Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Peter Schoo <peter.schoo@gmx.de> Fri, 06 May 2016 09:56 UTC

Return-Path: <peter.schoo@gmx.de>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4082212D0E3 for <ietf-privacy@ietfa.amsl.com>; Fri, 6 May 2016 02:56:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZUvgyiA3tHG5 for <ietf-privacy@ietfa.amsl.com>; Fri, 6 May 2016 02:56:45 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E416F12D116 for <ietf-privacy@ietf.org>; Fri, 6 May 2016 02:56:44 -0700 (PDT)
Received: from [192.168.44.69] ([89.15.236.187]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lwarz-1biaYT1Rdf-018Mpc; Fri, 06 May 2016 11:56:22 +0200
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Alissa Cooper <alissa@cooperw.in>, Christian Huitema <huitema@huitema.net>
References: <552FCC84.6040305@gmail.com> <CA+9kkMCYuEGRidB1D=SGA0qxk+SuX6+HyqToYDmqQVmpBskWrw@mail.gmail.com> <5530329E.4060608@dcrocker.net> <01F784DA-5FD5-4D1F-8613-C2E668EDA765@isoc.org> <55311CE9.9040003@dcrocker.net> <DB3PR07MB138A042321BB99DF9AB94A4BCE30@DB3PR07MB138.eurprd07.prod.outlook.com> <55313140.9040400@dcrocker.net> <015a01d0798d$509954c0$f1cbfe40$@huitema.net> <CABtrr-X6CgN3J0dA1YBED0j6K7D5Mt2NAbUwGF5E67BoFX9JUQ@mail.gmail.com> <57268D25.3070708@dcrocker.net> <029801d1a4b9$c3b57850$4b2068f0$@huitema.net> <4826F2DD-7A3C-46ED-AB68-A1B1B1E5F30B@cooperw.in> <572B62D4.7090706@cs.tcd.ie>
From: Peter Schoo <peter.schoo@gmx.de>
Message-ID: <572C6A3C.2080003@gmx.de>
Date: Fri, 6 May 2016 11:56:12 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <572B62D4.7090706@cs.tcd.ie>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:7buAp0WQY1KcGM8F3ecuhTq1miKEjqQDSmaLvuLdTFTrgJtgV7v 35oB9vLKax4V0ZMFI+86SzZ8lEjW++PnD6KzZSINUhiYZbi5DsnaMcyTm0POKMHI2iYK2D5 IDCEZaMKrYVSGYf3yOKupOAF+qSvX+18Q1tuQ1oPxk9wypY9pfKlLnutNFYAUqLoeQITKpq FJUl9BfIWLS9anfUbY2Iw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:JXgPh7hA114=:MT8irH4wFFRUTUMVgHVieU lzg1SqJ06IuYDlbo2MgEHzVRCM1tQo/uwcpjhBB8/zn3n3luhsGstsXoobHrGcthw5+yFHa88 yWkjGnqKeKYYCe57CSwWwMOamK8PvMdn7O6CbXyL0R5amCMGUUxstsJK9xszehdUQZ+RFBx60 WA/KlKbO/DdLRzKhgrQb4Tf328srhU8cYd7dWTxNqvTGRIJHUfyxUcn0VRd+s3pKAbJhbHAg3 7A4OioI5ky5pCSsKdg8UwNc9sMxj2FzcnOTqj7KJxyeHi6x0uRh8EMR0O+pWcE5IKVDcs9kw/ mUyMGaUPHEa4hnsu4w9YurxHBDvXeVYUQhOcvvbM500T2AVa6e0XYpvaSY2bx+/ZKMxPZzOaZ IeePD3UGwKn3Qb19sS8wTnRZxLlgQpdECSatZKievRhHkX41sC7ahVAxlNIWXq+n+ywwOYRz6 cuE30yMKzfOStsrQZEsXspCv2B0Dgwtw/XgKPpusAxKJhqeMfGjEYh0w2BenzsjCsC9qMv4J5 pP6/GEY/jURgaeuSogR1rCW1NbVM9hBheQUoBi+SgmyPrpZylJ+h87B5xzQz55vGBUxvhDQHv qRn4YmG6UklMyg02XpoxIoB3oXKJ/RWorp9eQbNBIKxkF6cfl5BAXLqgX/z8AG9l1QL9vu1Dn 9Z1Pij4UsQm5QDrOq6Wd42eRLBs9N8GoGCJ6nF3Q7HVqNkwTxrM0WMJBtyMAhH5c54hjKfWFN NORKzux/6faE+x2ccvYcbv4SHA4Z1jl/ESceqz7AVZdUnOlkQjDw/sGTxmXw1M0yfW14j8VS3 1tqgSfu/L6mu2L7v+sdlBSjHfjwNQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-privacy/FYNfAhstZLsL8HevNLGKEozTtdQ>
Cc: ietf-privacy@ietf.org, dcrocker@bbiw.net, Josh Howlett <Josh.Howlett@jisc.ac.uk>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2016 09:56:47 -0000

Am 05.05.16 um 17:12 schrieb Stephen Farrell:
> 
> 
> On 05/05/16 15:53, Alissa Cooper wrote:
>> +1. If people want to consider privacy as a heading under which we
>> group a bunch of different kinds of attacks, that works perfectly
>> well I think.
> 
> In the case of privacy, not all the bad things are correctly
> described as attacks IMO. E.g. leaving sensitive data in a
> log file for too long is not in itself an attack, but can be
> risky. Only emitting packets when a user is present similarly.

Descriptions of privacy (and security taken as example for how to make a
privacy definition) are discussed on different levels. Robin's two-liner
needs to be applied and interpreted. Effect is that it raises
understanding, but takes time and effort to seriously discuss it, which
is good to do.

On the other hand, it helped to establish, as Christian wrote,
categories for security attacks -- denial of service, information
disclosure, spoofing, elevation of privilege, etc. Agreed attacks
categories form common ground and makes it more useful in standards.
Something similar would be useful for privacy too, as the set of
potential threat is blurred or the understanding of threats and impacts
changes with deeper discussions, more thorough investigations.

Why are these differences? Sure, the nature of security and privacy are
somewhat different.

> I'm not even sure the risk analysis method we use for security
> is the best way to try address privacy in IETF work. 

and that's why many apply privacy impact assessments, which have a
different focus when you analyse a system/service/whatsoever, e.g.
concerning time. I argue that security threats typically do not last as
long as privacy threats, they are bound to communication sessions or
periods of subscription - more overseeable. Clever data fusion can
create threats the day after tomorrow.

Security discussions sometimes comes with properties or services that
shall be provided, e.g. authentication, authorisation, confidentiality,
integrity, availability, or CIA etc. This part of a taxonomy is not
present in the privacy discussion. Like we detail security in
(permutations of) CIA, I miss detailing privacy here. Today privacy
papers often apply Anonymity, Unlinkability, Undetectability, Plausible
deniability and Confidentiality.

All of the security definition approaches are helpful, two liners,
attacks and properties. Concerning privacy we are still learning about
threats and how to categorize them, to make these categories useful for
standards. Though it might be different with finding a suitable
taxonomy, i.e. relevant to IETF, that help detailing privacy aspects.

BR
	Peter

-- 
Peter Schoo, peter.schoo@gmx.de