2 comments inline… > On 5 May 2016, at 14:30, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > > > On 05/05/16 14:20, Dave Crocker wrote: >> On 5/5/2016 1:30 AM, Robin Wilton wrote: >>> Privacy can also be a subjective thing (for instance, some people >>> think it's important to draw their curtains in the evening - others >>> don't). That subjectivity makes privacy a highly contextual thing, >> >> This is an Alice, Through the Looking Glass perspective on the term. >> >> At the least, it means it is not a technical term, in which case using >> it in technical contexts is mostly going to cause confusion, since one >> speaker's intended meaning will differ from another listener's... >> >> Standards work is primarily an exercise in gaining group consensus on >> technical specifics. If 'privacy' is to be a technical term, then we >> need to agree on its specifics. That doesn't mean the term needs lots >> of fine-grained detail. In fact, for something this important and this >> basic, it needs as little detail as possible, while still serving to >> guide technical choices. >> >> >>> Privacy is about retaining the ability to disclose data consensually, >>> and with expectations regarding the context and scope of sharing. >> ... >>> http://www.internetsociety.org/blog/2013/12/language-privacy >> >> >> This looks like an entirely reasonable and helpful definition, as I >> noted a year ago. > > It's definitely not bad:-) > > I think it misses a bit though, in our context. Sometimes we just > have to expose an identifier (e.g. a source IP address) and that > can be privacy-sensitive, but there's no real way in which it's > consensual, unless one considers even connecting to the network > as consenting in some form to such exposure, which'd be odd I > think. > > So while Robin's text is pretty good when I think about payloads, > it doesn't seem to cover issues with meta-data and other protocol > artefacts so well. I'm also not sure how much that'd help when it > comes to considering re-identification issues which can be very > subtle (cf. netflix competition). > > But it's a good start.
Thanks, Stephen - Very good point… metadata was definitely on the radar back then, but not high enough to feature explicitly in the definition. I think subsequent discussion about “each layer of the network only exposing such data as is needed for it to function” goes a certain way in that direction, but you’re right, it would benefit from higher visibility. > >> >> There are other, similarly short and focused, definitions. Each is >> reasonable. And while the differences in the definitions probably >> matter, I think that the need to focus technical work requires choosing >> one. If we want the term to have useful substance. >> >> The fact that choosing one has some challenges is being used as a reason >> for not trying. That's an ironic excuse, for an organization whose >> primary reason for being is the development of community consensus on >> non-trivial choices... > > I'd be happy if someone wanted to try craft some definitional text > say in an I-D, with the goal of meeting Dave's challenge to define > privacy in a way that's useful for IETF work. I don't know > if that'd end up as an RFC, but it might, and if well-done, and if > it garnered consensus, it could be quite useful. I’d be happy to work with Dave and others on draft wording... > > Cheers, > S. > > >> >> >> d/ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ ietf-privacy mailing list ietf-privacy@ietf.org https://www.ietf.org/mailman/listinfo/ietf-privacy
