- From: John Morris <jmorris@cdt.org>
- Date: Fri, 2 Jul 2010 12:20:15 -0400
- To: Doug Turner <dougt@dougt.org>, W3C Device APIs and Policy WG <public-device-apis@w3.org>
Doug, I appreciate that you have consistently taken the position that no privacy protections should be built into any API. It is unfortunate that you cannot be in London in a week for either the workshop or the F2F, so that you could express your views on that subject. And yes, we did "talk to death" many of the issues in December 2008 at the Geolocation WG F2F. But for anyone who was not involved in that process, I think it is important to understand some key points about the Geolocation WG and that Geolocation meeting: -- the goal of the leading participants of that WG was to have the W3C standardize an API that was developed outside of the W3C before the WG was formed. The API spec brought into the W3C did not address privacy, and the proponents of that spec had no interest in changing the API to address privacy in a meaningful way. -- at the December 2008 F2F, opponents of addressing privacy repeatedly said that the W3C should not do something specific to location, and that if the W3C were to take any action to address privacy, it should do so with a broader framework. -- the December 2008 F2F was immediately followed (the next day) by a workshop which looked at device API issues more broadly, and decided to do exactly that - form a WG that would consider a broader framework. Hence DAP was born. -- in rejecting "last call" objections to the Geolocation API's failure to meaningfully address privacy, the Geolocation WG chairs stated: "The working group concluded that privacy protection does not belong in the Geolocation API itself, but is better handled as part of a more generic privacy and security framework for device access. The recently formed Device API and Policy Working Group is chartered to develop precisely such a framework (http://www.w3.org/2009/05/DeviceAPICharter).” http://lists.w3.org/Archives/Public/public‐geolocation/2009Oct/ 0009.html. I make these points simply to assert that the fact that the Geolocation WG "talked to death" the idea of taking action to protect privacy (and rejected that idea) is not evidence that such action should be rejected today. There are tough issues confronting DAP in this area, and I hope you and others can engage in the DAP discussions to articulate your perspectives on the issues. I don't think it is enough to say to the DAP group "go read what we said in Geolocation." It's not clear to me that privacy is or would be the underlying cause for browser vendors to fail to implement the DAP specs, but in any event I think that would be an unfortunate place to end up. I hope that they will engage in the DAP process. John On Jun 30, 2010, at 12:11 PM, Doug Turner wrote: >> >> http://escholarship.org/uc/item/0rp834wf >> > > I am familiar with the paper. I'd still urge you to go read the f2f > comments. Much of this UC paper is the same arguments that the > GeoPriv/CDT people made. > > >> I understand there are pragmatic concerns - yet can we do more to >> find a good balance? supporting rulesets may be a possibility - >> we'll have to talk about it at the workshop > > > From a personal pov, there isn't any balance to be found at the API > level. I do not want to build or design an API that embeds policy > information in it. From a developers pov, i have never seen such an > API nor would want to use one. > > Sorry that I will not be at the workshop (and somewhat happy since > this specific topic was talked to death at the Geolocation WG two > Decembers ago). I do urge this WG to consider the statements made > in the other WG. I worry that whatever is spec'ed out here will not > be implemented by the majority of user agents (browsers). > > I hope this helps, > > Doug Turner >
Received on Friday, 2 July 2010 16:20:47 UTC