Re: [ietf-privacy] Terminology doc

Hey Bjoern

I believe you have not seen that this terminology document comes with another document, a guidelines document: 
http://tools.ietf.org/html/draft-morris-privacy-considerations-03

At the IAB plenary this Monday we tried to explain the purpose (on a high level), see 
http://www.ietf.org/proceedings/81/slides/plenaryt-14.ppt

In a nutshell, we would like to have a more consistent way to talk about privacy in IETF documents. This requires two aspects: 
 * terminology, and 
 * additional guidance on what to write about. 

Ciao
Hannes

On Jul 28, 2011, at 4:49 PM, Bjoern Hoehrmann wrote:

> * Rhys Smith wrote:
>> Firstly, I think the introduction section of the document could do with
>> tweaking. Currently it's not really an introduction but rather a
>> statement of context. And it doesn't really state the purpose of the
>> document. So someone coming in from the privacy cold, as it were,
>> looking for assistance when writing their I-D, needs a more gentle
>> introduction, and to understand how this document can help them.
> 
> I would turn this the other way around and say that it's not very clear,
> neither from the document nor otherwise, what assistance is needed, what
> problems people have and which problems people would like to see solved.
> 
> http://lists.w3.org/Archives/Public/ietf-http-wg/2011JulSep/0234.html is
> an example from this week, HTTP caching can be abused to enable cookie-
> like tracking, but the specification does not say so. Is that a problem,
> should IETF documents always point out such possibilities for abuse? If
> so, then that is primarily a policy problem, not a terminology problem.
> 
> My impressions is that most privacy-related problems in the context of
> IETF documents are not terminology problems. What I mainly see is that
> the people who come up with new protocols and programming interfaces are
> wired or trained to consider the privacy implications of their ideas.
> 
> A while ago for instance someone proposed a web browser notification or
> status that would indicate to a web page whether the device is currently
> used by a human user (so an instant messaging application could mark the
> user as being away or present automatically for instance). The proponent
> couldn't see any privacy implications with that.
> 
> Another example is the "geo location" programming interface. A user may
> tell the browser "this time it's okay to disclose the location", and the
> user may additionally say "next time this web site asks, it's okay too".
> The first time the user encounters such a prompt, he is very likely to
> do something where disclosing the information makes sense, and the site
> being seemingly reasonable he might trust to deactivate future prompts.
> 
> It's obvious that the user would not realize in this context that he'd
> be agreeing for the site to constantly monitor his movements without him
> knowing, and sites that make reasonable use of this feature would object
> to the browser saying in the prompt "do you want to constantly monitor
> your movements" as that is not what the reasonable sites want to do, but
> that does not stop people active in the standards community from asking
> to be able to tell whether users checked the "don't ask next time" box.
> 
> Now the Working Group there as a whole realized this problem and so the
> feature is not available, but it's unpopular these days to explain such
> issues so a rationale for the absence of this feature is not given in
> the specification. Similarily, it does not discuss risks such as that a
> third party analytics or ad script could, for instance, wrap the geo lo-
> cation API, so the ad or analytics provider learns the location of the
> user every time a site that embeds their services obtains it.
> 
> There are terminology problems that I can think of, but I largely do not
> encounter them in protocol specifications and where I do, I am unsure it
> would be right for the IETF to address them in some meaningful form. For
> instance, the boundaries between "anonymous", "pseudonymous", and a form
> of "personally identifying" are often unclear, but the terms are legally
> significant and I don't see people from cultures that have very relaxed
> views regarding these terms finding consensus with people from cultures
> that have rather stringent views regarding them within the IETF.
> 
> So I am more looking for something that helps people being more aware of
> issues, understand them better, perhaps come up with good policies for
> authors of protocol specifications, but providing "definitions" of terms
> does not strike me as very useful at this point (conveying ideas behind
> terms is important, but you can do this without overly sharp bounds). If
> we develop a clearer idea of what the goals are, I think it should be
> much easier to explain "privacy" or whatever term needs explaining.
> 
>> Privacy is a concept that has been debated and argued throughout the
>> last few millennia by all manner of people, including philosophers,
>> psychologists, lawyers, and more recently, computer scientists. Its most
>> striking feature is that nobody seems able to agree upon a precise
>> definition of what it actually is. Every individual, every group, and
>> every culture have their own different views and preconceptions about
>> the concept - some mutually complimentary, some distinctly different.
>> However, it is generally (but not unanimously!) agreed that the
>> protection of privacy is "A Good Thing".
> 
> To me, "privacy" is an english word that's overused due to the lack of
> other terms that take context better into account, leading to running
> gags such as the impossibility to define it strictly. In german, we do
> not have one singular word I could use in a translation of the text a-
> bove. And the idioms that are used in german instead, are not seen as
> hard to define as far as I am aware. I think it would be wrong to have
> text in a RFC that doesn't translate well, but I am unsure how to take
> that plus the desire to use the term for english natives into account
> if you keep the scope broad like that.
> 
> It seems likely to me that an IETF document would not go into details
> concern german "Intimsphäre" (something that contains your innermost
> thoughts, feelings, health and sexlife, things people maintain tight
> control over; a higher level concept would be "Privatsphäre", an area
> in life where people develop undisturbed by external influence), but
> rather "Datenschutz" (safeguarding, insulation, protection of data).
> 
> You would find for instance that on Wikipedia en:Privacy links to the
> de:Privatsphäre article, but on web sites, where you would expect some
> link to a Privacy Policy, you'll typically find a "Datenschutz" link,
> but then the "privacy settings" would be "Privatsphäre-Einstellungen"
> (which is largely a localization problem, much like "social networks"
> typically translate "sharing" as "teilen" which means "dividing" as
> much as "sharing", a divisor is a Teiler, for instance).
> 
> Point being, by narrowing what aspect of "privacy" might be relevant
> to IETF processes, we can offer a much better, coarser, definition,
> that readers can better relate to than saying that philosophers have
> a hard time grasping the concept but it's a good thing.
> -- 
> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
> _______________________________________________
> ietf-privacy mailing list
> ietf-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-privacy

Re: [ietf-privacy] Terminology doc - privacy definition and intro