Hm, I confess that I searched the text of the draft for the word “privacy” and jumped to conclusions upon seeing no matches. Probably a good idea to work it in for impatient folk like me.
I would expand that section to point out that since the IMEI survives device wipes and changes of possession, it shouldn’t be assumed to identify a person.
And I really wouldn’t ever expose an IMEI at the application level, but maybe it’s appropriate at the level this draft is addressing. We had endless nightmares, not only because of the wipe-survival, but because app code would try to run on a device that didn't have an IMEI and crash, and so on. -TI would expand that section to point out that since the IMEI survives device wipes and changes of possession, it shouldn’t be assumed to identify a person.
On Fri, Jul 19, 2013 at 3:53 PM, Andrew Allen <aallen@xxxxxxxxxxxxxx> wrote:
Tim
Do you not think that the text in the security considerations section::
"because IMEIs can be loosely correlated to a user, they need to be treated as any other personally identifiable information. In particular, the IMEI URN MUST NOT be included in messages intended to convey any level of anonymity"
covers the privacy issue?
If not what is the additional privacy concern?
Andrew
From: Tim Bray [mailto:tbray@xxxxxxxxxxxxxx]Sent: Friday, July 19, 2013 12:07 PM Central Standard Time
To: S Moonesamy <sm+ietf@xxxxxxxxxxxx>
Cc: IETF-Discussion Discussion <ietf@xxxxxxxx>
Subject: Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
On Fri, Jul 19, 2013 at 9:52 AM, S Moonesamy <sm+ietf@xxxxxxxxxxxx> wrote:
It would be easier to have the draft discuss the GSMA URN only. The alternative is to have the draft discuss the privacy considerations of using IMEI and IMEISV.
Good catch. Assuming this is a good idea (I’m dubious) it would be completely unacceptable to register it without a discussion of privacy implications. -T
Regards,
S. Moonesamy
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.