reviewing for privacy in internet and web standard setting
play

Reviewing for privacy in Internet and Web standard-setting Nick Doty - PowerPoint PPT Presentation

Mar 26, 2024 •402 likes •550 views

Reviewing for privacy in Internet and Web standard-setting Nick Doty UC Berkeley, School of Information Outline 1. Internet standards at IETF & W3C 2. History of security and privacy reviews 3. Reactions to Snowden 4. Future directions What

  1. Reviewing for privacy in Internet and Web standard-setting Nick Doty UC Berkeley, School of Information

  2. Outline 1. Internet standards at IETF & W3C 2. History of security and privacy reviews 3. Reactions to Snowden 4. Future directions

  3. What is a standard?

  4. Making standards

  5. Privacy and security in standards over time 100% 100% IETF standards W3C standards Percentage mentioning term Percentage mentioning term security since 1970 since 1995 80% 80% 60% 60% 40% 40% security 20% 20% privacy privacy 0% 0% Count of RFCs published 1970 1975 1980 1985 1990 1995 2000 2005 2010 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014 Count of TRs published 300 100 200 50 100 0 0 1993: “Security Considerations” section required

  6. Substantivity of “Security Considerations” All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. 
 —RFC 3552 (2003) Number of lines 2,000 1,500 1,000 500 0 1970 1975 1980 1985 1990 1995 2000 2005 2010 2015

  7. Leadership and systematization “Now everyone [thinks about security]. Not everyone does, but as soon as you don’t, you get called out. […] The security area directors are like a force to be reckoned with at this point. Free lunches got a volunteer Security Directorate started. “Once it was institutionalized and organized, [...] there was enough momentum to keep it going.” interviews with IETF participants

  8. Privacy-specific Web standards DNT: 1

  9. Tools for privacy and security reviews • RFC 3552: Guidelines for Writing RFC Text on Security Considerations • RFC 6973: Privacy Considerations for Internet Protocols • Self-Review Questionnaire: Security and Privacy • Fingerprinting Guidance for Web Specification Authors • Specification Privacy Assessment

  10. Snowden reactions • From individuals: we had a good thing you messed it up for everyone we trusted you we were naive never again Thomson, Martin. 2013. A Simple Statement. 
 http://www.ietf.org/internet-drafts/draft-thomson-perpass-statement-00.txt. Aymann Ismail/ANIMALNewYork

  11. Snowden reactions • From groups: Average daily messages to mailing list 14 perpass Pervasive monitoring is secdir public-privacy 12 ietf-privacy a technical attack that privacydir 10 should be mitigated in 8 the design of IETF protocols, where 6 possible. 4 Farrell, S, and H Tschofenig. 2014. Pervasive Monitoring is an Attack. 2 RFC 7258. RFC Editor. http://tools.ietf.org/html/rfc7258. 0 2009 2010 2011 2012 2013 2014

  12. Groups for privacy and security reviews • W3C Privacy Interest Group • Web Security Interest Group • W3C Technical Architecture Group • IETF Security Directorate • perpass ( per vasive pass ive surveillance) • IAB Privacy & Security Program

  13. Future work • What tools are effective and how can a systematized process be set up in a standard-setting environment? • What can we learn about consideration of values (privacy, security, accessibility, freedom of expression) in multistakeholder groups?

  14. Thanks! Nick Doty npdoty@ischool.berkeley.edu https://npdoty.name

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

STANDARD SETTING IN AN EVOLVING ASSESSMENT ENVIRONMENT Andrew Wiley, ACS Ventures, LLC February

STANDARD SETTING IN AN EVOLVING ASSESSMENT ENVIRONMENT Andrew Wiley, ACS Ventures, LLC February

STANDARD SETTING IN AN EVOLVING ASSESSMENT ENVIRONMENT Andrew Wiley, ACS Ventures, LLC February 19, 2018 #atpconf #atpconf STANDARD SETTING METHODOLOGY Most prominent standard setting methods were developed with a focus on making judgments

655 views • 17 slides
ISO 22000: 2018 & PAS 96: 2017 @ 2019 Setting the Standard for Business Setting the

ISO 22000: 2018 & PAS 96: 2017 @ 2019 Setting the Standard for Business Setting the

FOOD FRAUD PREVENTION & FOOD DEFENCE MECHANISMS AWARENESS TRAINING BASED ON ISO 22000: 2018 & PAS 96: 2017 @ 2019 Setting the Standard for Business Setting the Standard for Business FOOD SAFETY CULTURE IMPLEMENTATION A

