Hi Nick, At 18:05 08-09-2012, Nick Doty wrote:
A couple of questions kept cropping up for me while reading it. In particular: who is the audience for this draft and what do you intend to communicate to them?
The audience of the draft is the technical community. The intention is to discuss about whether Internet Identifiers and Session Identifiers can be information about an individual and whether consent is necessary.
If the intention is to provide an exhaustive listing of identifiers in particular, their legal status and potential privacy concerns, I think there are a few key pieces missing.
I did not provide an exhaustive listing of identifiers as there are, in my opinion, missing pieces to reconcile their legal status and privacy concerns. I would say that the potential privacy concerns are debatable within the IETF. If you ask participants whether it would be ok for the IETF to publish their email addresses without their consent, the answer would be no. If the average participant is designing a protocol which sends out the email address and you point out that there are privacy concerns, you might be told that it is not a serious concern or it will be pointed out that's how the technical work has always been done.
While IP address cookies (persistent or session-based) and email address are good examples, there may be many other mechanisms for storing identifiers (the "evercookie" is a good example at the Web-level). I also think we should be cognizant of fingerprinting
Yes.
possibilities [0] when considering the privacy implications of identifiers -- user machines and user agents may be identifiable (with the same potential to correlate information about an individual) not because of the presence of a particular number transmitted by their device but because of the unique (or at least uncommon) combination of configuration variables.
I mentioned the fingerprinting during a discussion about a specification. One of the problem, if I may call it that, is that a specification generally focuses on use cases for one identifier. It is difficult to make a convincing argument that the potential for correlation is also an important consideration.
I'm also not sure the concept of privacy here is complete. I would personally disagree with emphasizing a dichotomy between the "private realm" and the Internet. Some theorists suggest that privacy is a societal quality rather than individual control, or that the value is in contextual integrity rather than just self-determination. I like the RFC 3365 reference, but would echo Hannes in adding the IAB Privacy Considerations draft [0] as another example. I also think the earlier draft from Morris/Davidson on Public Policy Considerations is worth looking at, it specifically calls out the creation of new persistent unique identifiers as a privacy risk in protocol design [1].
Hannes mentioned that RFC 3365 has a very limited view of the topic. I left out the IAB privacy considerations draft as I was looking more as what has been published up to now. I read the earlier draft from Morris and Davidson. By the way, it seems that the approach taken in that draft was dropped in favor of the IAB draft.
There are unique identifiers being created without enough thought to the privacy implications. I avoided the question of the "right to be forgotten" as it takes the document into unchartered waters. I emphasized on information leaving the "private realm" as a way to say that it is better to keep the cat in the bag instead of trying to put it back in. The issue of whether privacy is a societal quality instead of one of individual control is noticeable in the approach taken to define personal data (see Section 2). On an unrelated note, there is individualism within the IETF and that can favor a particular view.
Finally, I suspect we could aggregate more legal questions and decisions if providing some legal context for protocol authors or implementers is the goal. (Offhand, I think there are some interesting positions taken by the US Department of Justice, or distinctions in the Electronic Communications Privacy Act, that would be relevant.) Kasey has suggested doing some of this work within the W3C Privacy Interest Group (PING).
The document starts with some history and it then broaches the legal context. This is more like a "think about it" instead of reaching a conclusion on the legal questions and decisions. If you have any references about these positions, I would appreciate if you could share them. It would be worthwhile to do some work in that area to get a "worldwide" view of the discussion.
Thanks for prompting this interesting discussion! I'm hoping the W3C PING will continue to engage on some of these questions regarding advice for protocol authoring and may point them to this work.
The feedback from you and other people on this list has been interesting. In some respect, I toned down the document instead of arguing about correlation and several other concerns. It would have been nice to have an analysis of identifiers (e.g. Hannes commented about SIP). Mark Lizar raised some interesting questions. Bryan McLaughlin and Robin Wilton commented on some of the policy issues. There was a presentation about privacy leakage on the Internet at IETF77 ( www.ietf.org/proceedings/77/slides/plenaryt-5.pdf ). There wasn't that much reaction from the (IETF) audience.
Regards, S. Moonesamy _______________________________________________ ietf-privacy mailing list ietf-privacy@ietf.org https://www.ietf.org/mailman/listinfo/ietf-privacy
