Re: [Geopriv] Geo URI and privacy URI
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Geopriv] Geo URI and privacy URI

Carl,
Thanks for the pointer. I knew of the LIF/OMA Privacy Checking Protocol (PCP, aptly :) ), but last I heard, that was not widely implemented (and possibly deprecated).
Also, I note with appropriate irony that the terms of use for the document you referenced contain the following paragraph: 

"
Open Mobile Alliance's Privacy Policy
You consent to the collection, processing and storage by Open Mobile Alliance of Your personal information in accordance with the terms of the Open Mobile Alliance's Privacy Policy, which is available at http://www.openmobilealliance.org/privacypolicy. You agree to comply with all applicable laws and regulations, and the terms of Open Mobile Alliance's Privacy Policy, with respect to any access, use and/or submission by You of any personal information in connection with this Web site. 
"
... this being the standard Web privacy model -- site decides unilaterally -- in contrast to the Geopriv model, in which the site at least makes an informed decision. 

Cheers,
--Richard


creed at opengeospatial.org wrote:

All -

There is a Open Mobile Alliance document titled, "LIF Privacy Guidelines".
This document was developed over a period from 2001 to 2002. Considerable
discussion (both legal and philosophical) and numerous use cases
documented. This document and its contents might be useful in this
discussion.

Go to http://www.openmobilealliance.org/tech/affiliates/lif/lifindex.html
and clink on "download" for Privacy Guidelines and then agree to the terms
of use.

Cheers

Carl



I might be about to get too philosophical here, but...

In some sense the entire Geopriv privacy architecture could be
considered a "non-starter" for the same reason you suggest below: it's
meant to encourage location recipients to change their current
behavior. If it didn't require behavior change, it wouldn't have any
utility.

Again, I think retention-expires has value even if all that results
from it is that a recipient thinks twice about its logging policy, or
clarifies its disclosures about its logging policy, or realizes that
people care about its logging policy. IMO, defining a strict semantic
that results in this kind of reaction is preferable to creating a
loophole in the semantic that could potentially swallow all of its
value.

On Mar 26, 2009, at 6:12 PM, Henning Schulzrinne wrote:


I'm sorry, but after 6 years we're no closer to this happening.
However, anything that requires running non-standard web setups
seems like a non-starter. No wonder that W3C doesn't take GEOPRIV
seriously...

Henning

On Mar 26, 2009, at 6:05 PM, John Morris wrote:


+1 to Alissa (perhaps not a surprise)...  but for historical
interest, I have pasted below excerpts from three 2003 e-mails in
which Henning and I discussed this same topic....  John

At 11:01 AM -0500 11/11/03, Henning Schulzrinne wrote:

Date: Tue, 11 Nov 2003 11:01:13 -0500
From: Henning Schulzrinne <hgs at cs.columbia.edu>
To: "'geopriv at ietf.org'" <geopriv at ietf.org>
Subject: [Geopriv] Questions on pidf-lo

After another reading and some hallway discussions, a few
questions on PIDF-LO:
<snip>
3) Retention

Normal operating procedure is that databases are backed up. Am I
liable if a location object accidentally makes it onto the backup
tape? (Example: retention is 24 hours; LO arrives at 8 pm; backup
is run at midnight. I can't tell the backup routine to not backup
that entry.)

Worded in its current vagueness, I'm afraid that any large entity
who has any exposure at all would be foolish to accept any object
that in any way restricts retention and distribution.

Henning

At 12:34 PM -0600 11/11/03, John Morris wrote:

Date: Tue, 11 Nov 2003 12:34:32 -0600
To: Henning Schulzrinne <hgs at cs.columbia.edu>
From: John Morris <jmorris at cdt.org>
Subject: Re: [Geopriv] Questions on pidf-lo
Cc: "'geopriv at ietf.org'" <geopriv at ietf.org>

Henning, you won't be happy with how I would answer these
questions. See inline.  John

<snip>

3) Retention

Normal operating procedure is that databases are backed up. Am I
liable if a location object accidentally makes it onto the backup
tape? (Example: retention is 24 hours; LO arrives at 8 pm; backup
is run at midnight. I can't tell the backup routine to not backup
that entry.)

Worded in its current vagueness, I'm afraid that any large entity
who has any exposure at all would be foolish to accept any object
that in any way restricts retention and distribution.

My answer is that big entities will have to cope.  In the U.S. at
least, we have not yet resolved the train wreck that occurs
between privacy and routine backup tapes.  If the info is in a
backup tape, it can be obtained through subpoena, law enforcement
request, etc.

And yes, I do think that companies are moving toward a more
considered backup strategy that takes privacy and other legal
obligations into account.  It will be a slow transistion, but I
think it will happen.

So any entity concerned about this type of exposure should decide
that certain information should simply not be retained in
databases that are routinely backed up.  I strongly do not think
we should allow geopriv to say "do not retain the info longer than
the rule permits (except routine backups don't count)."


Henning

John

At 2:56 PM -0500 11/11/03, Henning Schulzrinne wrote:

Date: Tue, 11 Nov 2003 14:56:58 -0500
From: Henning Schulzrinne <hgs at cs.columbia.edu>
To: John Morris <jmorris at cdt.org>
Cc: "'geopriv at ietf.org'" <geopriv at ietf.org>
Subject: Re: [Geopriv] Questions on pidf-lo

John Morris wrote:


Henning, you won't be happy with how I would answer these
questions. See inline.  John

I'm actually happy with *any* consistent and implementable answer.
I'm mostly concerned that implementors are given insufficient
guidance in the spec.


<snip>

My answer is that big entities will have to cope.  In the U.S. at
least, we have not yet resolved the train wreck that occurs
between privacy and routine backup tapes.  If the info is in a
backup tape, it can be obtained through subpoena, law enforcement
request, etc.

And yes, I do think that companies are moving toward a more
considered backup strategy that takes privacy and other legal
obligations into account.  It will be a slow transistion, but I
think it will happen.

So any entity concerned about this type of exposure should decide
that certain information should simply not be retained in
databases that are routinely backed up.  I strongly do not think
we should allow geopriv to say "do not retain the info longer
than the rule permits (except routine backups don't count)."

As long as we say "this includes backup media", I'm fine - I'm
just for clarity. We can't remove every ambiguity, but that's no
excuse not to be precise where we can.

_______________________________________________
Geopriv mailing list
Geopriv at ietf.org
https://www.ietf.org/mailman/listinfo/geopriv


_______________________________________________
Geopriv mailing list
Geopriv at ietf.org
https://www.ietf.org/mailman/listinfo/geopriv

--
----------------------------------------------------
Alissa Cooper
Chief Computer Scientist
Center for Democracy and Technology
202 637 9800 x110
acooper at cdt.org
http://www.cdt.org/






_______________________________________________
Geopriv mailing list
Geopriv at ietf.org
https://www.ietf.org/mailman/listinfo/geopriv




_______________________________________________
Geopriv mailing list
Geopriv at ietf.org
https://www.ietf.org/mailman/listinfo/geopriv

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.