A lot of people have difficulty connecting the human level privacy requirement with the technology level. While the linkable/unlikable identifiers technology is important, there is more to privacy than merely concealing identities. For example, consider the firestorm that followed Marty Rimm's infamous CMU CyberPorn study. The study concealed the identity of the participants, but there was still a major privacy problem as the participants had expected that the network operator would not reveal details of their lawful activities to Time Magazine. At the information level, privacy creates restrictions that apply to the redistribution of data. In Alice and Bob land we generally consider a binary choice, either Alice will give the information to Bob or she won't. We do not usually consider the question of what Bob might do afterwards because those problems are not solved easily using cryptography. In the privacy case we are considering the explicit agreements and implicit assumptions that Alice has concerning redistribution of the data to Carol, Doug and through to Zachary. And we are not just talking about the information that is passed explicitly, we are also talking about the data that Alice might infer from her interaction with Bob. And because those implicit assumptions are in part culturally determined, it is very hard to find consensus on what they should be. The community view in Cambridge MA is going to be very different from that in San Francisco CA. And those are places that are very close together (no really). The views in Huston TX or London UK are going to be very different again. And we haven't yet left the Anglosphere. When the cookies mechanism was thrown into the HTTP spec by a commercial entity after an exhaustive fifteen minutes of contemplation, the privacy implications of the HTTP protocol were changed immediately and irrevocably and without any notice to the affected users. I don't think it is acceptable for network protocol designers to throw up their hands and say 'this is hard, we will ignore it'. On Fri, Jul 9, 2010 at 8:03 AM, Hannes Tschofenig <Hannes.Tschofenig@xxxxxxx> wrote: > Hi all, > > I mentioned the position paper for the "W3C Workshop on Privacy for Advanced Web APIs" already in my last mail. Within the IAB we had planned a series of activities related to privacy and here is another one: Terminology > > When you look through various IETF documents you will notice that the term "privacy" is used here and there but often the meaning varies a lot. If you only look at the privacy related articles in newspapers and magazines you will notice the breadth of the topic. > > Having terminology to work with is quite crucial to avoid talking past each other. > > Here is an initial submission for privacy terminology: > https://wiki.tools.ietf.org/id/draft-hansen-privacy-terminology-00.html > > Marit and Andreas had worked on this document for about 10 years outside the IETF and it is frequently cited by those working in the privacy area. We thought it would make sense to bring this work to the IETF, to discuss it in a wider audience, and to produce a stable reference. > > Again, feedback is appreciated. > > Ciao > Hannes > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > -- Website: http://hallambaker.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf