A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
(1) CDT Project on Standards Explores Policy Impact of Technological Decisions
Internet technical standards have a major impact on the Internet's uses and its future development, with broad implications for public policy and individual rights. For this reason, CDT launched last year its Internet Standards, Technology, and Policy Project, to increase public awareness of and input into technical decision-making. Our goal is to ensure that the Internet will continue to offer the freedom and empowerment users now enjoy.
To better serve the public interest community and bring a broader perspective to standards processes, CDT's Standards Project is taking two important initiatives:
First, we are expanding our Standards Project website, at http://www.cdt.org/standards/ . This site will contain news and alerts about public policy issues in the standards world, background information on the leading standards bodies, and information on the Standards Project. Over the coming months, we hope that the web site evolves into a useful resource for both public interest advocates who are not Internet experts and for technologists interested in public policy aspects of standards development. We welcome your input on how to best facilitate an end-user voice in standards processes.
Second, we are launching a Standards Bulletin, which every six to eight weeks will provide updates and analysis about the work of the organizations that design the standards and make other important technical decisions for the Internet. Our goal is to provide the public interest community with an introduction to the standards world, identify and track emerging issues, and raise the public interest involvement in the often complex process of standards development.
In this issue of the CDT Policy Post, we are attaching issue number one of the Standards Bulletin. We hope you find it interesting, and look forward to your feedback!
If you would like to receive future issues of the Standards Bulletin, you can subscribe to it at the project website, http://www.cdt.org/standards/ 
(2) CDT Standards Bulletin 1.01 May 30, 2002
[ Standards Bulletin 1.01 -- May 28, 2002
[ Policy Updates and Analysis from the Internet Standards World
[ Provided by
[ The Center for Democracy & Technology's
[ Internet Standards, Technology, and Policy Project
Welcome to the first issue of the Standards Bulletin, a new publication from CDT's Internet Standards, Technology, & Policy Project.
Internet technical standards have a major impact on the Internet's uses and its future development, with broad implications for public policy and individual activities. Public awareness of and input into technical decision-making are needed to ensure that the Internet in its future evolution will continue to offer the freedom and empowerment we now enjoy. Public policy makers and policy advocates need to be more familiar with the development of Internet standards and the issues they bring to the fore.
Every six to eight weeks, the Standards Bulletin will provide updates and analysis about the organizations that design those standards and make other important technical decisions for the Internet, such as the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C). Our goal is to provide the public interest community with an introduction to the standards world, identify and track emerging issues, and raise familiarity with the often complex process of standards development.
Along with this Standards Bulletin, we are also pleased to be launching our Standards Project website, at http://www.cdt.org/standards/ . This site contains news and alerts about public policy issues in the standards world, background information on the leading standards bodies, and information on the Standards Project. Over the coming months, we hope that the web site evolves into a very useful resource on public policy and the standards processes. We welcome any input from the community on these and other efforts to facilitate an end-user voice in standards development.
John B. Morris
Director, Internet Standards, Technology, and Policy Project of the Center for Democracy & Technology
1 - Standards Spotlight: IETF's GEOPRIV Working Group.
A new working group at the Internet Engineering Task Force (IETF) is addressing serious issues concerning the privacy of sensitive "location" information used in a variety of emerging technologies. As new technologies expand wireless access to the Internet, a huge array of location-based services are in the works. Along with consumer uses, such services can provide increased security and enhanced emergency services. There are also on-going projects aimed at providing (or in some cases limiting) services and content based on the location of users with stationary Internet access.
Significant privacy and security concerns are raised by these location-based services. Although many location-based services will be optional and fully user-controlled, in some cases users will have little choice but to reveal sensitive location information. Even with user-approved services, there is a significant need to protect and limit the dissemination of location information.
In mid-2001, in recognition of the serious privacy and security issues raised by location based services, the Internet Engineering Steering Group (IESG) of IETF decided to establish the "GEOPRIV" working group for the purpose of designing to protect the privacy of location information. As defined by its charter, the mission of the working group is to assess the
authorization, integrity and privacy requirements that must be met in order to transfer [location] information, or authorize the release or representation of such information through an agent.
In essence, the working group will create a specific format for the expression of location privacy and security preferences. The way those preferences are expressed and enforced will likely have a broad impact on user privacy and control. Although this effort has similarities to the P3P protocol of the World Wide Web Consortium, it will be tailored to some unique characteristics of location information. Critically, the new platform is expected to include default privacy requirements to be applied in the absence of any privacy rules created by a user.
The CDT Standards Project has been actively involved in the GEOPRIV working group since its first meeting in August 2001:
- Last fall, working with Deirdre Mulligan of the Samuelson Law, Technology, and Public Policy Clinic at Berkeley, CDT submitted to the IETF an Internet-Draft entitled "Framework for Location Computation Scenarios." The Internet-Draft offers initial analysis of the location-tracking situations in which privacy must be protected.
