| |
CDT Standards Bulletin 1.01 MAY 30, 2002
CDT PROJECT ON STANDARDS EXPLORES POLICY IMPACT OF TECHNOLOGICAL DECISIONS
Internet technical standards have a major impact on the Internet's uses and
its future development, with broad implications for public policy and
individual rights. For this reason, CDT launched last year its Internet
Standards, Technology, and Policy Project, to increase public awareness of
and input into technical decision-making. Our goal is to ensure that the
Internet will continue to offer the freedom and empowerment users now enjoy.
To better serve the public interest community and bring a broader
perspective to standards processes, CDT's Standards Project is taking two
important initiatives:
First, we are expanding our Standards Project website, at
http://www.cdt.org/standards/. This site will contain news and alerts
about public policy issues in the standards world, background information on
the leading standards bodies, and information on the Standards Project. Over
the coming months, we hope that the website evolves into a useful resource
for both public interest advocates who are not Internet experts and for
technologists interested in public policy aspects of standards development.
We welcome your input on how to best facilitate an end-user voice in
standards processes.
Second, we are launching a Standards Bulletin, which every six to eight
weeks will provide updates and analysis about the work of the organizations
that design the standards and make other important technical decisions for
the Internet. Our goal is to provide the public interest community with an
introduction to the standards world, identify and track emerging issues, and
raise the public interest involvement in the often complex process of
standards development.
CDT Standards Bulletin 1.01 MAY 30, 2002
Policy Updates and Analysis from the Internet Standards World Provided by
The Center for Democracy & Technology's Internet Standards, Technology, and
Policy Project
Welcome to the first issue of the Standards Bulletin, a new publication from
CDT's Internet Standards, Technology, & Policy Project.
Internet technical standards have a major impact on the Internet's uses and
its future development, with broad implications for public policy and
individual activities. Public awareness of and input into technical
decision-making are needed to ensure that the Internet in its future
evolution will continue to offer the freedom and empowerment we now enjoy.
Public policy makers and policy advocates need to be more familiar with the
development of Internet standards and the issues they bring to the fore.
Every six to eight weeks, the Standards Bulletin will provide updates and
analysis about the organizations that design those standards and make other
important technical decisions for the Internet, such as the Internet
Engineering Task Force (IETF) and the World Wide Web Consortium (W3C). Our
goal is to provide the public interest community with an introduction to the
standards world, identify and track emerging issues, and raise familiarity
with the often complex process of standards development.
Along with this Standards Bulletin, we are also pleased to be launching our
Standards Project website, at
http://www.cdt.org/standards/. This site contains news and alerts about
public policy issues in the standards world, background information on the
leading standards bodies, and information on the Standards Project. Over the
coming months, we hope that the website evolves into a very useful resource
on public policy and the standards processes. We welcome any input from the
community on these and other efforts to facilitate an end-user voice in
standards development.
John B. Morris
Director, Internet Standards, Technology, and Policy Project of the Center
for Democracy & Technology
1 - STANDARDS SPOTLIGHT: IETF'S GEOPRIV WORKING GROUP.
A new working group at the Internet Engineering Task Force (IETF) is
addressing serious issues concerning the privacy of sensitive "location"
information used in a variety of emerging technologies. As new technologies
expand wireless access to the Internet, a huge array of location-based
services are in the works. Along with consumer uses, such services can
provide increased security and enhanced emergency services. There are also
on-going projects aimed at providing (or in some cases limiting) services
and content based on the location of users with stationary Internet access.
Significant privacy and security concerns are raised by these location-based
services. Although many location-based services will be optional and fully
user-controlled, in some cases users will have little choice but to reveal
sensitive location information. Even with user-approved services, there is a
significant need to protect and limit the dissemination of location
information.
In mid-2001, in recognition of the serious privacy and security issues
raised by location based services, the Internet Engineering Steering Group (IESG)
of IETF decided to establish the "GEOPRIV" working group for the purpose of
designing to protect the privacy of location information. As defined by its
charter, the mission of the working group is to assess the "authorization,
integrity and privacy requirements that must be met in order to transfer
[location] information, or authorize the release or representation of such
information through an agent."
In essence, the working group will create a specific format for the
expression of location privacy and security preferences. The way those
preferences are expressed and enforced will likely have a broad impact on
user privacy and control. Although this effort has similarities to the P3P
protocol of the World Wide Web Consortium, it will be tailored to some
unique characteristics of location information. Critically, the new platform
is expected to include default privacy requirements to be applied in the
absence of any privacy rules created by a user.
The CDT Standards Project has been actively involved in the GEOPRIV working
group since its first meeting in August 2001:
* Last fall, working with Deirdre Mulligan of the Samuelson Law, Technology,
and Public Policy Clinic at Berkeley, CDT submitted to the IETF an
Internet-Draft entitled "Framework for Location Computation Scenarios." The
Internet-Draft offers initial analysis of the location-tracking situations
in which privacy must be protected.
