Individual Submission S. Moonesamy Internet-Draft Intended status: Informational September 14, 2013 Expires: March 18, 2014 Privacy and Identifiers draft-moonesamy-privacy-identifiers-01 Abstract The Internet provides the ability for information to be spread beyond geographical boundaries at the speed of light. Once information is available over the Internet it leaves the private realm. If the information can be used to identify a person it can affect the privacy of the individual. There are cases when it can increase the physical risk to the individual or where it can have a negative financial impact. Some types of information can be an embarassment to an individual and negatively affect the person's reputation. This document discusses about identifiers in the context of privacy. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 18, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Moonesamy Expires March 18, 2014 [Page 1] Internet-Draft Privacy and Identifiers September 2013 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Note . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Link Layer Identifiers . . . . . . . . . . . . . . . . . . . 3 4. Internet Identifiers . . . . . . . . . . . . . . . . . . . . 3 4.1. IP address . . . . . . . . . . . . . . . . . . . . . . . 3 4.2. Email address . . . . . . . . . . . . . . . . . . . . . . 3 5. Session Identifiers . . . . . . . . . . . . . . . . . . . . . 4 6. The right amount of information . . . . . . . . . . . . . . . 4 7. Security Considerations . . . . . . . . . . . . . . . . . . . 4 8. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 5 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 10. Informative References . . . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Background In 1657 the General Post Office was set up in England, Scotland and Ireland [Ord1]. One of the secondary purposes was "to discover and prevent many dangerous, and wicked designs". In 1844 there was a political row after it was discovered that the Post Office was intercepting letters. In 1881 French law about the freedom of the press [Leg1] offered protection for facts about an individual's private life by giving the individual the ability to seek redress by legal means if these facts were published by the press. In 1890 [Leg2] it was mentioned that recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing the individual. In 1948 the United Declaration of Human Rights [Leg3] stated that "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks". Moonesamy Expires March 18, 2014 [Page 2] Internet-Draft Privacy and Identifiers September 2013 In 2000 the IETF published a policy on wiretapping [RFC2804]. One of the observations was that "experience shows that tools designed for one purpose that are effective for another tend to be used for that other purpose too, no matter what its designers intended". 2. Introduction The Internet provides the ability for information to be spread beyond geographical boundaries at the speed of light. Once information is available over the Internet it leaves the private realm. Although there is the ability to seek redress by legal means if information about an individual's private life is being distributed publicly over the Internet, it can be an impossible task when multiple juridictions are involved. In essence, the information cannot be contained once it leaves the private realm. If the information shared can be used to identify a person it can affect the privacy of the individual. There are cases when it can increase the physical risk to the individual or where it can have a negative financial impact. Some types of information can be an embarassment to an individual and negatively affect the person's reputation. This document discusses about identifiers in the context of privacy. 2.1. Note This Internet-Draft can be discussed on the ietf-privacy@ietf.org mailing list. [RFC-Editor: please remove this paragraph] 3. Link Layer Identifiers A link layer identifier, such as a MAC address, is used to identify a physical device. A link layer identifier, in contrast with identifiers used at other layers, is considered as a physical identifier as it is embedded in the device. 4. Internet Identifiers 4.1. IP address An Internet Identifier known as an IP address indicates where it is [RFC0791]. 4.2. Email address Moonesamy Expires March 18, 2014 [Page 3] Internet-Draft Privacy and Identifiers September 2013 An email address is a character string that identifies a user to whom mail will be sent or a location into which mail will be deposited [RFC5321]. 5. Session Identifiers A Session Identifier uniquely identifies a communication session. For example, a cookie [RFC6265] is session identifier used by HTTP servers to store state. The HTTP server can send the user agent a cookie. The user agent returns that cookie in subsequent requests. There are two types of cookies, session cookies and persistent cookies. A session cookie is destroyed when the user agent is closed. A persistent cookie is preserved across multiple sessions and is only destroyed once it reaches its expiration date. 6. The right amount of information When a person explicitly addresses the remote end at the IP layer the person consents to the transmission of the IP address assigned to local end. The IP addresses of the two end-hosts are necessary for IP-layer communication to be possible. When a person sends an email the person consents to the transmission of an email address. The email address is necessary for the recipient of the email to be able to reply to it. As a short-lived mechanism to store state it can be argued that a session identifier such as a session cookie is necessary to provide the functionality for a communication session. There may be valid reasons for having a persistent cookie, for example, to store the preferences of the individual. A persistent cookie can also be used to track a person's usage of a service. If the intention of the person is not clear, he/she may have to be asked for consent. In an all-or-nothing proposition a person is faced with the inevitable choice of sharing information to be able to communicate. The interests and motivation of the two ends (e.g. the entity providing a service at one end and the person using the service at the other end) are not aligned. It is difficult for the average person to take an informed decision about the amount of personal data that needs to be shared. There is an implicit assumption that the underlying protocols are transmitting the right amount of information needed for the protocols to work. There is a reasonable expectation that the person will be provided with a cautionary notice to which he /she must consent to if the information being disclosed may adversely affect the person. 7. Security Considerations Moonesamy Expires March 18, 2014 [Page 4] Internet-Draft Privacy and Identifiers September 2013 It is a myth that people become anonymous when they are in a crowd. Naive users view the Internet as a place where they are anonymous and by extension, incorrectly assume they should not be concerned about their privacy. Privacy policies usually end up as disclaimers of liability instead of policies aimed at protecting privacy. 8. Recommendations It is recommended that an identifier be used at the layer at which its functionality is necessary for communication to be established. It is recommended not to transmit link layer identifiers over the Internet. 9. IANA Considerations This document does not request any action from IANA. [RFC-Editor: please remove this paragraph] 10. Informative References [ARTDP] European Union, "Opinion 2/2008 on the review of the Directive 2002/58/EC on privacy and electronic communications (ePrivacy Directive)", , . [EUD] European Union, "Directive EU 95/46/EC of the European Parliament and the Council", , . [Leg1] France, "Loi du 29 juillet 1881 sur la liberte de la presse", 1881, . [Leg2] Harvard Law Review, "The right to privacy", , . [Leg3] United Nations, "The universal declaration of human rights", , . Moonesamy Expires March 18, 2014 [Page 5] Internet-Draft Privacy and Identifiers September 2013 [NIST] NIST, "Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)", , . [Ord1] United Kingdom, "An Act for setling the Postage of England, Scotland and Ireland", June 1657, . [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [RFC2804] IAB IESG, "IETF Policy on Wiretapping", RFC 2804, May 2000. [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, October 2008. [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, April 2011. [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, July 2013. [USDC] United States District Court Western District of Washington, "Johnson et al. v. Microsoft, Case No. C06-0900RAJ", . Author's Address S. Moonesamy 76, Ylang Ylang Avenue Quatre Bornes Mauritius Email: sm+ietf@elandsys.com Moonesamy Expires March 18, 2014 [Page 6]