1.02k views • 33 slides
Bookmark Standard Setting and Louisiana Louisiana has a long history of Bookmark Standard Setting

Bookmark Standard Setting and Louisiana Louisiana has a long history of Bookmark Standard Setting

Bookmark Standard Setting and Louisiana Louisiana has a long history of Bookmark Standard Setting LEAP iLEAP GEE EOC Alternates (LAA 1 and ELDA) Louisiana administers the following assessments LEAP 2025 (grades 3-8

335 views • 6 slides
APIs and Mobile and Online Privacy Scene-setting, Regulations and Controversies W3C Device API

APIs and Mobile and Online Privacy Scene-setting, Regulations and Controversies W3C Device API

APIs and Mobile and Online Privacy Scene-setting, Regulations and Controversies W3C Device API Privacy Kasey Chappelle, Global Privacy Counsel July 2010 Vodafone C2 Vast rates of societal change, increasing all the time TECHNOLOGIC SOCIAL

213 views • 6 slides
INTERNET LAW SESSION 5 DR ANGELA DALY 15 NOVEMBER 2019 WELCOME BACK TO INTERNET LAW! PRIVACY

INTERNET LAW SESSION 5 DR ANGELA DALY 15 NOVEMBER 2019 WELCOME BACK TO INTERNET LAW! PRIVACY

INTERNET LAW SESSION 5 DR ANGELA DALY 15 NOVEMBER 2019 WELCOME BACK TO INTERNET LAW! PRIVACY AND PART I DATA PROTECTION OVERVIEW Privacy Data protection Surveillance Exercises Privacy the right to be let alone Warren and

611 views • 44 slides
Internet Privacy Proxies, VPNs and Tor for private communications in the public Internet

Internet Privacy Proxies, VPNs and Tor for private communications in the public Internet

Free Technology Workshop Internet Privacy Proxies, VPNs and Tor for private communications in the public Internet Organised by Steven Gordon Room RS401 9am - 12noon Friday 20 June 2014 http://ict.siit.tu.ac.th/moodle/ Demos and Tasks

684 views • 10 slides
Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of

Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of

Networking Privacy Options The Internet Internet Security Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014

805 views • 38 slides
CS683 - Security and Privacy: Reviewing Computer Networking (2/2) Karim Eldefrawy

CS683 - Security and Privacy: Reviewing Computer Networking (2/2) Karim Eldefrawy

CS683 - Security and Privacy: Reviewing Computer Networking (2/2) Karim Eldefrawy keldefrawy@usfca.edu Universit of San Francisco Overview of Networking, TCP/IP Stack, ARP, IP 1 Networking Concepts Protocol Architecture (Stack or Suite)

1.59k views • 57 slides
Designing for Pragmatists and Fundamentalists: Privacy Concerns and Attitudes on the Internet of

Designing for Pragmatists and Fundamentalists: Privacy Concerns and Attitudes on the Internet of

Designing for Pragmatists and Fundamentalists: Privacy Concerns and Attitudes on the Internet of Things The Rise of the INTERNET OF THINGS Internet of Things (IoT) A two-sided technology UTILITY RISK Privacy The right to be let alone

926 views • 20 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
1 Setting the Standard for Residential Living As a Tampa Bay Times Top Workplace, Valet

1 Setting the Standard for Residential Living As a Tampa Bay Times Top Workplace, Valet

1 Setting the Standard for Residential Living As a Tampa Bay Times Top Workplace, Valet Living has been setting the standard for doorstep collection and recycling since 1995. Servicing over a million apartment homes across 39

379 views • 17 slides
The Internet was not designed with Privacy in mind. We need to redesign it. 1 1) Common

The Internet was not designed with Privacy in mind. We need to redesign it. 1 1) Common

Hannes Tschofenig The Internet was not designed with Privacy in mind. We need to redesign it. 1 1) Common statement in Future Internet Architecture proposals. Complex Eco-System Business > Consumer Interest > Policy Makers >

396 views • 6 slides
Insights into Internet Privacy for Visually Impaired and Blind People Georg Regal , Elke

Insights into Internet Privacy for Visually Impaired and Blind People Georg Regal , Elke

Insights into Internet Privacy for Visually Impaired and Blind People Georg Regal , Elke Mattheiss, Marc Busch, Manfred Tscheligi Photo: AIT Austrian Institute of Technology/ Michael Bsendorfer Internet Privacy Personal data in the

