On Apr 11, 2013, at 6:55 PM, Martin Thomson <[email protected]> wrote: >> Here are some nits (feel free to ignore). Section 6 mentions that: >> >> "In order to protect the privacy of the subject of location-related >> measurement data, this implies that measurement data is protected >> with the same degree of protection as location information." >> >> Section 6.2 mentions that: >> >> "By adding measurement data to a request for location information, the >> Device implicitly grants permission for the LIS to generate the >> requested location information using the measurement data. >> Permission to use this data for any other purpose is not implied." >> >> and >> >> "A LIS MUST discard location-related measurement data after servicing >> a request, unless the Device grants permission to use that information >> for other purposes." >> >> How can a device implicitly grant permission? It is up to the user to grant >> permission. > > Ah yes, I'm not sure whether this was made explicit in this draft > (probably not), but we take the view that the Device is a proxy for a > user (Target in geopriv-parlance). In terms of protocols and location > determination that's the only reasonable assumption to make. That's a > really important point though, not something we should be taking on > faith. I'll make sure to add a note. >
You could reference the role definitions in RFC 6280 (section 2) for this. Alissa >> The specification also sends information, e.g. for wifi, which might not >> readily available to the cellular operator. The privacy model followed can >> be described as the unknowingly informant model. > > I don't know where you are going with the "unknowingly informant > model", but it's true that in some cases, measurements that are > provided to a LIS might not be useful. If your LIS is operated by a > cellular operator, then maybe (though it's only a maybe) the cellular > operator wont be able to use the information to improve a location > estimate. Similarly, they might not know how to deal with GLONASS > pseudoranges. > > Implementations have choices on the spectrum between: provide nothing > and see if the LIS asks for more information; and provide everything > and don't worry about the extra stuff. The latter choice actually has > some implications with respect to performance and time, so most likely > it will go somewhere in between the two. > _______________________________________________ > Geopriv mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/geopriv > _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
