Skip to main content
  • Fresh perspectives from IETF Administration LLC Board

    Two members of the IETF Administration LLC Board of Directors bring deep expertise and experience from outside the realm of developing technical standards, providing perspectives about the factors and priorities important to advancing the community’s work and IETF mission more broadly.

    • Grant GrossIETF Blog Reporter
    27 Sep 2021
  • IETF 111 Hackathon: Coding across time zones

    The IETF 111 Hackathon was held July 19-23, 2021. This was the 19th IETF Hackathon, and the 4th held as an online only event. For most people involved in the IETF the past several years, the IETF Hackathon marks the start of each IETF meeting.

    • Charles EckelIETF Hackathon Co-chair
    8 Sep 2021
  • IETF 111 post-meeting survey

    The results from our IETF 111 post-meeting survey are now available.

    • Jay DaleyIETF Executive Director
    22 Aug 2021
  • IETF Community Survey 2021

    In May 2021, the IETF Administration LLC (IETF LLC) on behalf of the IESG and in collaboration with the IAB distributed the first annual IETF community survey to all 56,000 addresses subscribed to IETF mailing lists. Its purpose was "To help better understand our community and its makeup, gather views on the IETF and how well it works for participants, and gain insight into how we compare to similar organisations".

    • Jay DaleyIETF Executive Director
    11 Aug 2021
  • Experiences from the first fully-online IAB workshop on Network Impacts of COVID-19

    The Internet Architecture Board (IAB) held its first fully-online workshop in November 2019, just before the IETF 109 meeting, to discuss the network impacts of the COVID-19 crisis.

    • Mirja KühlewindIAB Chair
    23 Jul 2021

Filter by topic and date

Filter by topic and date

Celebrating Data Privacy Day

  • Alissa CooperApplications and Real-Time Area Director

28 Jan 2014

Today is International Data Privacy Day, and I wanted to let Alissa Cooper say a few words about how we are working on privacy topics at the IETF. - Jari Arkko, IETF Chair

Each year, Data Privacy Day is celebrated on January 28 to commemorate the signing of the first legally binding international data protection treaty. It is an opportunity to promote user empowerment and education about protecting personal data.

The IETF has seen the launch of many new privacy-relevant activities in recent months, including efforts that reflect the particular kinds of user empowerment that standards organizations such as ours can effectuate. Last year the IAB published RFC 6973, Privacy Considerations for Internet Protocols, one goal of which was to provide guidance to those working in the IETF about how to consider privacy threats and mitigations within their protocol designs. Since then, the IAB Privacy Program has been refining a privacy tutorial to help put RFC 6973’s guidance into practice. After several trial runs, the tutorial has been solidified and will be conducted for all IETF participants on Sunday, March 2, at the start of the next IETF meeting.

Recent revelations concerning pervasive monitoring have spurred work on empowering users in a different way, by re-emphasising the need for security and privacy technologies to be easier to deploy and use. At least some of the attacks that we’ve learned about in recent months could have been deterred or mitigated if technologies and standards that already existed had been deployed (for example, the use of transport layer security to encrypt traffic between mail servers or data centers). But we know far too well that the difficulty of deploying and using security technologies has often prevented their adoption, both by corporations and individual end users. One consequence of the pervasive monitoring revelations has been to re-focus the technical community’s attention on usable security.

This trend is apparent within many different IETF efforts. Using TLS in Applications (UTA) is a new working group that aims to (among other things) provide greater clarity for application developers about best practices for using transport layer security in their applications. There have been discussions in many different workings groups, mailing lists, and Internet drafts about whether and how to increase the use of opportunistic encryption, which can have fewer deployment barriers compared to fully authenticated encryption and could thereby help to mitigate passive traffic sniffing.

While these examples reflect a desire to make encryption more usable, encryption alone does not suffice for meeting all data protection needs. Even with payload encryption, meta-data collection and traffic analysis can still reveal sensitive information to intermediaries, and care must be taken to ensure that payloads themselves do not include personal data unnecessarily.

Tackling these sorts of problems requires adopting data minimization and anonymization techniques that in some cases have proved even more onerous to deploy and use than transport encryption. Making this class of solutions more usable will require significant effort going forward ­ meaning that there is plenty more work to be done both inside and outside the IETF.

The IETF has long been committed to building secure protocols (see RFC 3365RFC 3552) and is currently debating extending that commitment to defending against pervasive monitoring. We still have a ways to go to make security more usable and to build in additional privacy protections beyond what security features already provide, but today we can celebrate our recent efforts and the renewed enthusiasm for privacy protection emerging throughout the IETF community. Let’s turn that energy into concrete solutions in the coming months and years.

Share this page