At 4:56 PM -0500 11/26/01, John Wells wrote:
><snip>
>I believe you are right to question this group's role in determining
>privacy implications. Taking a privacy stance should be outside this
>group's scope. Some public comments on the P3P web site explain why P3P
>is policy-neutral, not the least of which is different laws on privacy in
>different countries. We too should take a policy-neutral stance, but at
>the same time support existing privacy infrastructures such as P3P.
><snip>
John,
I am unclear on whether you are (a) characterizing what you think the
geopriv charter says, or (b) asserting that the charter should be
narrowed along the lines you describe. I read the charter to say
that the geopriv WG _should_ "take a privacy stance":
"The primary task of this working group will be to assess the ...
authorization, integrity and privacy requirements that must be met in
order to transfer such
information, or authorize the release or representation of such
information through an agent."
[[http://www.ietf.org/html.charters/geopriv-charter.html]]
I'm not sure your analogy to P3P answers the question of the
appropriate scope. P3P focuses on facilitating an exchange of
information about privacy preferences, rules, and policies (as well
as, ultimately, actions based on that info exchange). But
critically, this exchange is in the context of the Web, where
barriers to entry are low and a diversity of privacy approaches can
co-exist and compete against one another. A user can, at least in
theory, choose among different levels of privacy protection.
In many geopriv contexts, however, there may be little if any
opportunity for competition among a variety of privacy approaches. A
wireless user may have to, in the first instance, rely on a single
wireless carrier to protect the user's privacy. If all geopriv does
is create a geo-focused privacy language or info exchange, then it is
possible that users will end up with few or no privacy-protecting
choices. This result (at least in my personal view) would not only
be bad for peoples' privacy, but it would likely harm the broad
acceptance of location services.
All of this is to say that I think that the charter does call for the
geopriv WG to set minimum or at least default privacy levels, and
that such a mandate is in this context appropriate. But I certainly
agree that this is a question that should be resolved sooner rather
than later.
John Morris
----------------------------------------
John B. Morris, Jr.
Director, Internet Standards, Technology
& Policy Project
Center for Democracy and Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
(202) 637-9800
(202) 637-0968 fax
jmorris@cdt.org
http://www.cdt.org
----------------------------------------
Received on Tue Nov 27 17:10:14 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST