W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: PING - please volunteer - Ambient Light Events

From: Robin Wilton <wilton@isoc.org>
Date: Tue, 18 Dec 2012 13:21:42 +0000
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <CBAE3FE1-9CB4-4B4E-9804-6D3899A4C1C2@isoc.org>
To: Christine Runnegar <runnegar@isoc.org>, Whalen Tara <Tara.Whalen@priv.gc.ca>
I have the following comments on Section 4 - Security and privacy considerations:

1 - I fully appreciate the point, made elsewhere about security & privacy considerations for specifications in general, that if a spec raises no security & privacy concerns beyond the "normal, generic" ones, there's little benefit in re-stating them in every spec.

2 -  That said, I think it's just worth noting the following and then, probably, moving on:

In itself, an Ambient Light event handling spec raises no specific privacy/security concerns, but in combination with other kinds of data, ambient light data could conceivably have privacy/security implications; 
The kind of device that contains photosensors/similar detectors and is capable of implementing such a spec can also reasonably be expected to have capabilities for network communication and geo-location, and possibly also image/sound capture. etc.;
Therefore, although ambient light data in itself is not a privacy/security concern, it's reasonable to assume that it will be present in conjunction with networking and geo-location capabilities, and that a device could be remotely instructed to report other data (such as location, images, sound, etc.) in response to an ambient light event;
This raises the normal set of concerns about whether such behaviour is evident to the user, whether user consent and control are a factor, auditability and transparency of the use of such data, and so on.

I know these are more to do with the application that *uses* the ambient light capability than the ambient light capability itself, so as I say, this is mainly me throwing in my privacy 2c-worth. Having done so for this spec, I'll try and restrain myself for other specs ;^)

All the best,

Robin

Robin Wilton
Technical Outreach Director - Identity and Privacy
Internet Society

email: wilton@isoc.org
Phone: +44 705 005 2931
Twitter: @futureidentity




On 18 Dec 2012, at 07:46, Christine Runnegar wrote:

> Dear all.
> 
> We are looking for 3 (or more) reviewers.
> 
> The draft is available at  http://www.w3.org/TR/2012/WD-ambient-light-20121213/
> 
> Deadline for completion of the review is 17 January 2012.
> 
> P.S. The specification is short (only about 2 pages).
> 
> Please volunteer!
> 
> Christine and Tara
Received on Tuesday, 18 December 2012 13:23:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 18 December 2012 13:23:18 GMT