The Ultimate Roadmap for Privacy by Design
The privacy stories making headlines today generally focus on individual products or services, such as mobile apps, VoIP, or web-based email, and their associated privacy protections (or lack thereof). However, rarely noticed are the building blocks these Internet products and services are developed on – largely invisible but critically important technical standards, such as HTTP, IP and DNS. Can’t better privacy protections be built into these Internet protocols so that the applications developed on top of them have better inherent protections? With the publication of Privacy Considerations for Internet Protocols, Internet engineers have a new roadmap for achieving just that.
The roadmap explains how privacy threats that are commonly the focus of public policy – tracking, identification, secondary use of data, and many others – manifest within technical designs. It provides engineers with guidance about how to mitigate these threats and questions they should ask themselves to assess the privacy implications of different engineering design choices. In short, it takes the concept of Privacy by Design and applies it to the task of engineering the Internet’s core technical building blocks.
Consider the Session Initiation Protocol (SIP) – the leading standard supporting voice communications on the Internet, first standardized more than a decade ago. In response to a variety of new security challenges related to caller ID spoofing, robocalling, and telephony denial-of-service attacks, work is beginning to standardize means to authenticate the identities of callers that use SIP-based voice calling services on the Internet. There are many potential privacy implications of this work and maintaining the ability to make an anonymous call will be paramount. The roadmap points to questions about default settings, user control, identifiers, and trade-offs between privacy and other values, all of which will require careful consideration for this new work to successfully improve the security of Internet telephony while preserving the ability of callers to dial and speak anonymously.
The publication of the roadmap is a crucial step towards achieving the same level of commitment to privacy that is given to security in setting Internet standards. Privacy Considerations for Internet Protocols is the product of a multi-year effort that I led within the Internet Architecture Board (IAB). The IAB is an oversight body of the Internet Engineering Task Force (IETF), the Internet standards organization that has produced HTTP, IP, DNS, and many of the Internet’s other core communications standards. Over the last several decades, the engineers that come to the IETF to build the Internet’s core standards have developed a deep commitment to Internet security, which is reflected in every new specification that the IETF produces. Efforts to get privacy on equal footing with security are well worth celebrating.