On 12/06/2015 04:10 PM, Martijn Grooten wrote:
On Sun, Dec 06, 2015 at 02:59:54PM -0500, Chris Lewis wrote:
I was never so glad as to see something as the wide-scale deployment
of callerid a few years later.
But for Caller ID to work in cases like the one you describe, you
wouldn't need to know the phone number (which often includes the
location) of the caller; a "cryptographic blob" identifying their phone
line would suffice.
The proper analog is "Call Trace". You dial a * code, and the calling
number gets recorded by the telco, but it can only be retrieved via a LE
process (I do not believe it requires a full search warrant, but,
joe-blow citizen certainly can't get it). It cannot be disabled (but
presumably spoofable) by the caller.
I am not a lawyer, but I believe IP addresses are considered personal
data in some countries; the European Court of Justice is currently
looking into the issue. I don't think it's impossible for a court to
decide that because of this, providers should strip (submission) IP
addresses from emails.
Anything's possible. What's also possible that when presented in its
entirety, a court may still agree that the operational/other benefits of
providing them in this case outweighs the potential risk. Nothing is an
absolute. There are always edge cases where informed judgment is
required, and you rely on courts and judges to provide guidance through
precedent.
What I also know is that when asked, regulators over here in PIPEDA land
are most emphatic in saying that IP addresses are not PII. And this
_includes_ the Privacy Commissioner.
Or perhaps one of the many tracking companies is already using this to
correlate emails sent to website visits. This could lead to outrage
among privacy activists and a call for providers to strip submission IP
addresses.
That's in part why we have governments - to prevent public panics of the
uninformed driving public policy.
We had one when callerid happened. Callerid got "fixed" not killed.
We had one when the newspaper stories about the leaks (that ultimately
led to the Commission I was a member of). They were (mostly) bogus.
But we fixed the problems that were really there and weren't in the
newspaper stories.
We have a panic _now_. How would you feel about security/privacy policy
being driven by Trump and his followers? If that doesn't scare you, it
should.
What would really be fascinating is to get one or more people highly
respected in their knowledge of the law, public policy and privacy to
take on the question of passing through SUBMIT addresses. Bring out all
the pros and cons. Put it on trial as it were.
I do think the proposed charter is a bit too strong on the need to
remove headers which, given comments here, probably isn't very helpful.
I would be in favour of a more open-minded charter, but I do think there
is a need for a WG like this one.
I agree, but the WG charter is too strong on the mechanics of "how" and
has nothing at all on the mechanics of "will it do anything?" and the
real downsides. The charter needs to be expanded, and the WG work begun.
Perhaps one of the most important things in the WG is to decide whether
the output is a document, and whether the document is an informational,
a BCP or standard or STD. My current thinking is that we're going to
hit BCP at best.
An alternate approach occured to me - rather than trying to defacto
impose it everywhere (which is sorta what the existing documentation is
pushing towards), what about some sort of informational/BCP or even full
RFC defining a "privacy enhanced interface" and outline what it needs to
do w.r.t. email, and other service privacy? Existing environments could
make it an option, makes an opportunity for niche providers, and
describes in concrete terms what it needs to do?
_______________________________________________
Shutup mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/shutup
