- From: Erik Taubeneck via GitHub <sysbot+gh@w3.org>
- Date: Tue, 15 Mar 2022 18:03:54 +0000
- To: public-patcg@w3.org
eriktaubeneck has just created a new issue for https://github.com/patcg/meetings: == Agenda Request - Should PATCG be opinionated on technologies used to enable privacy? == ## Agenda+: Should PATCG be opinionated on technologies used to enable privacy? In the [private measurement use case](https://github.com/patcg/private-measurement), we’ve seen a number of different approaches to establishing privacy across the various [proposal/solutions in market.](https://github.com/patcg/private-measurement/issues/8) In many cases, a given use case can be supported with multiple technologies. For example, the Attribution Reporting API in the WICG proposes two solutions to enable [Aggregate Attribution Measurement](https://github.com/WICG/conversion-measurement-api/blob/main/AGGREGATE.md): one supported by [Multi Party Computation (MPC)](https://github.com/WICG/conversion-measurement-api/blob/main/SERVICE.md) and one supported by [Trusted Execution Environments (TEEs)](https://github.com/WICG/conversion-measurement-api/blob/main/AGGREGATION_SERVICE_TEE.md). One interesting component here is that from the client point-of-view, the implementation is similar; the difference is primarily on the server(s) involved in the aggregation of multi-client events. In fact, the [base aggregation proposal](https://github.com/WICG/conversion-measurement-api/blob/main/AGGREGATE.md) even proposes (in the future) adding the ability for the user of the API to choose [among different aggregation services](https://github.com/WICG/conversion-measurement-api/blob/main/AGGREGATE.md#choosing-among-aggregation-services). From what I understand, these two technologies (MPC and TEE) are fairly different constructions, and may be seen in different lights by different implementers. As such, it seems like it would be a worthwhile agenda item for an upcoming meeting to discuss these technologies, and their viability for use within the proposals coming from this community group. Specifically, I am proposing discussing and finding consensus on: 1. Aligning on our high level privacy and security goals. As a starting point (very much up for debate), I’d suggest that proposals should provide: 1. *Client data secrecy*: Any parties involved (ad tech providers, helper servers, cloud service providers) should not be able to observe individual level client data beyond what 1st parties can directly observe (e.g. cross site data should be protected.) 2. *Purpose limitation*: Any parties involved (ad tech providers, helper servers, cloud service providers) should not be able to utilize the proposed API for purposes beyond the specified limited use case. 3. *Correctness*: Any parties involved (ad tech providers, helper servers, cloud service providers, clients) should not be able to disrupt the correctness of the output. 2. Presentation from experts in MPC and TEEs about how those technologies can enable the above privacy and security goals. 3. A recommendation from the group as to what technologies sufficiently enable the above privacy and security goals, to inform what should / should not be used in proposals within this CG. 1. This is likely not achievable in the next working session, but more likely a work item to take up. A good starting point would be to create understanding around the bounds of technologies that might be used. Please view or discuss this issue at https://github.com/patcg/meetings/issues/39 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 15 March 2022 18:03:56 UTC