Re: questionnaire feedback (was Re: Save the date - PING at IETF - Thursday 23 July)

Hi David, text suggestions to get discussion going are always
welcome... I think the first and third thing here could be dealt with
rather nicely by some suggested text, if you have the time. As for the
second...

On Wed, Aug 5, 2015 at 4:05 PM, David Singer <singer@apple.com> wrote:
> some questions about the questionnaire. <https://www.w3.org/wiki/Privacy_and_security_questionnaire>
>
> 1. Does this specification deal with personally derived data?
>         • Explanation: Personal data includes a large swath of data which could be used on its own, or in combination with other information, to identify a single person. The exact definition of what’s considered “personal information” varies, but could certainly include things like a home address, an email address, birthdates, usernames, fingerprints, video recordings, audio recordings, geographic location or any other information derived from a person.
>
>
> Um, there are TWO issues here:  (a) can the data be used to identify someone and (b) if the person is or can be identified, is the data revealing something about them?  The latter doesn’t seem addressed.
>
> In general, even innocuous pieces of personally-derived data may become significantly less so when combined with other data.  For example, if you get access to my location, you may learn that I am in a hotel room.  That seems fairly innocuous.  Separately you may learn my home city, which also may be fairly innocuous. But when you realize that the hotel is in my own city, and it’s the middle of the day in that time zone, you might be a teensy bit suspicious…
>
>
>
> 2. Does this specification allow an origin access to a user’s location, and if so is that information minimized?
>
> Why do we pull out the user’s location as a piece of personally-derived-data of special significance?

It's pretty well-understood that location/location history is a pretty
sensitive piece of personal data. Are you questioning that or asking
us to be sure to not assume the person reading the questionnaire knows
this?

> 3.      • How should this specification work in the context of a user agent’s "incognito" mode?
>                 • Explanation: Ideally, the feature would work in such a way that the website would not be able to determine that the user was in "incognito". Less ideally, the feature wouldn’t work, but the website still wouldn’t be able to distinguish "incognito" from simply being denied permission to use the feature (for instance). Unideally, the feature wouldn’t exist at all in "incognito", which means that the user wouldn’t be exposing data, but the website can probably tell that the user is in that state
>                 • Example: Disabling a feature which could out a user when used in "incognito" mode.
>
>
> I am not at all sure that I agree that revealing I am ‘incognito’ is always a problem.  I think this might need attention.  The example sentence has some issues, unless we mean by ‘out a user’ that we reveal their sexual preference, which I doubt :-)
>
>
> David Singer
> Manager, Software Standards, Apple Inc.
>
>



-- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

Received on Wednesday, 12 August 2015 12:46:18 UTC