* In collaboration with a technologist from Siemens AG in Germany, as well
as Deirdre Mulligan, CDT is working on two additional documents: a
"requirements" draft specifying what technology must be created, and a
"scenarios" draft specifying range of the situations in which the technology
must work as designed. On May 8, 2002, we submitted the first of these in an
Internet-Draft entitled "GEOPRIV requirements."
* The "GEOPRIV Requirements" draft will be the primary focus of an Interim
Working Group Meeting to be held in June. We are hopeful that the draft will
be formally endorsed by the working group, and finalized at the Yokohama
IETF meeting in July 2002.
Following the July meeting, the Standards Project will continue to provide
updates on the progress of the GEOPRIV working group effort. Under its
current charter, the work of GEOPRIV is not expected to be completed until
early 2003.
For more information: GEOPRIV Charter:
http://www.ietf.org/html.charters/geopriv-charter.html
"Framework for Location Computation Scenarios," Internet-Draft, November
2001:
http://www.cdt.org/standards/draft-morris-geopriv-scenarios-00.txt
(original text format),
http://www.cdt.org/standards/draft-morris-geopriv-scenarios-00.pdf (PDF
format)
"GEOPRIV Requirements," Internet-Draft, April 2002:
http://www1.ietf.org/mail-archive/ietf-announce/Current/msg18323.html
2 - STANDARDS UPDATE: QUICK DISPATCHES ON STANDARDS & POLICY
OPES GROUP CONSIDERS IMPORTANCE OF PRESERVING END-TO-END DATA INTEGRITY.
IETF's working group on OPES (Open Pluggable Edge Services) has received
guidance from the Internet Architecture Board. OPES deals with services that
can reside between a client and a server on the Internet, such as a web
proxy cache or other intermediary. CDT submitted comments noting that such
services raise serious concerns about the integrity of end-to- end
communications, and could enable tampering or censorship. In its
"considerations" document, the IAB recognized the importance of notice and
consent when such systems are used, so that possible negative impacts are
minimized. In an upcoming Standards Bulletin, we will provide an in-depth
analysis of OPES.
CDT's original comments on OPES are at
http://www.imc.org/ietf-openproxy/mail-archive/msg00828.html. The IAB's
analysis of OPES is at
http://www.ietf.org/rfc/rfc3238.txt. The charter of the OPES working
group is at
http://www.ietf.org/html.charters/opes-charter.html. The home page of
the OPES working group is at
http://www.ietf-opes.org/.
NEW CROSS-REGISTRY INFORMATION SERVICE PROTOCOL (CRISP) PROPOSED AS
SUCCESSOR TO WHOIS. At last March's IETF meeting, experts convened in a
"Birds of a Feather" (BOF) meeting to brainstorm on a new directory protocol
for domain name registries. The current protocol, WHOIS, stores data about
domain name registrants, but its uses have broadened substantially over the
years to include law enforcement and intellectual property enforcement uses.
Controversies about access and privacy have arisen, and a desire has emerged
to reevaluate the system. CRISP raises important policy questions that could
have a serious impact on users. The protocol is still in the formative
stages and has not yet been recognized as an IETF working group, but CDT has
been closely monitoring their work so far.
The Agenda and discussion of CRISP BOF can be found at
http://www.ietf.org/ietf/crisp/.
IEPREP WORKING GROUP BEGINS EMERGENCY PREPAREDNESS ACTIVITY. The IETF's new
working group, IEPREP (Internet Emergency Preparedness), is poised to
address key questions about Internet use in an emergency situation.
Operating on a short timeline, IEPREP will develop guidelines for Internet
technologies that will be needed to enable rapid response to a major
emergency, but also raising issues of equity and access by the public to
important services in times of crisis. The group hopes to finish the bulk of
its work by August 2002.
The Charter of the IEPREP working group can be found at
http://www.ietf.org/html.charters/ieprep-charter.html.
STANDARDS AND INTELLECTUAL PROPERTY. Both the IETF and W3C are wrestling
with important intellectual property issues. Internet standards developed by
both organizations have historically been publicly available on a
royalty-free basis, but with increasing regularity, the work of standards
groups has slowed because proposed standards implicate technologies covered
by software patents. A long-term system to resolve or avoid patent and other
IP- related disputes is needed and CDT is following these developments
closely. The W3C is actively revising its patent policy, and the leadership
of the IETF has indicated that such an effort is on the horizon.
The home page of the W3C Patent Policy Working Group can be found at
http://www.w3.org/2001/ppwg/.
UPCOMING IETF-54 MEETING IN YOKOHAMA, JAPAN. The second of the IETF's three
2002 in-person meetings will begin July 14 in Yokohama, Japan. IETF meetings
frequently catalyze working group activity and lead to new creativity in the
standards process. Although most of the working groups' substantive work is
conducted online, the critical progress on challenging issues can often be
made at the meetings. John Morris, Director of CDT's Standards Project, will
be attending IETF-54; feel free to contact John with any questions or
comments about the meeting. CDT will continue to provide updates on the
meeting's progress.
The home page of IETF meetings can be found at
http://www.ietf.org/meetings/past.meetings.html.
Detailed information about online civil liberties issues may be found at
http://www.cdt.org/.
|
