Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Dave Crocker <> Thu, 05 May 2016 13:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D680412D66B for <>; Thu, 5 May 2016 06:21:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tGOIvGNvqe3H for <>; Thu, 5 May 2016 06:21:15 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2B33112B03F for <>; Thu, 5 May 2016 06:20:37 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id u45DKZMm007010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 5 May 2016 06:20:36 -0700
To: Robin Wilton <>, David Singer <>
References: <> <> <> <> <> <> <> <015a01d0798d$509954c0$f1cbfe40$> <> <> <029801d1a4b9$c3b57850$4b2068f0$> <> <>
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
Message-ID: <>
Date: Thu, 05 May 2016 06:20:25 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 ( []); Thu, 05 May 2016 06:20:36 -0700 (PDT)
Archived-At: <>
Cc: "" <>, Josh Howlett <>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 May 2016 13:21:17 -0000

On 5/5/2016 1:30 AM, Robin Wilton wrote:
> Privacy can also be a subjective thing (for instance, some people
> think it's important to draw their curtains in the evening - others
> don't). That subjectivity makes privacy a highly contextual thing,

This is an Alice, Through the Looking Glass perspective on the term.

At the least, it means it is not a technical term, in which case using 
it in technical contexts is mostly going to cause confusion, since one 
speaker's intended meaning will differ from another listener's...

Standards work is primarily an exercise in gaining group consensus on 
technical specifics.  If 'privacy' is to be a technical term, then we 
need to agree on its specifics.  That doesn't mean the term needs lots 
of fine-grained detail.  In fact, for something this important and this 
basic, it needs as little detail as possible, while still serving to 
guide technical choices.

> Privacy is about retaining the ability to disclose data consensually,
> and with expectations regarding the context and scope of sharing.

This looks like an entirely reasonable and helpful definition, as I 
noted a year ago.

There are other, similarly short and focused, definitions. Each is 
reasonable.  And while the differences in the definitions probably 
matter, I think that the need to focus technical work requires choosing 
one.  If we want the term to have useful substance.

The fact that choosing one has some challenges is being used as a reason 
for not trying.  That's an ironic excuse, for an organization whose 
primary reason for being is the development of community consensus on 
non-trivial choices...


   Dave Crocker
   Brandenburg InternetWorking


   Dave Crocker
   Brandenburg InternetWorking