Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Robin Wilton <wilton@isoc.org> Fri, 06 May 2016 12:39 UTC

Return-Path: <wilton@isoc.org>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B774812D16E for <ietf-privacy@ietfa.amsl.com>; Fri, 6 May 2016 05:39:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hq6rLxL0woE2 for <ietf-privacy@ietfa.amsl.com>; Fri, 6 May 2016 05:39:37 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0077.outbound.protection.outlook.com [65.55.169.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 098B612D149 for <ietf-privacy@ietf.org>; Fri, 6 May 2016 05:39:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qqGdYzpYAsR8q59PGT7iofzhiYPrz6n5o7AGNkXgAAk=; b=g1RdNz3JOWaNZZVcml04trxZchNj78vf2YsGWRVY+2BKqoKHLgqBoVTfokxX5Yw1UktZ3N/z3B0zVA/6yWSKOBKGdXW+eQal3VZh3Y83Ruw5Yen1k0uCFHvWOVnMBdocuLG+hF2S8UpNAjBp0Www4vmLynPjU+Ds7sO2qJsDrqo=
Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1837.namprd06.prod.outlook.com (10.162.133.17) with Microsoft SMTP Server (TLS) id 15.1.485.9; Fri, 6 May 2016 12:39:34 +0000
Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0485.011; Fri, 6 May 2016 12:39:34 +0000
From: Robin Wilton <wilton@isoc.org>
To: Peter Schoo <peter.schoo@gmx.de>
Thread-Topic: [ietf-privacy] Is there an official working definition for Privacy Online?
Thread-Index: AQHQeHhWsapnax08r0qQT1wnKkxEHJ1QMoAAgAAHKPiAARAlgIAABu8AgAARUACAAMeVAIAI42WAgkv/o4CAAXXrgIAESDmAgAAFSwCAAToBAIAALZ4A
Date: Fri, 6 May 2016 12:39:34 +0000
Message-ID: <43C4F818-A1A6-492C-AE4A-069D8EE15E7A@isoc.org>
References: <552FCC84.6040305@gmail.com> <CA+9kkMCYuEGRidB1D=SGA0qxk+SuX6+HyqToYDmqQVmpBskWrw@mail.gmail.com> <5530329E.4060608@dcrocker.net> <01F784DA-5FD5-4D1F-8613-C2E668EDA765@isoc.org> <55311CE9.9040003@dcrocker.net> <DB3PR07MB138A042321BB99DF9AB94A4BCE30@DB3PR07MB138.eurprd07.prod.outlook.com> <55313140.9040400@dcrocker.net> <015a01d0798d$509954c0$f1cbfe40$@huitema.net> <CABtrr-X6CgN3J0dA1YBED0j6K7D5Mt2NAbUwGF5E67BoFX9JUQ@mail.gmail.com> <57268D25.3070708@dcrocker.net> <029801d1a4b9$c3b57850$4b2068f0$@huitema.net> <4826F2DD-7A3C-46ED-AB68-A1B1B1E5F30B@cooperw.in> <572B62D4.7090706@cs.tcd.ie> <572C6A3C.2080003@gmx.de>
In-Reply-To: <572C6A3C.2080003@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: gmx.de; dkim=none (message not signed) header.d=none;gmx.de; dmarc=none action=none header.from=isoc.org;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [213.180.180.202]
x-ms-office365-filtering-correlation-id: 842f4f17-1756-4a9f-1d1b-08d375ab7ab3
x-microsoft-exchange-diagnostics: 1; SN1PR06MB1837; 5:4VV2Kf7wgMBMn+CLQjBpVaVcA3OkQBFLFKt6B9gaPN8LT3qODNBaun4wtz9AZWRwXztuQFIAYQCntA6WTEWSk0ssJJ1r9Hcf4rfljkKEYv/hi8Ku3oMDw3UvQzfRKrfZnAu+2NbV5dYSG50b8p3zMQ==; 24:YJKXLn98mB9Y/UknJP0AeKmNjRQo8zuPyDMjz/N5tUkpGZvcUAzVkF4oX4iLo8S8y93PpzuLqElq9DXjHkvkFoz5UKshn1bgGhIZzoZbXpc=; 7:fdywSw+pdPM7a2ygGzIybeTncr8yslLQIVCZF2/HOJaKX1XdhD8A0Mk/iaFbmb+gh0kHl157if3MtdPs+XbdhvGqnZw7uGeAg3OqnuZ9lTfuMLKIddRWwCKKByGrLs4EpQ2xZiFj2JStVypRnPSzw9lh7h8eLGfL+QxrmkxutOiGnMTi9X5lUG6NWk2Y76wO
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR06MB1837;
x-microsoft-antispam-prvs: <SN1PR06MB1837D6744844DFFE07102E76BF7D0@SN1PR06MB1837.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(209352067349851);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415293)(102615271)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:SN1PR06MB1837; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1837;
x-forefront-prvs: 09347618C4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(24454002)(51444003)(4326007)(77096005)(15975445007)(3280700002)(99286002)(33656002)(92566002)(87936001)(3660700001)(5002640100001)(66066001)(19580395003)(19580405001)(3846002)(102836003)(11100500001)(586003)(1220700001)(6116002)(5008740100001)(82746002)(8936002)(122556002)(2900100001)(5004730100002)(36756003)(189998001)(106116001)(2950100001)(83716003)(54356999)(93886004)(10400500002)(99936001)(76176999)(50986999)(110136002)(2906002)(86362001)(81166005)(7059030)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1837; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; boundary="Apple-Mail=_C512020C-86CA-4CF8-B53C-277130F5AE58"; protocol="application/pgp-signature"; micalg=pgp-sha512
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 May 2016 12:39:34.5600 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1837
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-privacy/iOoAJGjl5OevWhL4HhZQNiuReHk>
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>, Josh Howlett <Josh.Howlett@jisc.ac.uk>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2016 12:39:40 -0000

