Re: Additional security and privacy considerations? from Rigo Wenning on 2009-05-13 (public-geolocation@w3.org from May 2009)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 13 May 2009 11:36:21 +0200
To: Doug Turner <doug.turner@gmail.com>
Cc: Thomas Roessler <tlr@w3.org>, public-geolocation@w3.org
Message-Id: <200905131136.25614.rigo@w3.org>

Hi all, 

On Tuesday 12 May 2009, Thomas Roessler wrote:
> > Again all of this, i believe is out of scope.
>
> Nothing you said there implies that the requirements I was
> proposing   are unimplementable, so let's try to get back to the
> part that's in scope.  These  requirements are:
>
> 1. Have an signal of sorts when location information is passed to a
>   Web application.
>
> 2. Use that indicator as a hook for some UI that enables revocation
> of   authorization.
>
> Again, I don't know what that indicator ought to look or sound or
> feel   like, and I'm not suggesting to describe the details of that
> kind of UI in the spec.

Just to confirm and reinforce: Thomas and I are not saying that a 
certain UI must be shown (the EU Commission & Parliament will care to 
enforce it on those they can reach), but W3C under scrutiny must 
provide the necessary hooks in the API to enable such a UI. Whether 
Mozilla or others then chose not to make a UI for it is a different 
discussion. 

Location is extremely sensitive data (think of crime, embarrassment 
etc). Imagine for a second your preferred VIP being caught with a 
partner other than the spouse thanks to this location information. 
Imagine, this happens because the device was tracking location 
invisibly. I would not want to get that heat from that story.

From the location of the directors of Union Bank of Switzerland and 
the Swiss Bank Corporation and existing rumors it became clear that 
both were accomplishing a merger to build UBS, one of the world's 
biggest banks. Predicting such event because of location information 
would have been worth a lot of money. They were tracked in 1998 by 
their cellphones, but the information did not leak.

If location tracking would have been shown, people would rather blame 
a stupid VIP than a stupid technology. We believe in creativity of 
engineers and UI designers. They will need a hook where to connect to. 
At least we have to provide that hook and perhaps include some more 
insight from our discussion for guidance. Paternalism is surely not 
the intend here, but it is clear that you have to look beyond just 
your immediate technical issues and evaluate the consequences of the 
technology step you're about to create.

Best, 
Rigo Wenning
W3C Legal counsel & Privacy Activity Lead

Received on Wednesday, 13 May 2009 09:37:01 UTC