Liaison statement
IETF RAI and APP concerns about location privacy
Additional information about IETF liaison relationships is available on the
IETF webpage
and the
Internet Architecture Board liaison webpage.
State | Posted |
---|---|
Submitted Date | 2008-11-21 |
From Group | RAI |
From Contact | Cullen Fluffy Jennings |
To Group | W3C-GEOLOCATION-WG |
To Contacts | Angel Machin <angel.machin@vodafone.com> Lars Erik Bolstad <lbolstad@opera.com> |
Cc | Richard Barnes <rbarnes@bbn.com> Robert Sparks <rjs@nostrum.com> Matt Womer <mdw@w3.org> |
Response Contact | Jon Peterson <jon.peterson@neustar.biz> rai-ads@tools.ietf.org app-ads@tools.ietf.org |
Purpose | For action |
Deadline | 2008-12-16 Action Taken |
Attachments | (None) |
Body |
Dear Mr. Bolstad and Mr. Machin, The IETF RAI and APP areas were recently advised by some of our participants of the work of the W3C Geolocation working group. We feel that the current direction of this work presents risks to the privacy of location information on the Internet. The experience of the IETF, and its GEOPRIV working group, in dealing with location and location privacy may be helpful to the Geolocation WG in finding a solution that better respects the privacy of location information on the Web. The IETF is committed to protecting the privacy of Internet users and acknowledges the W3C's commitment to privacy on the Web. Both groups recognize that the increasing availability of location information on the Internet raises unique privacy concerns. In many contexts location information is highly sensitive, as it can reveal intimate details about a user's whereabouts, and can be of particular interest to corporations and government authorities. Standards for communicating location - over the Internet or within a browser - have an important role to play in providing a technical basis for privacy protection. The protocols and data formats produced by the IETF GEOPRIV WG help to protect location information by ensuring that whenever location is transmitted, privacy policy information is transmitted alongside it. GEOPRIV standards provide tools that allow users to express their preferences about how their location information is used. These tools include a standard format for conveying these preferences together with location information (the Presence Information Data Format-Location Object described in RFC 4119) and a lightweight policy language for expressing privacy preferences. The critical value of binding policy to location information is that no recipient of the location information can disavow knowledge of users' preferences for how their location may be used. By creating a structure to convey the user's preferences along with location information, the likelihood that those preferences will be honored necessarily increases. This model differs from the paradigm for privacy protection that has long prevailed on the Web. The main privacy mechanisms used in the Web today are site-specific privacy policies. Users typically have only a binary choice: To grant access to location (and accept all the terms of the policy), or to withhold location. The GEOPRIV model extends this model by empowering users to express their own privacy preferences to sites with whom they share their location. The IETF APP and RAI areas would like to express their concern that the current W3C Geolocation API draft does not include privacy protections for location information. The current API specification requires conforming implementations to provide a mechanism to protect user privacy, but it leaves it up to each implementation to invent its own privacy mechanism. This approach could result in weak or non-existent protections, or inconsistent user expectations and experiences. By contrast, if the W3C Geolocation API specified a standard format for privacy rules, then users could have consistent location privacy experience across the Web, no matter how they access it. Normally, the first public working draft of a W3C specification would not raise as much concern as this draft API. In this case, however, multiple implementations already exist, and it seems very likely that the specification will be widely deployed even before it is published as a W3C Recommendation. It is thus essential to include privacy features even in early drafts, in order to prevent proliferation of UA implementations and Web sites that fail to protect users' location information. More generally, the IETF APP and RAI areas are interested in working with the W3C on ensuring that their location standards are compatible. The IETF has developed a suite of privacy-preserving protocols to configure hosts with their location and to convey location between hosts. Alignment between these protocols and the Geolocation API would allow UAs to use network-based location to provide location-based applications in a much wider variety of scenarios than is currently possible. Harmonizing the privacy concepts between protocols and the API will be an important first step toward this alignment. The IETF APP and RAI areas request that the W3C delay publication of the draft API specification until the W3C Geolocation WG has concluded its current discussion about addressing privacy more concretely in the API. APP and RAI believe that concluding the discussion about privacy that has already begun within the W3C Geolocation WG before the draft specification is published will ultimately benefit the W3C and, more importantly, location-based applications on the Internet and the Web. Sincerely, Jon Peterson & Cullen Jennings (Directors, RAI Area of the IETF) Lisa Dusseault & Chris Newman (Directors, APP Area of the IETF) |