Re: IETF RAI and APP concerns about location privacy

Rigo,

Let me push back gently on the P3P/Geopriv interaction back in 2002.   
I write this with the dual hats of (a) being with CDT, which as you  
know was a significant contributor to the development and promotion of  
P3P, and (b) being one of the early significant contributors to the  
Geopriv effort.  I also (as you know) am one of the people within the  
Geolocation WG pushing it to use the Geopriv approach.

I don't think it is fair to say that P3P was "not heard" within the  
Geopriv process.  At the June 2002 Geopriv F2F in San Diego, I led a  
lengthy discussion on how P3P might factor into what Geopriv was  
trying to accomplish.  Looking back at the minutes of that meeting, I  
think there were two key factors about P3P that led Geopriv to think  
that P3P did not fit the bill:

First, P3P lacks privacy defaults, such that information is protected  
UNLESS there is an affirmative decision by the user or rulemaker to  
release the information.  That of course is a crucial element of  
Geopriv.

Second, P3P is most effective in providing NOTICE of rules, and as  
implemented in 99.9% of the cases (if not more), it is the website/ 
company/service that sets the rules, and there is no effective way for  
the user to set or negotiate rules.  A second crucial element of  
Geopriv is that it tries to put the USER in the driver's seat by  
allowing the user to set the rules in the first place.

So, my recollection is that we in Geopriv thought hard about P3P and  
decided that it did not accomplish what we wanted to accomplish.

But, looking beyond what happened in 2002 in Geopriv, and even what  
happened in 2008 in the Geolocation WG, I think the real question to  
consider is how best to protect users' privacy in their location  
information.  The IETF developed an approach that tries to change the  
historical dynamic on the web and put the user in control by allowing  
the user to set rules.  The W3C is developing an approach that (like  
P3P) does not set any starting defaults and does not allow the user to  
convey rules to recipients of their location information.  I continue  
to be believe that the IETF approach is a much better one, and the W3C  
approach will seriously damage both the viability of the IETF approach  
and the cause of privacy protection more broadly.

John Morris

On Apr 23, 2009, at 3:38 AM, Rigo Wenning wrote:

> Hi Larry,
>
> also speaking for myself with the experience as staff contact of the
> P3P working group:
>
> On Thursday 23 April 2009, Larry Masinter wrote:
>> (speaking for myself):
>>
>> Site-level privacy policies ( as proposed in the W3C
>> GeoLocation group) leave users with the choice of
>> not trusting a site for anything (and thus not being
>> able to take advantage of needed services) or trusting
>> a site for everything.
>
> As you know, W3C/ERCIM is part of the Primelife Identity Management
> research project[1] to bring privacy to Identity Management. Thomas
> Roessler and I have some suggestions in the pipeline and we'll see how
> far we would get with them. If Geolocation can carry a URI, the issue
> of domain-specific privacy settings might be remedied. But it will
> depend on the Geolocation group whether they accept this or not.
>>
>> Perhaps this is in the interest of dominant search-engine
>> providers and their mobile handset partners, because
>> most users will give up privacy and their demographic
>> information in exchange for valuable services. The
>> IETF GeoPriv policies are probably harder to implement,
>> too. Standards venue shopping, perhaps?
>
> I don't think there is a particular interest. I think this is just the
> malaise with nearly all privacy tools. They seem to be in the
> competing mood while there is no competition in this area. It is quite
> usual that things are done without doing the proper networking. On
> other occasions, despite loud lip service, privacy is just an
> annoyance that has to be tackled the cheapest way possible. Sometimes
> there are politics involved to influence governmental regulation
> power.
>>
>> But there can't be one answer for the IETF and
>> another answer for W3C. I think the liaison work
>> should have been done much earlier.
>
> PLING[2] has already found that there are more than 20 policy
> languages waiting for adoption. PLING was set up as a platform to help
> with the coordination in the policy area. We will try to make it work.
> There is someone from Geopriv in PLING, but not from Geolocation
> AFAIK.
>>
>> I made several personal appeals for the GeoLocation group
>> to start with GeoPriv working group specifications, which
>> were ignored.
>
> Oh, we did that too. The P3P WG made nice appeals to the Geopriv WG
> back in 2002 and 2003 and we were just not heard. So it seems this has
> some tradition. P3P asked browsers to implement P3P and they just
> preferred to implement proprietary cookie-blocking tools. Geopriv is a
> complex protocol, pretty heavy to implement IMHO. I think they face
> the same reaction as P3P did 5 years ago[3]. So lets perhaps start
> featherweight to get at least a tiny bit of privacy tools implemented.
> The issue with privacy tools IMHO is that everybody makes marketing
> noise about privacy, but if it comes to real work, the room is empty.
> As an exception, Microsoft deserves some special attention here as
> they implemented parts of P3P and did stand a lot of heat for it. This
> has created the distinction between first party and third party
> cookies.
>>
>> So the fact that the GeoLocation group members have
>> "not thus far been persuaded" should hold no weight:
>> of course they're not persuaded, they'd already made
>> up their minds when the group was chartered.
>
> I don't think so. The motivation of Geopriv to ignore P3P was that it
> seemed not to fit into their model and not to be in their core
> interest. At that point in time, the P3P WG did not manage to persuade
> Geopriv. For Geolocation, it seems that there are implemented
> solutions that the Group doesn't want to break. And it seems that in
> their opinion geopriv doesn't do the best job if one compares effort
> and results. Been there, done that[3]
>
> Geolocation talked already a lot about geopriv and found a conclusion.
> At least one can't say that Geopriv was ignored. There was a decision
> against it AFAIK. So let's find the reasons and see if things can be
> adapted or if this is just another case of specification darwinism.
>
> 1.http://www.primelife.eu/
> 2.http://www.w3.org/Policy/pling/
> 3.https://bugzilla.mozilla.org/show_bug.cgi?id=62453
>
> Best,
>
> Rigo Wenning
> (with W3C Privacy Activity Lead hat on)
>

Received on Thursday, 23 April 2009 18:53:26 UTC