- In collaboration with a technologist from Siemens AG in Germany, as well as Deirdre Mulligan, CDT is working on two additional documents: a "requirements" draft specifying what technology must be created, and a "scenarios" draft specifying range of the situations in which the technology must work as designed. On May 8, 2002, we submitted the first of these in an Internet-Draft entitled "GEOPRIV requirements."
- The "GEOPRIV Requirements" draft will be the primary focus of an Interim Working Group Meeting to be held in June. We are hopeful that the draft will be formally endorsed by the working group, and finalized at the Yokohama IETF meeting in July 2002.
Following the July meeting, the Standards Project will continue to provide updates on the progress of the GEOPRIV working group effort. Under its current charter, the work of GEOPRIV is not expected to be completed until early 2003.
For more information:
GEOPRIV Charter: http://www.ietf.org/html.charters/geopriv-charter.html 
"Framework for Location Computation Scenarios," Internet-Draft, November 2001: http://www.cdt.org/standards/draft-morris-geopriv-scenarios-00.txt  (original text format), http://www.cdt.org/standards/draft-morris-geopriv-scenarios-00.pdf  (PDF format)
"GEOPRIV Requirements," Internet-Draft, April 2002: http://www.ietf.org/internet-drafts/draft-cuellar-geopriv-reqs-02.txt  (original text format), http://www.cdt.org/standards/draft-cuellar-geopriv-reqs02.pdf  (PDF format)
2 - Standards Update: Quick Dispatches on Standards & Policy
- OPES GRoup Considers Importance of PRESERVING End-to-End Data Integrity. IETF's working group on OPES (Open Pluggable Edge Services) has received guidance from the Internet Architecture Board. OPES deals with services that can reside between a client and a server on the Internet, such as a web proxy cache or other intermediary. CDT submitted comments noting that such services raise serious concerns about the integrity of end-to-end communications, and could enable tampering or censorship. In its
considerationsdocument, the IAB recognized the importance of notice and consent when such systems are used, so that possible negative impacts are minimized. In an upcoming Standards Bulletin, we will provide an in-depth analysis of OPES.
CDT's original comments on OPES are at http://www.imc.org/ietf-openproxy/mail-archive/msg00828.html . The IAB's analysis of OPES is at http://www.ietf.org/rfc/rfc3238.txt . The charter of the OPES working group is at http://www.ietf.org/html.charters/opes-charter.html . The home page of the OPES working group is at http://www.ietf-opes.org/ .
- New Cross-Registry Information Service Protocol (CRISP) Proposed As Successor to Whois. At last March's IETF meeting, experts convened in a "Birds of a Feather" (BOF) meeting to brainstorm on a new directory protocol for domain name registries. The current protocol, WHOIS, stores data about domain name registrants, but its uses have broadened substantially over the years to include law enforcement and intellectual property enforcement uses. Controversies about access and privacy have arisen, and a desire has emerged to reevaluate the system. CRISP raises important policy questions that could have a serious impact on users. The protocol is still in the formative stages and has not yet been recognized as an IETF working group, but CDT has been closely monitoring their work so far.
The Agenda and discussion of CRISP BOF can be found at http://www.ietf.org/ietf/02mar/crisp.txt .
- IEPREP Working Group Begins Emergency Preparedness Activity. The IETF's new working group, IEPREP (Internet Emergency Preparedness), is poised to address key questions about Internet use in an emergency situation. Operating on a short timeline, IEPREP will develop guidelines for Internet technologies that will be needed to enable rapid response to a major emergency, but also raising issues of equity and access by the public to important services in times of crisis. The group hopes to finish the bulk of its work by August 2002.
The Charter of the IEPREP working group can be found at http://www.ietf.org/html.charters/ieprep-charter.html .
- Standards and Intellectual Property. Both the IETF and W3C are wrestling with important intellectual property issues. Internet standards developed by both organizations have historically been publicly available on a royalty-free basis, but with increasing regularity, the work of standards groups has slowed because proposed standards implicate technologies covered by software patents. A long-term system to resolve or avoid patent and other IP-related disputes is needed and CDT is following these developments closely. The W3C is actively revising its patent policy, and the leadership of the IETF has indicated that such an effort is on the horizon.
The home page of the W3C Patent Policy Working Group can be found at http://www.w3.org/2001/ppwg/ .
- Upcoming IETF-54 Meeting in Yokohama, Japan. The second of the IETF's three 2002 in-person meetings will begin July 14 in Yokohama, Japan. IETF meetings frequently catalyze working group activity and lead to new creativity in the standards process. Although most of the working groups' substantive work is conducted online, the critical progress on challenging issues can often be made at the meetings. John Morris, Director of CDT's Standards Project, will be attending IETF-54; feel free to contact John with any questions or comments about the meeting. CDT will continue to provide updates on the meeting's progress.
The home page of IETF-54 home page can be found at http://www.ietf.org/meetings/IETF-54.html .