On Tue, 24 Jul 2001, Shahid Shoaib wrote:
> UMTS has quite decent support for user privacy. Please see the latest
> release of 3GPP TS 23.271 for more details.
I found http://webapp.etsi.org/action\PU/20010424/ts_123171v030300p.pdf
ETSI TS 123 171 V3.3.0 (2001-03)
8.11.3 UE Privacy Options
Call related Class positioning allowed without notifying the UE user (default case)
Non-Call related Class Location request allowed from any GMLC (default case)
Interesting defaults...
> > Following is my example of the People Tracking Application provided and
> > operated by an ASP. By subscribing to this service, people can locate
> others
> > whom they have the authorization to locate.
> > There are User A, B, C, D, etc. Each of them has a user profile in ASP
> side.
I was wondering if you had any ideas for how the authorization might be
accomplished to the ASP, and whether this might allow for anonymous
authentication, as of an online "buddy" of whom the real name is not
known.
There is also the issue of how much the user trusts the ASP.
I am perhaps atypical. In my imaginary example, I am my own ASP and take
responsibility for privacy, security etc. My server has a lot of private
information - mail, financial records, medical records, surfing history,
digital certificates - so I will probably be careful to whom I grant
access. Adding some location information to this mix isn't a significant
escalation in privacy risk. I'd probably require direct identity assertion
for authentication (e.g. I give family members a key) and rely on
the operating system (and, I guess, lack of computer skills) to preserve
privacy between family members. As administrator, that gives me
maybe too much power (unless everyone encrypts everything), but I just
have to resist temptation, much as as a security manager in the workplace
I have to respect privacy and not read everyone's mail and track their
surfing habits.
Some arbitrary ASP I may not trust with much information; I may trust
Yahoo with my real name and email, but not my address, phone number etc.
Other ASPs (AOL, ICQ) one may trust with a city and sexual preference, but
not a name or email.
I am unlikely to trust one ASP (Hailstorm, whatever) with everything. The
privacy risk seems too great to have a single huge repository of sensitive
information which might be hacked or compromised by insiders.
Thinking about this some more, I'm not so sure I like the Pull model at
all. As a parent of a minor child (well, under about 13) I might figure I
have a right (or obligation) to know where they are at all times, but
I can't think of many other exaples, apart from say a fleet operator that
wants to track its vehicles (not its employees) or a state that wants to
track convicted felons under house arrest. I probably don't want family
members to know that I'm in an abortion clinic, detox centre, jewellers
buying someone a gift etc. etc. and keeping track of when I want to be
found and when I don't and who I trust with what accuracy would be a
nightmare.
The business case for pull is, as I understand, to deliver targetted
advertising. Again, I'm not so happy with this. If I only allow anonymous
pull (I agree to accept material from all businesses within 150 metres,
but they can't know who I am) I will be deluged with unwanted messages.
But if I allow them to know who I am in order to deliver personalized
content, they will know my location which I consider unacceptable, unless
my location is brokered one-way through an ASP that I trust, so that the
businesses have some kind of ID (perhaps a free email address) to hang my
"personality" on and the trusted ASP is able to translate this ID (one of
many, perhaps) into a mobile address in order to deliver the content.
I'm trying to avoid making it too easy for someone to know absolutely
everything about me - shoe size, favourite food, education, credit rating,
name, phone number, address, sexual preference, account balance, hair
colour, location etc. etc. - just by monitoring a single ASP (or small
number of them).
Hmm, maybe there's a case for some kind of entertainment channel with
slots for localised advertising - sort of a micro network TV. I'd get
impersonal messages from nearby businesses, but inserted into a stream
that I'd want to receive anyway, such as news or music programming, and
the messages wouldn't be mixed up with personal calls or mail and could be
just switched off without fear of missing anything important. Thinking out
loud here...
-- Andrew Daviel Vancouver Webpages.Received on Fri Jul 27 15:02:02 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST