing the Web as a connection among humans drives the focus of several “horizontal” areas of work and review: accessibility, internationalization, privacy, and security, that support the exercise of fundamental human rights. The W3C Process requires wide review and response to issues raised by reviewers [w3c-process].
W3C’s wide review process is a foundational piece of a strategy to consistently and systematically support human rights in Web standards. Wide review involves actively soliciting feedback from a range of stakeholders, implementers, subject matter experts and the general public. Most notably, it incorporates “horizontal review”: reviews of areas that cut across (hence, horizontal) the many different Working Groups and technical standards. Horizontal review is widely used to identify, review for and address issues of accessibility, internationalization, privacy and architectural design, and has also been considered for security, sustainability, equity and other topics.
Because new and emerging technologies are developed by deep subject matter experts in a particular area, the stakeholders developing new protocols and implementations of communication technology cannot also have a perfect view of all the other technology being developed for the Internet and the Web and are unlikely to be expert in all the areas of accessibility, internationalization, privacy, security or other cross-cutting areas. To provide support, horizontal review groups review specifications, develop guidance for self-review and consult with groups on technical areas and how to address potential concerns systematically and proactively.
Self-review lets groups working on a new technology to spot issues and consider mitigations even prior to an external horizontal review, without needing that prior expertise. Questionnaires, checklists and documentation more generally have proved useful in identifying common issues that arise in Web standards; those tools should be regularly reviewed and updated to cover new classes of issues and to clarify recommended mitigations.
Consistent review across many areas is especially important where the contribution to human rights impacts may be diverse in any one case but accumulate to significant constraints to rights. Browser fingerprinting, for example, is possible through the cumulative analysis of different configuration characteristics, each of which may be minimal and non-identifying on its own. But combined together, those characteristics are often used to re-identify people, correlate their online activities and undermine the ability to control one’s identity or the data collected about oneself. Reviewing for browser fingerprinting across all new Web technologies in a consistent way makes it more feasible to address this threat to privacy [fingerprinting-guidance].
The Technical Architecture Group (TAG) also provides design reviews of all specifications as part of the wide review process, and often provides input early in the specification process because of a Google Chrome policy to seek TAG review and because of interest from browser implementers. The TAG applies reviews to make consistent architectural decisions across different specifications [design-principles], but also considers privacy and security issues (including the answers to the privacy and security self-review questionnaire) and may provide feedback on other ethical or rights concepts that arise [ethical-web-principles].
Wide review at W3C is especially focused on horizontal review and review by W3C Member organizations, in order to coordinate standardization activity across the Consortium. But review and input is explicitly not limited to W3C Member organizations and feedback from the general public is welcomed. The Process requires considering comments and addressing any objections from the public as they would from W3C Members. Availability of published standards, drafts in progress and working conversations is an important, though incomplete, part of providing open access to participation, as discussed below.
A key factor for the efficacy and legitimacy of W3C’s multistakeholder standard-setting model and its consideration of human rights is the capacity to provide access and participation to all those stakeholders who wish to engage in the standardization process.
As described above, W3C’s standardization process follows a model of openness to participation, transparency of discussion, due process of decision-making done typically by consensus.
This openness of participation means that standardization work, and increasingly also the practice of incubation of pre-standardization work, is done and intensively documented for any interested party or member of the public. Emails, text proposals, decisions, meeting minutes and the like are made publicly available. All standards documents are freely available to all, from initial drafts through final Recommendation.
This rich public corpus also makes academic research and external oversight of the standard-setting process more feasible. Ongoing research can provide empirical analysis of how human rights are considered in open standard-setting bodies and patterns of participation, among other topics. See, for example, the Research and Analysis of Standard-Setting Processes Research Group at the Internet Research Task Force.
Public input is also welcomed and a formal part of the standardization process. Individuals can be invited into Working Groups, without paying the membership dues typically expected of organizations, as Invited Experts. But the process also solicits and considers input from interested parties that are not formally engaged in Working Groups.
With these formal and practical preferences for openness and transparency, W3C has been able to welcome a diversity of participants and incorporate them throughout the activities and leadership of the Consortium’s work.
With that experience, W3C participants have also identified barriers to effective participation.
There are substantial costs to effective engagement in technical standard-setting. Those may include fees for membership or meeting registration, but much more significant are the costs of travel to attend meetings and even more so the cost of hiring experts and dedicating their time to the intensive process of following detailed standards processes often over a period of years. Those costs can be significant for non-industry participants (like civil society) or for organizations in lower-income countries, even when sliding scale fees are available.
Language barriers have made it more challenging for active partcipation for those who do not speak English or don’t speak it as a first language. W3C activities are typically conducted primarily in English, without real-time translation. Participation from around the world can also create conflicts in cultural expectations. Engineering and technical communities can have habits and practices of conversation that are unusual or exclusionary for those with different backgrounds, and we have found that negative or antagonistic environments can discourage those who would otherwise provide important contributions.
W3C has made some progress in addressing aspects of these barriers and looks forward to continued consultation and advice to be more inclusive and effective in including a broader range of the world’s stakeholders in the Web standardization process. With the support of some donors, an inclusion fund has been developed to provide financial support to underrepresented communities that might not otherwise be able to attend W3C meetings. The Consortium has adopted a Code of Ethics and Professional Conduct [CEPC], and the Positive Work Environment Community Group progressively considers the processes, practices and training necessary to welcome participants and enable consensus finding among people of various backgrounds. Offices with local staff in different countries and directed global recruiting have shown some success in engaging companies and organizations outside of the West.
Making Web standardization more inclusive and more representative is of regular discussion at W3C, not only for questions of legitimacy and support of human rights, but also for the general success of developing standards and technology for global adoption. We welcome further work and learning on how to include more of the world in the technical standard-setting process, and expect that the vast majority of W3C members would as well.
Special thanks to reviewers of these comments and to all the W3C participants who have engaged in support for human rights in Web standards.