Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Robin Wilton <wilton@isoc.org> Thu, 05 May 2016 08:31 UTC

Return-Path: <wilton@isoc.org>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6935A12B062 for <ietf-privacy@ietfa.amsl.com>; Thu, 5 May 2016 01:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhCdEV4-sbhL for <ietf-privacy@ietfa.amsl.com>; Thu, 5 May 2016 01:30:57 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0055.outbound.protection.outlook.com [207.46.100.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CF412B05C for <ietf-privacy@ietf.org>; Thu, 5 May 2016 01:30:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ep4aZGwtAPrD+HMbbO36v3GHa64VinzKKY47BAmtmx0=; b=XNV/LRYE7UQEehx6pElFTtQCyK7gDfY4FRy7lgNKvDFtKSvLTM/u9MmynkLRucFeoNJQeswNbcgYBKUA1iQi+/iHk13FIW3RsCLnTXL3/BPcQjO+s5CGG3ZpRSHmynBZSrJSELmxf70nHvkv6785eYKp53ERFQEqrwebVlVeUx8=
Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1840.namprd06.prod.outlook.com (10.162.133.15) with Microsoft SMTP Server (TLS) id 15.1.485.9; Thu, 5 May 2016 08:30:55 +0000
Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0485.011; Thu, 5 May 2016 08:30:55 +0000
From: Robin Wilton <wilton@isoc.org>
To: David Singer <singer@apple.com>
Thread-Topic: [ietf-privacy] Is there an official working definition for Privacy Online?
Thread-Index: AQHQeHhWsapnax08r0qQT1wnKkxEHJ1QMoAAgAAHKPiAARAlgIAABu8AgAARUACAAMeVAIAI42WAgkv/o4CAAXXrgIADTLIAgACQq5w=
Date: Thu, 5 May 2016 08:30:55 +0000
Message-ID: <2DDB1AF6-563C-48F3-BF1F-A45038711703@isoc.org>
References: <552FCC84.6040305@gmail.com> <CA+9kkMCYuEGRidB1D=SGA0qxk+SuX6+HyqToYDmqQVmpBskWrw@mail.gmail.com> <5530329E.4060608@dcrocker.net> <01F784DA-5FD5-4D1F-8613-C2E668EDA765@isoc.org> <55311CE9.9040003@dcrocker.net> <DB3PR07MB138A042321BB99DF9AB94A4BCE30@DB3PR07MB138.eurprd07.prod.outlook.com> <55313140.9040400@dcrocker.net> <015a01d0798d$509954c0$f1cbfe40$@huitema.net> <CABtrr-X6CgN3J0dA1YBED0j6K7D5Mt2NAbUwGF5E67BoFX9JUQ@mail.gmail.com> <57268D25.3070708@dcrocker.net> <029801d1a4b9$c3b57850$4b2068f0$@huitema.net>, <F285E90F-4E8B-47BE-A0BF-3A24212C39D9@apple.com>
In-Reply-To: <F285E90F-4E8B-47BE-A0BF-3A24212C39D9@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: apple.com; dkim=none (message not signed) header.d=none;apple.com; dmarc=none action=none header.from=isoc.org;
x-originating-ip: [94.174.34.240]
x-ms-office365-filtering-correlation-id: 0117cf7e-4820-47c1-cfca-08d374bf93d3
x-microsoft-exchange-diagnostics: 1; SN1PR06MB1840; 5:1uCiqnMn7+uqDQqaqr9+Rr3zuv8X2E7yAOga4CqLUy3NBQKerVNIGP3Ptdax3bunEldVzZHhNJafUVuErLbg8sXwB0A633cqGHGHhzRcWjUvZVWGrBt8VCjPehQNVFJavEQI1P68omGqCcOxh4GrHA==; 24:C14Lt2xuPelcpTiAe7HzdmPhYcKxAIJdtWkXo5+rUHvDOJYrbt1zdfl8t979/XxW4p2U8+FA4WA5vBRrxXfEaWtOban1rwg/CBoyd6b9Dgc=; 7:EQxvF7QRug+T8msqd7Uy8hynVUFl4xnNXAxFftthKxilf4W+yOi3H/eUsWdUIcAuwAVBKLvTVG5s1sQqd680dTYx9U3w16v57C0csjzBZVtrLrVldMrP8oG3eMYUK4IlA3WBnr7FnCKWyWhRtXhE4TX+o2TSk/4NJapShbuzweBZOpD3kDnTSRLaGOWChFvP
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR06MB1840;
x-microsoft-antispam-prvs: <SN1PR06MB1840C4BD36FED3AA5DEA0A23BF7C0@SN1PR06MB1840.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(209352067349851);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521098)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:SN1PR06MB1840; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1840;
x-forefront-prvs: 0933E9FD8D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(24454002)(377454003)(8936002)(5004730100002)(81166005)(106116001)(99286002)(19580405001)(19580395003)(33656002)(3280700002)(3660700001)(10400500002)(93886004)(36756003)(82746002)(189998001)(66066001)(102836003)(586003)(1220700001)(3846002)(87936001)(83716003)(5002640100001)(6116002)(2906002)(2950100001)(2900100001)(54356999)(122556002)(50986999)(76176999)(15975445007)(92566002)(11100500001)(77096005)(5008740100001)(4326007)(86362001)(1600100001)(1720100001)(7059030)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1840; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 May 2016 08:30:55.4735 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1840
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-privacy/Y32P_mUQTlh5q85gYPesfVEc9VY>
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>, Josh Howlett <Josh.Howlett@jisc.ac.uk>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 08:31:00 -0000

