standardizing security: Surveillance, Human Rights, and the Battle over Tls 1.3

Abstract

This is a detailed case study of the development of a new cybersecurity standard, Transport Layer Security (TLS) 1.3, and its implications for the privacy of Internet users and the security and accountability of network operators. It contributes to a theoretical debate about whether protocols or standards can have values or can be considered political. We find that while the design choices in TLS 1.3 do enable greater security, the interests of the actors involved in the standardization process and the level of adoption and implementation were more important. The idea that political, economic, and social effects can be hard coded into protocol designs short-circuits careful analysis of the way standards contribute to governance.