Liaison statement
IETF RAI and APP concerns about location privacy

State Posted
Posted Date 2008-11-21
From Group RAI
From Contact Cullen Jennings
To Contacts Angel Machin
Lars Erik Bolstad
CcRichard Barnes
Robert Sparks
Matt Womer
Response Contact Jon Peterson
Purpose For action
Deadline 2008-12-16 Action Taken
Attachments (None)
Dear Mr. Bolstad and Mr. Machin,

The IETF RAI and APP areas were recently advised by some of our participants of
the work of the W3C Geolocation working group. We feel that the current
direction of this work presents risks to the privacy of location information on
the Internet. The experience of the IETF, and its GEOPRIV working group, in
dealing with location and location privacy may be helpful to the Geolocation WG
in finding a solution that better respects the privacy of location information
on the Web.

The IETF is committed to protecting the privacy of Internet users and
acknowledges the W3C's commitment to privacy on the Web. Both groups recognize
that the increasing availability of location information on the Internet raises
unique privacy concerns. In many contexts location information is highly
sensitive, as it can reveal intimate details about a user's whereabouts, and
can be of particular interest to corporations and government authorities.
Standards for communicating location - over the Internet or within a browser -
have an important role to play in providing a technical basis for privacy

The protocols and data formats produced by the IETF GEOPRIV WG help to protect
location information by ensuring that whenever location is transmitted, privacy
policy information is transmitted alongside it. GEOPRIV standards provide tools
that allow users to express their preferences about how their location
information is used. These tools include a standard format for conveying these
preferences together with location information (the Presence Information Data
Format-Location Object described in RFC 4119) and a lightweight policy language
for expressing privacy preferences.

The critical value of binding policy to location information is that no
recipient of the location information can disavow knowledge of users'
preferences for how their location may be used.  By creating a structure to
convey the user's preferences along with location information, the likelihood
that those preferences will be honored necessarily increases.

This model differs from the paradigm for privacy protection that has long
prevailed on the Web. The main privacy mechanisms used in the Web today are
site-specific privacy policies.  Users typically have only a binary choice: To
grant access to location (and accept all the terms of the policy), or to
withhold location. The GEOPRIV model extends this model by empowering users to
express their own privacy preferences to sites with whom they share their

The IETF APP and RAI areas would like to express their concern that the current
W3C Geolocation API draft does not include privacy protections for location
information. The current API specification requires conforming implementations
to provide a mechanism to protect user privacy, but it leaves it up to each
implementation to invent its own privacy mechanism. This approach could result
in weak or non-existent protections, or inconsistent user expectations and
experiences.  By contrast, if the W3C Geolocation API specified a standard
format for privacy rules, then users could have consistent location privacy
experience across the Web, no matter how they access it.

Normally, the first public working draft of a W3C specification would not raise
as much concern as this draft API. In this case, however, multiple
implementations already exist, and it seems very likely that the specification
will be widely deployed even before it is published as a W3C Recommendation. It
is thus essential to include privacy features even in early drafts, in order to
prevent proliferation of UA implementations and Web sites that fail to protect
users' location information.

More generally, the IETF APP and RAI areas are interested in working with the
W3C on ensuring that their location standards are compatible. The IETF has
developed a suite of privacy-preserving protocols to configure hosts with their
location and to convey location between hosts.  Alignment between these
protocols and the Geolocation API would allow UAs to use network-based location
to provide location-based applications in a much wider variety of scenarios
than is currently possible.  Harmonizing the privacy concepts between protocols
and the API will be an important first step toward this alignment.

The IETF APP and RAI areas request that the W3C delay publication of the draft
API specification until the W3C Geolocation WG has concluded its current
discussion about addressing privacy more concretely in the API. APP and RAI
believe that concluding the discussion about privacy that has already begun
within the W3C Geolocation WG before the draft specification is published will
ultimately benefit the W3C and, more importantly, location-based applications
on the Internet and the Web.

Jon Peterson & Cullen Jennings (Directors, RAI Area of the IETF)
Lisa Dusseault & Chris Newman (Directors, APP Area of the IETF)