618 views • 26 slides
Gender-Responsive Climate Actions through the W+ Standard Setting the Standard for Womens

Gender-Responsive Climate Actions through the W+ Standard Setting the Standard for Womens

Gender-Responsive Climate Actions through the W+ Standard Setting the Standard for Womens Empowerment Developed in 2015 by WOCAN to: 1- Increase rigor and accountability of gender initiatives 2- Incentivize new investments in womens

369 views • 12 slides
Setting the Test Standard for Setting the Test Standard for Tomorrow Tomorrow Nasdaq: AEHR

Setting the Test Standard for Setting the Test Standard for Tomorrow Tomorrow Nasdaq: AEHR

Setting the Test Standard for Setting the Test Standard for Tomorrow Tomorrow Nasdaq: AEHR Nasdaq: AEHR Forward Looking Statements This presentation contains forward-looking statements that involve risks and uncertainties relating to

438 views • 15 slides
Data Privacy and Security in the Age of IoT(Internet of Things) What is IoT? (The Internet of

Data Privacy and Security in the Age of IoT(Internet of Things) What is IoT? (The Internet of

Data Privacy and Security in the Age of IoT(Internet of Things) What is IoT? (The Internet of Things) IoT is the concept of connecting any device with an on and off switch to the Internet (and/or to each other). IoT is a Concept, This

952 views • 27 slides
SIP Working Group IETF 72 chaired by Keith Drage, Dean Willis Note Well

SIP Working Group IETF 72 chaired by Keith Drage, Dean Willis Note Well

SIP Working Group IETF 72 chaired by Keith Drage, Dean Willis Note Well AnysubmissiontotheIETFintendedbytheContributorforpublicationasallorpartofanIETFInternet-Draft

234 views • 9 slides
Lightweight and Flexible Trust Assessment Modules for the Internet of Things Jan Tobias Mhlberg

Lightweight and Flexible Trust Assessment Modules for the Internet of Things Jan Tobias Mhlberg

empty Lightweight and Flexible Trust Assessment Modules for the Internet of Things Jan Tobias Mhlberg , Job Noorman and Frank Piessens jantobias.muehlberg@cs.kuleuven.be iMinds-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium

636 views • 50 slides
Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Chapter 1 Introduction to Computers, Programs, and Java 1 Objectives To Know the basics To write a simple Java program To know error types To Know basic syntax of a Java program 2 Programs Computer programs , known as software

473 views • 36 slides
Hot Topics Affecting the Financial Services Industry Developments in US and UK Financial Services

Hot Topics Affecting the Financial Services Industry Developments in US and UK Financial Services

Hot Topics Affecting the Financial Services Industry Developments in US and UK Financial Services Enforcement Daniel L. Stein Guy Wilkes Partner Partner +1 212 506 2646 +44 20 3130 3355 dstein@mayerbrown.com gwilkes@mayerbrown.com June 6,

639 views • 33 slides
Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T

Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T

Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T Wireless Background An increasing public WLAN deployment by WISP, 3G, and fixed broadband operators In roaming situations, a WLAN access network

146 views • 12 slides
Saratoga : scalable, speedy data delivery for sensor networks Lloyd Wood Research Fellow Centre

Saratoga : scalable, speedy data delivery for sensor networks Lloyd Wood Research Fellow Centre

Saratoga : scalable, speedy data delivery for sensor networks Lloyd Wood Research Fellow Centre for Communication Systems Research, University of Surrey, Guildford, GU2 7XH 30 June 2011 Private sensor networks Must deliver sensor data

351 views • 6 slides
The Present and Future of Congestion Control Mark Handley Outline Purpose of congestion

The Present and Future of Congestion Control Mark Handley Outline Purpose of congestion

The Present and Future of Congestion Control Mark Handley Outline Purpose of congestion control The Present: TCPs congestion control algorithm (AIMD) TCP-friendly congestion control for multimedia Datagram Congestion

984 views • 54 slides
3D Graphik-Pipeline Anwendung Geometrieverarbeitung

3D Graphik-Pipeline Anwendung Geometrieverarbeitung

CG CG Computer Graphik I Beleuchtung Marc Alexa, TU Berlin 1 CG CG 3D Graphik-Pipeline Anwendung Geometrieverarbeitung Perspek>vische Transforma>on,

677 views • 35 slides

More recommend