ISTF Privsec

I've re-posted below about ISTF privsec at Allison's request (I talked
to her at the end of the geopriv WG last week).

Following that there is a list of issues which we've so far identified,
but clearly not all that can be addressed. That we're looking at to
prioritise, comment on, park (or leave for the time being).

Dominic
---------

1 ISTF's Privacy and Security (privsec) Working Group is preparing a
white
paper. The working title is "Social and technical privacy issues and
best practice, the new "soft regulations".

('soft regulations' I'm told is the new buzzword (sic) meaning best
practices and self-regulation standards)

Work Group chair is Parry Aftab (parry@aftab.com) and there are
currently 10 or so (techy and non-techy) members of the WG engaged in
this work e.g. identifying technologies for tracking and tracing, and
others with privacy implications.

This white paper is in part prompted by enquiries from/work with the
U.S. Federal Trade Commission, the EU, the UK Home Office, and indicated
as an area of interest in connection with China.

Seeing the geopriv WG announcement, as a new working group in the IETF
Applications Area, my attention was drawn particularly to the following
bits I have excerpted:

> > As more and more resources become available on the Internet, some
> > applications need to acquire geographic location information about
> > certain resources or entities. These applications include navigation,
> > emergency services, management of equipment in the field, and other
> > location-based services.
> >
> > But while the formatting and transfer of such information is in some
> > sense a straightforward process, the implications of doing it,
> > especially in regards to privacy and security, are anything but.

and

> > The combination of these elements should provide a service capable of
> > transferring geographic location information in a private and secure
> > fashion (including the option of denying transfer).
> >
> > For reasons of both future interoperability and assurance of the
> > security and privacy goals, it is a goal of the working group to
> > deliver a specification that has broad applicablity and will become
> > mandatory to implement for IETF protocols that are location-aware.

It seemed to me to be an entirely practical objective to ensure that
societal and/or user needs are reflected in requirements which then form
a specification (or rather inform a spec. or statement of requirements
to which systems are then designed to fulfill).

Part of our role in ISTF is to ensure that societal implications as
well as needs are identified and inform or shape technical solutions -
for example, what is the trade-off between being 'known' and locateable
by networks and a perhaps understandable desire to be anonymous; what
are the legitimate levels of anonymity v. detection of crime (leaving
aside definitional problems of crime!); can anonymity be over-ridden in
an emergency; simplicity and ease of use v. complexity needed to ensure
that individuals do not unwittingly release indentity....... but not
build in mystifying user interfaces (or for that matter exclude the
visually challenged, etc).

Some of these are obvious, others not so. Can a solution or series of
solutions provide the various levels needed or thought desirable and
cater for the various degrees of informed and uninformed user around
without making them easily compromised or open to legitimate and
illegitimate abuse.

The privacy white paper at a high level should provide a degree of this.
Active links to and debate with and within the IETF geopriv Working
Group are highly desirable, given that one of the goals is a
specification of broad applicability that would be mandatory for
'location-aware' IETF protocols.

Seems to me therefore a useful and immediate objective to have a target
to ensure privacy and security precepts and principles are incorporated
(and reflected) in geopriv's standardised forms, formats, protocols, and
recommendations, mandatory standards.

Our white paper timetable calls for a working draft to be available by
September, and completion no later than December 2001.
------------
2 Framing the Issues

WHO is collecting * should the rules vary depending on who is collecting
the
info and/or for what purpose
Government vs. Commercial Info Gathering
Government surveillance
Employer
Service Provider (eg, doctor)
Consumer Entity

WHAT is collected * should the rules vary depending on what information
is
being collected and from whom?
initial * whose privacy? Individuals/consumers only? Or others (trade
secrets, and other corporate concerns)?
contact information
demographic information
passive data collection * cookies, tracking technologies
"sensitive" information (medical? Financial? Other)
Privacy of Medical Information
Privacy of Financial Information
Privacy of information attached to identifiers such as biometrics. for
special needs

WHERE is it collected - should the rules vary if information is
collected or
migrated to the online world?
Online vs. Offline

HOW is it collected -- Security
online transmissions
offline receipt/storage
data storage
insecure operating systems
HTTPS/SSL/TLS

Disclosure/Use * should the rules vary depending on who the info is
being
disclosed to and/or what it is being used for
third party agents
third party strangers, eg, Direct/Tele/email marketing
internal use (unrelated)
government/law enforcement
private lawsuits (eg John Doe subpoenas to ISPs)

Access * if there is a right to see information about yourself, how
extensive should it be
Cost issues
Quantity (eg, clickstream data)

Consent/Choice * should the rules vary depending on who is collecting
the
information, where it is being collected, what it is being used for,
whether/why it is being disclosed
None, implied, opt out, opt in

Notice
Audits of privacy practices
privacy statements (online, offline)

Enforcement * whatever the rules are, who enforces them?
Self-Regulation, Co-regulation, and Legislation
International jurisdiction

WHERE DO THESE GO?
> ISP monitoring
> Use of intrusion detection
> Social engineering
> Data revealed by browsers/other online apps
> Use of encrypted email (eg, PGP)
>Transparency

-- 
Dominic Pinto
-------------
Associate Director @ TCUK		| Barn Cottage, Hill House
Senior Associate Telesphere Limited	| Somerton Road, Souldern
http://www.telespherelimited.com	| Bicester, Oxon, OX25 6LS, UK	
----------------------------------------------------------------------
Ph/Fax: +44 1869 346375 Cellphone/GSM Mobile: +44 780 302 8268
----------------------------------------------------------------------
Were you a student at the University of Newcastle upon Tyne?
Register now on 'NUgrad'  - YOUR interactive on-line
database - at  http://www.ncl.ac.uk/alumni/NUgrad
----------------------------------------------------------------------
Check out the 40th European Telecommunications Conference Barcelona 
Spain August 21st - 25th 2001 '2001 European Odyssey - 
Telecommunications in the e-society' at http://www.fitce.org
----------------------------------------------------------------------
The Internet should be for Everyone - help make it so by joining the 
Internet Society ISOC - http://www.england.isoc.org
----------------------------------------------------------------------
"This e-mail, and the information it contains or is attached to it, is
private and confidential and is intended for the addressee only.  The
unauthorised use, modification, disclosure, copying or distribution of
this e-mail or any of the information it contains or is attached to it
is prohibited and may be unlawful. If you are not the intended
recipient, please notify the sender immediately."