Liaison statement
IETF RAI and APP concerns about location privacy

State Posted
Posted Date 2008-11-21
From Group RAI
From Contact Cullen Jennings
To Contacts Angel Machin
Lars Erik Bolstad
CcRichard Barnes
Robert Sparks
Matt Womer
Response Contact Jon Peterson
Purpose For action
Deadline 2008-12-16 Action Taken
Attachments (None)
Dear Mr. Bolstad and Mr. Machin,

The IETF RAI and APP areas were recently advised by some of our participants
of the work of the W3C Geolocation working group. We feel that the current
direction of this work presents risks to the privacy of location information
on the Internet. The experience of the IETF, and its GEOPRIV working group, in
dealing with location and location privacy may be helpful to the Geolocation
WG in finding a solution that better respects the privacy of location
information on the Web.

The IETF is committed to protecting the privacy of Internet users and
acknowledges the W3C's commitment to privacy on the Web. Both groups recognize
that the increasing availability of location information on the Internet
raises unique privacy concerns. In many contexts location information is
highly sensitive, as it can reveal intimate details about a user's
whereabouts, and can be of particular interest to corporations and government
authorities. Standards for communicating location - over the Internet or
within a browser - have an important role to play in providing a technical
basis for privacy protection.
The protocols and data formats produced by the IETF GEOPRIV WG help to protect
location information by ensuring that whenever location is transmitted,
privacy policy information is transmitted alongside it. GEOPRIV standards
provide tools that allow users to express their preferences about how their
location information is used. These tools include a standard format for
conveying these preferences together with location information (the Presence
Information Data Format-Location Object described in RFC 4119) and a
lightweight policy language for expressing privacy preferences.

The critical value of binding policy to location information is that no
recipient of the location information can disavow knowledge of users'
preferences for how their location may be used.  By creating a structure to
convey the user's preferences along with location information, the likelihood
that those preferences will be honored necessarily increases.

This model differs from the paradigm for privacy protection that has long
prevailed on the Web. The main privacy mechanisms used in the Web today are
site-specific privacy policies.  Users typically have only a binary choice: To
grant access to location (and accept all the terms of the policy), or to
withhold location. The GEOPRIV model extends this model by empowering users to
express their own privacy preferences to sites with whom they share their

The IETF APP and RAI areas would like to express their concern that the
current W3C Geolocation API draft does not include privacy protections for
location information. The current API specification requires conforming
implementations to provide a mechanism to protect user privacy, but it leaves
it up to each implementation to invent its own privacy mechanism. This
approach could result in weak or non-existent protections, or inconsistent
user expectations and experiences.  By contrast, if the W3C Geolocation API
specified a standard format for privacy rules, then users could have
consistent location privacy experience across the Web, no matter how they
access it.

Normally, the first public working draft of a W3C specification would not
raise as much concern as this draft API. In this case, however, multiple
implementations already exist, and it seems very likely that the specification
will be widely deployed even before it is published as a W3C Recommendation.
It is thus essential to include privacy features even in early drafts, in
order to prevent proliferation of UA implementations and Web sites that fail
to protect users' location information.

More generally, the IETF APP and RAI areas are interested in working with the
W3C on ensuring that their location standards are compatible. The IETF has
developed a suite of privacy-preserving protocols to configure hosts with
their location and to convey location between hosts.  Alignment between these
protocols and the Geolocation API would allow UAs to use network-based
location to provide location-based applications in a much wider variety of
scenarios than is currently possible.  Harmonizing the privacy concepts
between protocols and the API will be an important first step toward this

The IETF APP and RAI areas request that the W3C delay publication of the draft
API specification until the W3C Geolocation WG has concluded its current
discussion about addressing privacy more concretely in the API. APP and RAI
believe that concluding the discussion about privacy that has already begun
within the W3C Geolocation WG before the draft specification is published will
ultimately benefit the W3C and, more importantly, location-based applications
on the Internet and the Web.

Jon Peterson & Cullen Jennings (Directors, RAI Area of the IETF)
Lisa Dusseault & Chris Newman (Directors, APP Area of the IETF)