Re: [ietf-privacy] [Geopriv] Nits about draft-ietf-geopriv-held-measurements-06.txt
Alissa Cooper <acooper@cdt.org> Thu, 11 April 2013 22:22 UTC
Return-Path: <acooper@cdt.org>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38BB221F86BA; Thu, 11 Apr 2013 15:22:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.913
X-Spam-Level:
X-Spam-Status: No, score=-102.913 tagged_above=-999 required=5 tests=[AWL=-0.314, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qjLD79E1HOSJ; Thu, 11 Apr 2013 15:22:51 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 64E2B21F8610; Thu, 11 Apr 2013 15:22:51 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Thu, 11 Apr 2013 18:22:48 -0400
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Alissa Cooper <acooper@cdt.org>
In-Reply-To: <CABkgnnWe8u5Tq0L0JR-TH5xhO5i0=_=6qDNp+BohFJ_mO29Oqw@mail.gmail.com>
Date: Fri, 12 Apr 2013 00:22:47 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <3BF9C42F-CCB0-4DE4-856E-A95D0C3E5211@cdt.org>
References: <5151B0B5.2090407@cisco.com> <CABkgnnWNPMgsNACjOYdxcn3VW20LFOOS5XeFO9Nifxv2hJTwUg@mail.gmail.com> <6.2.5.6.2.20130410180933.0ce24cb8@resistor.net> <CABkgnnWe8u5Tq0L0JR-TH5xhO5i0=_=6qDNp+BohFJ_mO29Oqw@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.1499)
Cc: ietf-privacy@ietf.org, GEOPRIV WG <geopriv@ietf.org>, Eliot Lear <lear@cisco.com>
Subject: Re: [ietf-privacy] [Geopriv] Nits about draft-ietf-geopriv-held-measurements-06.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2013 22:22:52 -0000
On Apr 11, 2013, at 6:55 PM, Martin Thomson <martin.thomson@gmail.com> wrote: >> Here are some nits (feel free to ignore). Section 6 mentions that: >> >> "In order to protect the privacy of the subject of location-related >> measurement data, this implies that measurement data is protected >> with the same degree of protection as location information." >> >> Section 6.2 mentions that: >> >> "By adding measurement data to a request for location information, the >> Device implicitly grants permission for the LIS to generate the >> requested location information using the measurement data. >> Permission to use this data for any other purpose is not implied." >> >> and >> >> "A LIS MUST discard location-related measurement data after servicing >> a request, unless the Device grants permission to use that information >> for other purposes." >> >> How can a device implicitly grant permission? It is up to the user to grant >> permission. > > Ah yes, I'm not sure whether this was made explicit in this draft > (probably not), but we take the view that the Device is a proxy for a > user (Target in geopriv-parlance). In terms of protocols and location > determination that's the only reasonable assumption to make. That's a > really important point though, not something we should be taking on > faith. I'll make sure to add a note. > You could reference the role definitions in RFC 6280 (section 2) for this. Alissa >> The specification also sends information, e.g. for wifi, which might not >> readily available to the cellular operator. The privacy model followed can >> be described as the unknowingly informant model. > > I don't know where you are going with the "unknowingly informant > model", but it's true that in some cases, measurements that are > provided to a LIS might not be useful. If your LIS is operated by a > cellular operator, then maybe (though it's only a maybe) the cellular > operator wont be able to use the information to improve a location > estimate. Similarly, they might not know how to deal with GLONASS > pseudoranges. > > Implementations have choices on the spectrum between: provide nothing > and see if the LIS asks for more information; and provide everything > and don't worry about the extra stuff. The latter choice actually has > some implications with respect to performance and time, so most likely > it will go somewhere in between the two. > _______________________________________________ > Geopriv mailing list > Geopriv@ietf.org > https://www.ietf.org/mailman/listinfo/geopriv >