- From: Andrei Popescu <andreip@google.com>
- Date: Fri, 2 Jul 2010 18:05:31 +0100
- To: John Morris <jmorris@cdt.org>
- Cc: Doug Turner <dougt@dougt.org>, W3C Device APIs and Policy WG <public-device-apis@w3.org>
Hi John, On Fri, Jul 2, 2010 at 5:20 PM, John Morris <jmorris@cdt.org> wrote: > Doug, > > I appreciate that you have consistently taken the position that no privacy > protections should be built into any API. It is unfortunate that you cannot > be in London in a week for either the workshop or the F2F, so that you could > express your views on that subject. And yes, we did "talk to death" many of > the issues in December 2008 at the Geolocation WG F2F. > > But for anyone who was not involved in that process, I think it is important > to understand some key points about the Geolocation WG and that Geolocation > meeting: > > -- the goal of the leading participants of that WG was to have the W3C > standardize an API that was developed outside of the W3C before the WG was > formed. The API spec brought into the W3C did not address privacy, and the > proponents of that spec had no interest in changing the API to address > privacy in a meaningful way. > -- at the December 2008 F2F, opponents of addressing privacy repeatedly said > that the W3C should not do something specific to location, and that if the > W3C were to take any action to address privacy, it should do so with a > broader framework. > -- the December 2008 F2F was immediately followed (the next day) by a > workshop which looked at device API issues more broadly, and decided to do > exactly that - form a WG that would consider a broader framework. Hence DAP > was born. > -- in rejecting "last call" objections to the Geolocation API's failure to > meaningfully address privacy, the Geolocation WG chairs stated: > > "The working group concluded that privacy protection does not belong in the > Geolocation API itself, but is better handled as part of a more generic > privacy > and security framework for device access. The recently formed Device API > and Policy Working Group is chartered to develop precisely such a > framework (http://www.w3.org/2009/05/DeviceAPICharter).” > > http://lists.w3.org/Archives/Public/public‐geolocation/2009Oct/0009.html. > > I make these points simply to assert that the fact that the Geolocation WG > "talked to death" the idea of taking action to protect privacy (and rejected > that idea) is not evidence that such action should be rejected today. But the Geolocation WG did not reject the idea of taking action to protect privacy. I think it is regrettable to make such a statement. We simply rejected the idea of adding privacy attributes to the API and presented convincing reasons why we thought it was not protecting any privacy. Meanwhile, as far as I know, no new evidence was brought to this debate so the reasons we had to reject the idea back then are still valid today. Thanks, Andrei
Received on Friday, 2 July 2010 17:06:02 UTC