The Internet Society has been using a definition of privacy for a number of years now, and I still think it's a good one. Incidentally, I think Dave has set a high bar with his request; privacy is a social construct that covers many aspects of the way people interact with each other... it's always going to be hard to reduce that to a single, precise technical definition, the way you might do for, say, "gross domestic product", or "mortgage". 

Privacy can also be a subjective thing (for instance, some people think it's important to draw their curtains in the evening - others don't). That subjectivity makes privacy a highly contextual thing, which, again, may make it hard to reduce to a single precise formula. But I digress... Here's that definition:

Privacy is about retaining the ability to disclose data consensually, and with expectations regarding the context and scope of sharing.

I wrote a blog post drawing out the implications of each part of that definition, here:

http://www.internetsociety.org/blog/2013/12/language-privacy

The result still may not be the precise technical definition Dave is looking for... but I think it helps make explicit the different factors to which we could apply technical solutions. For instance, can we secure the disclosure of data in such a way that the contextual nature of the disclosure is protected? What technical measures can we put in place to ensure meaningful consent? Can we technically limit the scope of a disclosure? Can we reflect the nature of the relationship between the disclosed and the recipient?

We might, of course, conclude that it's hard or impossible to achieve tho goals by the application of technology alone, but at least we'd be reaching that conclusion through a relatively systematic analysis.

Hope this helps a bit,

Robin

Robin Wilton

Technical Outreach Director - Identity and Privacy

On 5 May 2016, at 00:53, "David Singer" <singer@apple.com> wrote:

> I agree, at the moment ‘privacy’ is defined roughly as the things you miss when you realize you have lost it, which is not a usable definition; but I also agree, we’re in the process of learning.
> 
> One of the big realizations I had as a result of the W3C workshop was that we tend to equate privacy with a lack of knowledge i.e. if we could all be anonymous online, we’d be private, which while true, leaves a whole load of questions unanswered.
> 
> In the physical world, there are a whole bunch of aspects to privacy that we intuitively understand (though they may vary by culture); it’s not hard to imagine situations where people would respond ‘you just don’t do that!’. Much real-world privacy respects context, for example (if you meet your therapist at a party, you know it’s him and he knows it’s you and you both know there are certain subjects you won’t talk about).  There are also aspects of degree (people don’t mind being an accidental inclusion in someone else’s photo snapshots, but they do mind if they are featured or a video continues to include them).
> 
> So, just as security has sub-areas, I would argue that privacy does: anonymization, data minimization, respect for context, degree/quantity, and so on.
> 
> Finally, I have long pleaded that those concerned with privacy but technology-unaware — philosophers, legislators, et al. — give us more insight into this question (“what is online privacy”) and say less about technologies, as I am confident that if we understood the field and the principles better, engineers would work out what that meant in engineering and technology terms.
> 
>> On May 2, 2016, at 14:29 , Christian Huitema <huitema@huitema.net> wrote:
>> 
>> On Sunday, May 1, 2016 4:12 PM, Dave Crocker wrote:
>>> 
>>> If the term is to be a non-technical and vague reference, then let's stop
>> using it
>>> as if it were a technical term.  Philosophical, academic and social terms
>> are
>>> fine; the problem is when we use them as if they pertained to technical
>>> specifics.
>> 
>> Well, we do use the term "security" liberally, don't we? It is certainly
>> just as vague, but it is useful as a section header. It encourages protocol
>> designers to be concerned with the broad issue of security attacks. I think
>> that we have consensus that protocol designers should also be concerned with
>> the broad issue of privacy attacks.
>> 
>>> If we intend the term to have technical utility, it's needs precise and
>> useful
>>> definition.
>> 
>> It took some time to establish categories for security attacks -- denial of
>> service, information disclosure, spoofing, elevation of privilege, etc. The
>> analysis of privacy attacks is not quite as advanced, but we start getting
>> broad categories, such as disclosure of the exchanged data, disclosure of
>> metadata, linkability of different activities, and disclosure of traffic
>> patterns. As we gain more experience, I expect that these categories will
>> stabilize.
>> 
>> -- Christian Huitema
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> ietf-privacy mailing list
>> ietf-privacy@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-privacy
> 
> Dave Singer
> 
> singer@mac.com
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 
> _______________________________________________
> ietf-privacy mailing list
> ietf-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-privacy