The 81st meeting of the Internet Engineering Task Force (IETF) – one of the world’s premier technical standards bodies for the Internet – is wrapping up today. It’s been a busy week of meetings where over 1200 engineers have gathered to tackle some of the most exciting and daunting challenges in network engineering and standardization. Across many of the sessions, there was one topic that seemed to come up again and again: privacy.
IETF standards tend to be generic mechanisms that can be used for a variety of purposes and in a variety of contexts. The Hypertext Transfer Protocol (HTTP) is a good example – it has countless uses, from fetching web pages to sending user-entered form field data to downloading cookies and scripts. Its uses have also changed over time; the fast, rich multimedia web experience of today could hardly be envisioned when HTTP was first designed and standardized by the IETF in the 1990’s. So as new IETF standards are developed, how should they take privacy into account? What can be done during the design phase to address privacy when it’s so hard to know how standardized communications protocols will be used?
These are the kinds of questions that the Internet Architecture Board (an advisory committee of the IETF) is trying to grapple with in its privacy program (which I’m leading). To help stimulate thinking about these questions, we organized a plenary session this week about “the web privacy tussle” that included a variety of perspectives on the tensions between users, technology, norms, and laws involved in privacy on the web. Jens Grossklags discussed research insights into user privacy behaviors, Fred Carter gave a primer on global privacy regulation, and Andy Zeigler discussed recent web standardization efforts aimed at mitigating user tracking. The hope is that we can use these broader perspectives to help develop guidance for engineers about how to address and document privacy threats in Internet standards (see my slides).
But the plenary was by no means the only place where privacy concerns were being discussed. The Real-Time Communication in Web Browsers (RTCWEB) working group is one exciting new IETF effort that aims to make voice and video calls between two people’s web browsers a reality. The privacy and security questions associated with this work are numerous: When should permission be sought to get access to the user’s microphone and camera? Who should seek permission in a “click-to-call” web advertisement scenario? Should call content be encrypted? Should the encryption status be discoverable by the user? Answering these and other questions is going to require tough design choices, but the group has recognized potential user privacy needs from the beginning.
That kind of fundamental privacy awareness has served some other, more mature IETF working groups rather well. The SIP Recording (SIPREC) working group continues to make progress towards standardizing a means to remotely record VoIP sessions that use the Session Initiation Protocol (SIP). The group has had many discussions about notifying users about recording, providing ways to establish recording preferences, and protecting the identities of call participants.
The Geographic Location/Privacy (GEOPRIV) working group, in which CDT has long been involved, likewise continues to tackle new privacy challenges. This week saw the publication of RFC 6280, An Architecture for Location and Location Privacy in Internet Applications, which provides an updated overview of the core GEOPRIV standards for conveying location information on the Internet together with user-defined privacy rules. The group also continues to work towards consensus around how to address the need to provide obscured or “fuzzed” location to online services, a problem for which it is difficult to find solutions that can provide strong privacy guarantees but where less-than-perfect solutions may provide protection in some cases (for one-time location-dependent service requests, for example).
These efforts provide just a sample of the privacy discussions of the past week. As privacy concerns have further permeated the public consciousness, they also seem to be permeating the Internet standards world. Let’s hope that trend continues.