Hi Hannes,
At 23:39 02-09-2012, Hannes Tschofenig wrote:
A few comments:
Thanks for the feedback.
* You cite RFC 3365 with regard to what privacy means. RFC 3365 has
a very limited view on that topic.
Yes.
* PII and personal data: In
http://tools.ietf.org/html/draft-iab-privacy-considerations-03 we
try to use the term "personal data" and define it as
'Any information relating to an identified
individual or an individual who can be identified, directly or
indirectly.'
We did that to avoid having refer to back to some laws where the
interpretation changes from context to context and also over time.
There is the "USDC" reference in the draft about a (legal) ruling
which is an interpretation of the law in one jurisdiction. I found
it difficult to develop an argument from there for reason you
mentioned above. Some questions which came to mind are how or
whether PII and "personal data" fit together and which term to use.
* Section 3 and 4: I guess that these two sections have the goal to
point out that these identifiers may, depending on the context,
allow individuals to be identified.
Yes.
From a protocol perspective, the question an author might have to
answer is whether usage of an identifier triggers privacy
concerns. The author might ask whether an identifier can be used. If I say:
"Any information relating to an identified individual or an individual
who can be identified, directly or indirectly."
there may be blank stares. That's not to say that the definition is
incorrect or that it can be improved.
* Section 5: The right amount of information
I believe what this section should say is that there are situations
where one would like to provided information to the recipient so
that a response can be provided and in other cases that's not
desired. For example, in today's telephone system you can hide your
phone number. Similarly, in SIP there are ways to prevent all
information to reach the recipient.
I will see how to fit in the following sentence in Section 5:
There are situations where one would like to provided information to the
recipient so that a response can be provided and in other cases that's
not desired."
I read about several identifiers, including the phone number for SIP,
when I wrote the draft. I decided to avoid SIP as I could not find a
definition similar to "where" or "to whom" which the average person
might grasp easily. I'll comment on the telephone system as an
example. Let's say that you call me and you hide your phone
number. We can still have a conversation; a response can be
provided. Now, why can't I hide my IP address when I go to a web
site? We both know the argument. That gets you to: why does the
Internet work like that?
So, the question isn't really about all or nothing but it is about
the ability for the user to decide about the context when they want
to reveal information and when they don't.
That's another way to look at it. Let me put it differently. We
don't ask for consent to reveal the IP address. That's the
all-or-nothing proposition for communication over the Internet. We
could argue about having a "trusted" middle so that the user does not
have to reveal the IP address. We end up putting into question an
architectural choice on which the Internet is based. I used the
following as the argument:
"There is an implicit assumption that the underlying protocols are
transmitting the right amount of information needed for the
protocols to work."
The "amount of information needed for the protocol to work" is
debatable. It comes down to a technical choice where we may decide
that it is necessary to transmit the IP address at a different layer
to address a performance issue. The question I might ask the user is:
Do you want to share your IP address to make your communication faster?
The usual answer would be yes. I'll reword your comment as follows:
it is about the ability for the user to decide about the context when
they want to reveal information and when they don't, in all fairness.
There are too many tangents to that. There is also the question of
whether the average person can take an informed decision.
There is no doubt that it is difficult to decide about the right
amount of information disclosure. But should this be the
justification to always reveal everything?
That's the hard question.
I agree that there is an asymmetry of power between the user and the
entity offering services (which makes the situation worse).
Instead of answering the previous question I would tackle the matter
from the asymmetry angle to equalize the two ends. It would be
described as an admirable and ludicrous goal.
There is something interesting, for me at least, in RFC
3365. Section 6 of that document is about the Danvers doctrine. The
IETF community has not taken a position on "must avoid privacy
concerns in all protocols". That makes it more difficult to tackle
the question.
Regards,
S. Moonesamy
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
