Cybersecurity & Standards, Privacy & Data
Report from the Internet Privacy Workshop
It’s been a long time coming, but last week saw the publication of RFC 6462, the Report from the Internet Privacy Workshop. The workshop, which was jointly hosted by the Internet Architecture Board (IAB) and others in December 2010, brought together experts from industry and the Internet standards community to better understand the role of privacy in Internet standardization work.
The workshop report provides a useful overview of fundamental privacy design challenges that appear again and again: the increasing ease of user/device/application fingerprinting, unforeseen information leakage, difficulties in distinguishing first parties from third parties, complications arising from system dependencies, and the lack of transparency and user awareness of privacy risks and tradeoffs. The report also identifies a number of barriers to successful deployment and analysis of privacy-minded protocols and systems, including the difficulty of using generic protocols and tools to defend against context-specific threats; the tension between privacy protection and usability; and the difficulty of navigating between business, legal, and individual incentives.
The IAB has been leading an effort within the Internet standards community to better conceptualize how privacy is addressed within Internet standards development. By exploring privacy challenges as they exist on the Internet today, the workshop report provides a foundation for this and other efforts to build on.