Hi Martin,
[I added a Cc to Eliot in case he is interested]
At 17:00 10-04-2013, Martin Thomson wrote:
Hmm, I'd be interested to hear about what you consider to be
problematic with the privacy considerations. We put a lot of thought
into those. Obviously, this is potentially highly sensitive, but I
thought we'd hit the important considerations.
As a FYI, the is an article about the privacy bounds of human
mobility at
http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html
Here are some nits (feel free to ignore). Section 6 mentions that:
"In order to protect the privacy of the subject of location-related
measurement data, this implies that measurement data is protected
with the same degree of protection as location information."
Section 6.2 mentions that:
"By adding measurement data to a request for location information, the
Device implicitly grants permission for the LIS to generate the
requested location information using the measurement data.
Permission to use this data for any other purpose is not implied."
and
"A LIS MUST discard location-related measurement data after servicing
a request, unless the Device grants permission to use that information
for other purposes."
How can a device implicitly grant permission? It is up to the user
to grant permission.
The specification also sends information, e.g. for wifi, which might
not readily available to the cellular operator. The privacy model
followed can be described as the unknowingly informant model.
Regards,
-sm
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