Thanks Peter,
very useful.

I think the underlying “meta”-issue here is emerging…

If we assume that you can start with a “high-level” definition that needs to be applied and interpreted by “lower-level” descriptions and guidance, and that it is theoretically possible to acheve the desired level of precision at those lower levels, then the question then is: can the high-level definition have a degree of vagueness but still be of value?

If we can accept (at least as a working assumption) that some level of vagueness in the high-level definition can be consistent with acceptable levels of precision in the descriptive/interpretive text “further down”, then I think that will save us having to agonise over whether the “two-liner” is precise enough… it might be that it can be vague, provided it is inclusive.

In other words: you can have a (non-technical) principle, stated in non-technical and possibly vague terms, whose application can be described in precise technical terms.

Does this line of reasoning make sense, as a framework for going forward? It seems to me to allow people to contribute at various layers,  without making their contribution conditional on perfection at some layer other than the one they’re interested in.


R


> On 6 May 2016, at 10:56, Peter Schoo <peter.schoo@gmx.de> wrote:
> 
> Am 05.05.16 um 17:12 schrieb Stephen Farrell:
>> 
>> 
>> On 05/05/16 15:53, Alissa Cooper wrote:
>>> +1. If people want to consider privacy as a heading under which we
>>> group a bunch of different kinds of attacks, that works perfectly
>>> well I think.
>> 
>> In the case of privacy, not all the bad things are correctly
>> described as attacks IMO. E.g. leaving sensitive data in a
>> log file for too long is not in itself an attack, but can be
>> risky. Only emitting packets when a user is present similarly.
> 
> Descriptions of privacy (and security taken as example for how to make a
> privacy definition) are discussed on different levels. Robin's two-liner
> needs to be applied and interpreted. Effect is that it raises
> understanding, but takes time and effort to seriously discuss it, which
> is good to do.
> 
> On the other hand, it helped to establish, as Christian wrote,
> categories for security attacks -- denial of service, information
> disclosure, spoofing, elevation of privilege, etc. Agreed attacks
> categories form common ground and makes it more useful in standards.
> Something similar would be useful for privacy too, as the set of
> potential threat is blurred or the understanding of threats and impacts
> changes with deeper discussions, more thorough investigations.
> 
> Why are these differences? Sure, the nature of security and privacy are
> somewhat different.
> 
>> I'm not even sure the risk analysis method we use for security
>> is the best way to try address privacy in IETF work.
> 
> and that's why many apply privacy impact assessments, which have a
> different focus when you analyse a system/service/whatsoever, e.g.
> concerning time. I argue that security threats typically do not last as
> long as privacy threats, they are bound to communication sessions or
> periods of subscription - more overseeable. Clever data fusion can
> create threats the day after tomorrow.
> 
> Security discussions sometimes comes with properties or services that
> shall be provided, e.g. authentication, authorisation, confidentiality,
> integrity, availability, or CIA etc. This part of a taxonomy is not
> present in the privacy discussion. Like we detail security in
> (permutations of) CIA, I miss detailing privacy here. Today privacy
> papers often apply Anonymity, Unlinkability, Undetectability, Plausible
> deniability and Confidentiality.
> 
> All of the security definition approaches are helpful, two liners,
> attacks and properties. Concerning privacy we are still learning about
> threats and how to categorize them, to make these categories useful for
> standards. Though it might be different with finding a suitable
> taxonomy, i.e. relevant to IETF, that help detailing privacy aspects.
> 
> BR
> 	Peter
> 
> --
> Peter Schoo, peter.schoo@gmx.de
> 
> _______________________________________________
> ietf-privacy mailing list
> ietf-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-privacy