[Workshop Homepage] [Participants] [Position Papers] [Agenda] [Minutes]
November 13, 2002
Helena Lindskog (Ericsson)
You can use P3P to request data in the wireless environment. Issues in wireless -- small screens, limited input, and portability. If we can avoid forms, great. Personalized content is ideal. Memory for last choice is an advantage but poses certain privacy issues.
Chart -- if there is a mismatch on preferences, it will ask the user. The statement for location data -- shows location attribute. It states that they want the location information and tell you what they will do with it. Then the location is conveyed using the Lith Standard. The benefit is the convenience for the user. They don't have to type in the location. In next example, they want more than the location. It conveys the location xy coordinates and the circular area. To do it properly, the user agent should be placed at the server because GPS phones are not that common and the service provider has the information. This is a suggestion and has not been implemented. This would work with WAP at this stage and would work in any environment where you have user location information.
Question
- SMS would be the preferred medium for some companies. Also, when you use encryption, part of the stream is encrypted.
Question
- Are you suggesting that we use this as a standard to implement location services?
Answer
- In our paper, we say that this is a suggestion to the IETF working group.
Question
- Why was lith chosen instead of GML as a representation of geospatial data.
Answer
- We have been focused on Lith.
Yirong Xu (IBM)
Two things to think about with all PDAs you may want to move it from the client to the server side. This architecture, the enforcement part is not there. Make sure that the server is aware of the privacy policy by placing it in the database. The advantage is lighter clients, easier upgrade to p3p, better support for new privacy info, infrastructure for policy enforcement, no need to specialized engine and better management of policy versions.
Disadvantage, greater amount of trust in the server is required.
Question
- What's the connection between the presentation and location privacy?
Answer from Danny Weitzner
- the connection is that it's a thin client model that is advantageous in location services.
Question
- I like the idea of putting the load on the database.
Becky Richards (TRUSTe)
I will take a step back from the technology. TRUSTe a year ago starting looking at these issues and came up with the idea of symbols. It was a huge project. They teamed up Marty Abrams and looked at the trust issues. The trust issues are magnified when it's on a PDA or a cell phone in the location areas. On transparency, how do you establish that? We have found that we don't want to recreate the wheel. Since you're not "on" the web with access to the privacy policy, companies may have to do a little more. We need to be thinking about putting P3P into the medium. That would be a way to give comfort to the consumer.
Question
- Will a TRUSTe icon appear in the tray of the cell phone?
Answer
- We'll see how it shakes out.
John Morris (CDT)
John's been involved in the GeoPriv working group at IETF. The overview of the GeoPriv working group and what it was set up to do. This is a personal view and is not official. IETF meets next week in Atlanta. Its history is unusual. Geopriv was created from the top down because the leadership had seen many proposals to create location services but lacked privacy considerations. They set up GeoPriv to look at the issue of privacy in this context. It's intended to be used in many different protocols and across platforms. Some examples are devices that could be given to a child so that they could find them in case of an emergency. GeoPriv is also trying to construct a model to determine where the protection of privacy is going to happen -- at the server, in the database, at server provider, at the vendor?
We are also considering the legal obligations to service providers to disclose information in 911 instances where it trumps a user's privacy preferences. I don't know if the compact form of P3P will suffice as it does not have enough elements in it to disclose the information. The group may define privacy not using P3P as a model. Personally I believe that P3P could be a contender. The group has a rule of not recreating the wheel.
Question
- The problem is in GeoPriv is just the tip of the iceberg where we see data with privacy information with it. The IETF is seeing it across types of services. We're seeing a flood of issues like this.
Answer
- IETF has tended not to be involved in the privacy issues because they tend to be behind the scenes. We must find the middle ground on how to balance the emergency data with the privacy preferences. Many in the IETF will say that emergency preferences should be disclosed regardless. Now, wireless carriers are required to complete 911 calls whether there is a contract or not -- even if you have no agreement.
Helena Lindskog
- Many of these discussions will be regulated before we get to act.
Question
- If we want adoption, we need to respect the rights of the user.
Question to IBM
- The Privacy Manager is an authorization manager, so you only need to define an emergency purpose.
Answer
- There is an access to the data and retention issue here. For instance, can someone subpoena where I was six months ago?
Question
- does the IPV6 emergence eliminate part of the problem where everyone gets an IP address?
Answer
- IPV6 can aggregate many privacy concerns in a static address? Also, what I would like to see in any privacy solution is to blur the location information -- for instance, I am willing to tell people that I am in this city but not disclose what street I am at. We are trying to grapple with the fact that there is more to location information beyond wireless -- location services will relate to fixed devices too.
Jorge Cueller (Siemens) -
Policies in the mobile world may use other types of information. For instance, I will let AAA know my location if I am speaking to them on the phone. There is also presence information (e.g. at work, in car, in conference). Includes data like "do not disturb, do not take my bandwidth, send voice not text. " This information could be helpful and in certain instances be critical. The granularity of the data depends on the role of the requestor. So, a blurred disclosure would be made depending on who the person was.
[Workshop Homepage] [Participants] [Position Papers] [Agenda] [Minutes]
Last update $Date: 2002/11/29 17:36:03 $ by $Author: rigo $