Re: Privacy Terminology
Phillip Hallam-Baker <hallam@gmail.com> Fri, 09 July 2010 14:21 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21AC03A67E7 for <ietf@core3.amsl.com>; Fri, 9 Jul 2010 07:21:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.092
X-Spam-Level: **
X-Spam-Status: No, score=2.092 tagged_above=-999 required=5 tests=[AWL=2.091, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WFoUV5Nfxnp8 for <ietf@core3.amsl.com>; Fri, 9 Jul 2010 07:21:46 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id D08933A6839 for <ietf@ietf.org>; Fri, 9 Jul 2010 07:21:46 -0700 (PDT)
Received: by iwn38 with SMTP id 38so2326449iwn.31 for <ietf@ietf.org>; Fri, 09 Jul 2010 07:21:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Y+pnwoZVTeodVGIpCXYiGeXYuVMrikBeClEdLbVO2Pg=; b=uDod8R+xD91ownBaHZpgjH2JG1PYYqeDTkDORFTHSLxhcWicqjdHLEgBNgqrCE+5d+ LFn1GWmqQ9k06kfw5liF+bP270apu8yIL0DbeMRP+JqRzh3ZvVP2xgTDPI6IU/LZuvk7 yzzX8eK6Uz0PbO1rEhlowcTuBiSYBxJG+ho2E=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=rvbhFUbbauf3EC3tMeIB6KSyRWzIyN7mleiyBcOqBgTrXVaZjZYJ5R4Zlw0QcyINoh m+eSTkPIvaeqON+6CktJfxbHtGWq8SieJ/wJ6iGlz1jrVi6TaV2f+BGdA9W/okjOg7yW 3ok4w5WsqLjnvRvlPdl04cpCkhW/qo786QW/0=
MIME-Version: 1.0
Received: by 10.231.154.207 with SMTP id p15mr10110840ibw.5.1278685310255; Fri, 09 Jul 2010 07:21:50 -0700 (PDT)
Received: by 10.231.14.73 with HTTP; Fri, 9 Jul 2010 07:21:50 -0700 (PDT)
In-Reply-To: <20100709120336.123910@gmx.net>
References: <20100709120336.123910@gmx.net>
Date: Fri, 09 Jul 2010 10:21:50 -0400
Message-ID: <AANLkTiktNSnxqZxwmUsCdeQTHCdPucHtpYtddfv_CMIi@mail.gmail.com>
Subject: Re: Privacy Terminology
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Fri, 09 Jul 2010 08:06:22 -0700
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jul 2010 14:21:48 -0000
A lot of people have difficulty connecting the human level privacy requirement with the technology level. While the linkable/unlikable identifiers technology is important, there is more to privacy than merely concealing identities. For example, consider the firestorm that followed Marty Rimm's infamous CMU CyberPorn study. The study concealed the identity of the participants, but there was still a major privacy problem as the participants had expected that the network operator would not reveal details of their lawful activities to Time Magazine. At the information level, privacy creates restrictions that apply to the redistribution of data. In Alice and Bob land we generally consider a binary choice, either Alice will give the information to Bob or she won't. We do not usually consider the question of what Bob might do afterwards because those problems are not solved easily using cryptography. In the privacy case we are considering the explicit agreements and implicit assumptions that Alice has concerning redistribution of the data to Carol, Doug and through to Zachary. And we are not just talking about the information that is passed explicitly, we are also talking about the data that Alice might infer from her interaction with Bob. And because those implicit assumptions are in part culturally determined, it is very hard to find consensus on what they should be. The community view in Cambridge MA is going to be very different from that in San Francisco CA. And those are places that are very close together (no really). The views in Huston TX or London UK are going to be very different again. And we haven't yet left the Anglosphere. When the cookies mechanism was thrown into the HTTP spec by a commercial entity after an exhaustive fifteen minutes of contemplation, the privacy implications of the HTTP protocol were changed immediately and irrevocably and without any notice to the affected users. I don't think it is acceptable for network protocol designers to throw up their hands and say 'this is hard, we will ignore it'. On Fri, Jul 9, 2010 at 8:03 AM, Hannes Tschofenig <Hannes.Tschofenig@gmx.net> wrote: > Hi all, > > I mentioned the position paper for the "W3C Workshop on Privacy for Advanced Web APIs" already in my last mail. Within the IAB we had planned a series of activities related to privacy and here is another one: Terminology > > When you look through various IETF documents you will notice that the term "privacy" is used here and there but often the meaning varies a lot. If you only look at the privacy related articles in newspapers and magazines you will notice the breadth of the topic. > > Having terminology to work with is quite crucial to avoid talking past each other. > > Here is an initial submission for privacy terminology: > https://wiki.tools.ietf.org/id/draft-hansen-privacy-terminology-00.html > > Marit and Andreas had worked on this document for about 10 years outside the IETF and it is frequently cited by those working in the privacy area. We thought it would make sense to bring this work to the IETF, to discuss it in a wider audience, and to produce a stable reference. > > Again, feedback is appreciated. > > Ciao > Hannes > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf > -- Website: http://hallambaker.com/
- Privacy Terminology Hannes Tschofenig
- Re: Privacy Terminology Phillip Hallam-Baker
- was Re: Privacy Terminology - this should not be … todd glassey