I am one of those in the "few others" that totally agree with Jon, Ian, and Aaron.

On Oct 29, 2008, at 9:52 AM, Jon Ferraiolo wrote:

I agree with Ian and Aaron (and probably a few others) that implementation of security and privacy protection should be left to the "user agent", which in practice usually will consist of the browser team, the device manufacturer and the operator working together. All three of these organizations have strong motivation to implement strong security and privacy protection (for both legal and commercial reasons). Browser today already include many features to address security and privacy concerns. The user agent teams will be sensitive to their needs to add location support in a manner that doesn't cause trouble to users or themselves.

In terms of meeting the charter requirement "to define a SECURE AND PRIVACY-SENSITIVE INTERFACE", my view is that it would be sufficient to include fuzzy language in the specification that says that the user agent MUST or SHOULD include a security manager component that provides appropriate security and privacy protection to the end user.

Jon


<graycol.gif>"Aaron Boodman" <aa@google.com>


<ecblank.gif>
To
<ecblank.gif>
"John Morris" <jmorris@cdt.org>
<ecblank.gif>
cc
<ecblank.gif>
"Doug Turner" <doug.turner@gmail.com>, "Thomson, Martin" <Martin.Thomson@andrew.com>, Jon Ferraiolo/Menlo Park/IBM@IBMUS, "Andrei Popescu" <andreip@google.com>, public-geolocation <public-geolocation@w3.org>
<ecblank.gif>
Subject
<ecblank.gif>
Re: wording for the privacy section
<ecblank.gif><ecblank.gif>

On Tue, Oct 28, 2008 at 5:52 PM, John Morris <jmorris@cdt.org> wrote:
> According to the charter, the objective of this WG is "to define a SECURE
> AND PRIVACY-SENSITIVE INTERFACE for using client-side location information
> in location-aware Web applications."  To simply assert in a spec that any
> implementation MUST take privacy into account while being silent on HOW to
> do so accomplishes nothing, and will do absolutely nothing to change the
> norm - which is to wholly ignore privacy.  It is crystal clear from both the
> charter and the list discussion that that the spec being proposed will be
> used in broad diversity of use cases (not just manual user input of
> location), and simply waiving a privacy wand over the whole effort does not
> constitute a "secure and privacy-sensitive interface."  It constitutes
> business-as-usual by leaving privacy for someone else to worry about (and
> ultimately for the end user to lose out on).

This spec is intended to be implemented primarily by web browsers. I
don't see what reason there is to believe that web browser developers
would ignore privacy. In fact, as far as I'm aware, all current
implementations require user permission before divulging location to
applications. This makes sense since any browser which abused users'
privacy would quickly lose them.

- a