Privacy Enhancements and Assessments Proposed Research Group
charter-irtf-pearg-01

Document Charter Privacy Enhancements and Assessments Proposed Research Group RG (pearg)
Title Privacy Enhancements and Assessments Proposed Research Group
Last updated 2018-10-16
State Approved
RG State Active
Send notices to (None)

Charter
charter-irtf-pearg-01

Background

 Privacy is an increasingly desirable and often necessary property for Internet
 technologies. Evidence suggests that attacks on societal, community, and
 individual privacy occur with non-negligible frequency, as discussed in detail
 in RFC 7258 and in protocol-specific documents such as RFC 7626. Pervasive
 monitoring [RFC 7258], is a well known attack on privacy at incredible scale.
 The IETF’s and IAB’s responses to such attacks are to push for widespread
 end-to-end encryption along with encouraging effort in numerous working groups
 around reducing privacy leakage. Understanding attacks on privacy and the
 costs of addressing them is critical for ensuring the longevity, usability,
 and viability of Internet technologies.

Alongside such work global and region-specific legislation is evolving in this
area (GDPR and the ePrivacy Directive are two such examples applicable to
Europe). While the full impact of such legislative changes is not understood,
this provides further motivation for enhancing available privacy techniques
(beyond end-to-end encryption), advancing the state-of-the-art for privacy in
protocols, and for assessing privacy of existing protocols.

Furthermore, there are varying definitions of privacy and confidentiality with
different scope and context since it is often seen technically as an aspect of
security analysis whereas it is in fact inherently a social, technical,
economic, and legal construct.

Objectives

 The Privacy Enhancements and Assessments Research Group (PEARG) is a general
 forum for discussing and reviewing privacy enhancing technologies for network
 protocols and distributed systems in general, and for the IETF in particular.

The PEARG serves to:

Bridge between theory and practice, bringing new privacy-enhancing technologies
from open source or academic communities to the wider Internet community and
promoting an understanding of the use and applicability of these mechanisms via
Informational or Experimental RFCs (in the tradition of HMAC [RFC 2104]).

Document research on new and existing privacy assessment methodologies. One
goal of this work would be to inform future development of additional
specifications in the tradition of RFC 6973 by the IETF or IAB. This work will
involve outreach to ensure close cooperation with similar and related efforts
in IETF.

Provide a forum for discussion and analysis of the cryptographic and practical
aspects of privacy protocols e.g.
        Analyse dependencies between protocols in the larger Internet ecosystem
        and understand the privacy implications in a wider context Understand
        why some protocol design efforts have succeeded and other have not
        Formulate better models for analyzing and quantifying privacy risks
        Offer guidance on the use of emerging techniques and new uses of
        existing ones.

Provide a forum for IETF working groups developing protocols that include
privacy technology elements to bring questions concerning the protocols to the
PEARG for advice.

Collaborations

PEARG will actively engage with academic and open source (e.g. Tor Project,
EFF, OTF) communities and encourage specification of key privacy-enhancing
technologies in Informational or Experimental RFCs. It will also engage with
other organisations e.g. PETS, SOUPS, W3C and the Privacy Interest Group
therein.

The range of potential topics the group could invite work on is large; some
examples of current emerging technologies where interest is solicited include:

    Statistical Inference e.g.
        Differential privacy (DP) techniques applied to networked and
        distributed systems (Chrome and Apple are known to have implementations
        of DP) Anti-fingerprinting techniques
    Potential uses of multi-party computation (MPC) for privacy
    Privacy preserving reputation systems
    ESA (Encode, Shuffle, Analyze architecture) for privacy-preserving software
    monitoring as proposed by Google

PEARG is related to security and cryptographic protocols in the IETF and IRTF.
Among the IETF working groups, PEARG will encourage participation so that
desirable privacy properties are upheld for the Internet community. PEARG will
also collaborate with the CFRG to ensure cryptographic techniques and
algorithms are used appropriately for their intended purpose.