[ietf-privacy] Nits about draft-ietf-geopriv-held-measurements-06.txt
SM <sm@resistor.net> Thu, 11 April 2013 06:28 UTC
Return-Path: <sm@resistor.net>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5442B21F8E62; Wed, 10 Apr 2013 23:28:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.566
X-Spam-Level:
X-Spam-Status: No, score=-102.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60X-b4ssYvQm; Wed, 10 Apr 2013 23:28:29 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 82D8A21F8E5F; Wed, 10 Apr 2013 23:28:29 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r3B6SGYS006447; Wed, 10 Apr 2013 23:28:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1365661703; bh=VC6NV5TDcplh/e/lXepMpAVRjGGn0eiC/eUT5eaQ4+c=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=aMZ8WDeHtR9RemesJePFM0okak3Y77iqZz/1Y7e0etO7k+75hbSmg0p7Jt7Ts//zk 4G52V0Sd6JUTZOsRrg/BerIZbBvcNkY4Z6W5aR/15+b+d9DC5I93Z6usn974M48vLJ qR2TCIxMpvcDe0BNS/Qgq9fMHM/4kVXzyw3MP5LY=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1365661703; i=@resistor.net; bh=VC6NV5TDcplh/e/lXepMpAVRjGGn0eiC/eUT5eaQ4+c=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=FUij68sXrrZbuMwQcLS/sOczy12WdlgpjbkZI5o6HQuq72N/WD58LTjF0hrKgce9D GAp4cpMcYu9NN/YGOS/wknPM1zPuj9UQXh+AuuPnQOV3WPProzN8YG8naAPjQO10Dm RiYeXkEK/lQ6VHgf1OPps1I2OeSKJ8Ik7azaviHk=
Message-Id: <6.2.5.6.2.20130410180933.0ce24cb8@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 10 Apr 2013 23:02:01 -0700
To: Martin Thomson <martin.thomson@gmail.com>
From: SM <sm@resistor.net>
In-Reply-To: <CABkgnnWNPMgsNACjOYdxcn3VW20LFOOS5XeFO9Nifxv2hJTwUg@mail.g mail.com>
References: <5151B0B5.2090407@cisco.com> <CABkgnnWNPMgsNACjOYdxcn3VW20LFOOS5XeFO9Nifxv2hJTwUg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: ietf-privacy@ietf.org, geopriv@ietf.org, Eliot Lear <lear@cisco.com>
Subject: [ietf-privacy] Nits about draft-ietf-geopriv-held-measurements-06.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2013 06:28:30 -0000
Hi Martin, [I added a Cc to Eliot in case he is interested] At 17:00 10-04-2013, Martin Thomson wrote: >Hmm, I'd be interested to hear about what you consider to be >problematic with the privacy considerations. We put a lot of thought >into those. Obviously, this is potentially highly sensitive, but I >thought we'd hit the important considerations. As a FYI, the is an article about the privacy bounds of human mobility at http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html Here are some nits (feel free to ignore). Section 6 mentions that: "In order to protect the privacy of the subject of location-related measurement data, this implies that measurement data is protected with the same degree of protection as location information." Section 6.2 mentions that: "By adding measurement data to a request for location information, the Device implicitly grants permission for the LIS to generate the requested location information using the measurement data. Permission to use this data for any other purpose is not implied." and "A LIS MUST discard location-related measurement data after servicing a request, unless the Device grants permission to use that information for other purposes." How can a device implicitly grant permission? It is up to the user to grant permission. The specification also sends information, e.g. for wifi, which might not readily available to the cellular operator. The privacy model followed can be described as the unknowingly informant model. Regards, -sm