ACTION-397 Frame discussion on Geolocation and Geoprivacy

Richard Barnes, who is co-chair of the IETF Geoprivacy WG contacted me 
after reading my comment on
the Geolocation action in the minutes.  I had a telcon with Richard and 
Mark Linsner of Cisco and they briefed me
on their interactions with the Geolocation WG, and we discussed the  
model they are recommending..

As you know, the Geopriv folks made a comment on the LCWD of Geolocation.  
The response is at 
and includes the words:
"Both proposals met significant resistance in the working group and the 
decision was taken not to adopt either of them."

John Morris of the Center for Democracy and Technology also made similar 
Last Call comments which
were also turned down.  John responds in
by saying "that the process was deeply flawed, and that the substantive 
result represents a missed opportunity for the W3C to live up to the 
high standards that it previously sought to achieve."  but he does not 
want to delay the spec any further

The text re. privacy at the start of the WD has been strengthened but 
the issue continues to rankle.
The Geopriv folks have prepared a proposal [1] that includes the ability 
to transmit user-defined rules along with
the location information.

A recently published paper on Geolocation and privacy [2] says:
"But though these requirements are normative sections of the 
specification, they are not functional require-
ments that directly in influence how the API works. None of these 
notices are communicated as part of API
calls, and none of these requirements are enforced by the user agent (as 
a practical matter, it is impossible
to enforce them, because the API does not provide any way in which this 
enforcement could be supported).
Instead, web sites are expected to use the HTML content of their own 
pages to make details about collection,
usage, storage and access clear to their visitors. The specification 
does not detail any particular interface
or language requirements and no de-facto standards exist. Web sites vary 
in their implementation of these
rules and very often fall short;..."

The authors of the paper investigated 22 Websites that used the 
Geolocation API.  They say
"Out of 22 instances, not a single web site informed users of their 
privacy practices with respect to collected
location data up front, that is, before they were presented with a 
prompt for their location. As a result,
we suspect that virtually no users encountering the W3C Geolocation API 
are fully informed about the
requesting site's information practices when they decide whether or not 
to reveal their location."

The paper does a good job of surveying the landscape of privacy policy 
and available privacy models. 
In the end, it makes four recommendations re. the Geolocation API.  Two 
of these are very similar to the
Geopriv recommendations:
- To be able to send location information at various granularities. 
- Add functional requirements to allow machine- and human-readable 
notices to be sent along with each
request for user location.  As an alternative they recommend the Geopriv 
model where privacy rules are
transmitted along with the location information.

The New York Times article [3] on privacy research features the work of 
Lorrie Faith Cranor who was the
chair of the W3C P3P WG.  The direction they are taking is to write 
software to detect when information is being
requested that would compromise privacy.  When it detects this, a pop-up 
appears and warns the user who
could abort the request.  But this too, would have to be implemented by 
the browser vendors.

Richard and Mark informed me that John Morris from the Center for 
Democracy and Technology was
going to testify before the House Energy and Commerce Committee on Feb 
24.  They think (fear?) that
Congress will impose some rules to protect privacy, like they did with 
VOIP and 911 calls and we will
have to live with them for better or for worse. 

So, I think this issue will continue and gather momentum.  For example,
OASIS has started a privacy management mailing list:
which a preliminary to forming an OASIS TC.

As an architectural principle, sending privacy rules along with the data 
seems to be gaining adherents.
Perhaps we can standardize on that.


All the best, Ashok

Received on Monday, 8 March 2010 20:25:13 UTC