privecsg-15-0004-02-0000
Privacy Recommendation PAR Proposal
Date: [2015-01-15]
Authors:
Name
Affiliation
Juan Carlos Zúñiga
InterDigital Labs
Phone
Email
j.c.zuniga@ieee.org
Notice:
This document does not represent the agreed view of the IEEE 802 EC Privacy Recommendation SG. It represents only the views of the
participants listed in the ‘Authors:’ field above. It is offered as a basis for discussion. It is not binding on the contributor, who reserve the right to
add, amend or withdraw material contained herein.
Copyright policy:
The contributor is familiar with the IEEE-SA Copyright Policy <http://standards.ieee.org/IPR/copyrightpolicy.html>.
Patent policy:
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Abstract
This document presents a PAR-CSD text proposal for consideration/discussion by the
IEEE 802 Privacy EC SG.
1
privecsg-15-0004-02-0000
Privacy Recommendation PAR/CSD
Proposal
Juan Carlos Zuniga
InterDigital Labs
2
privecsg-15-0004-02-0000
Title
• IEEE Recommended Practice for
Information technology-Telecommunications and information
exchange between systems-- Local and
metropolitan area networks:
• Privacy considerations for IEEE 802
Technologies.
3
privecsg-15-0004-02-0000
Scope of the Project
• This document specifies a privacy threat
model for IEEE 802 technologies and
provides general recommendations for
standards developers and implementers
on how to protect against privacy threats.
4
privecsg-15-0004-02-0000
Purpose
• The recommended practice document
provides recommendations to address
privacy threats applicable to link layer
technologies, including Surveillance,
Monitoring, Stored Data Compromise,
Intrusion, Misattribution, Correlation,
Identification, Secondary Use, Disclosure
and Exclusion.
5
privecsg-15-0004-02-0000
Need
• In order to address recent concerns about Internet
privacy, SDOs such as IETF, W3C and IEEE 802 need to
take action.
• Some of the technologies developed in IEEE 802 play a
major role in Internet connectivity, and certain threats are
applicable specifically to link layer technologies.
• IEEE 802 has been collaborating with IETF in many fronts
and the need to develop privacy guidelines in IEEE 802
has been identified as one new area for collaboration
between the two organizations.
6
privecsg-15-0004-02-0000
Stakeholders
• Developers, providers, and users of
services, content and equipment for wired
and wireless network connectivity using
IEEE 802 standards. This includes
software developers, networking IC
developers, bridge and NIC vendors,
service providers and users.
7
privecsg-15-0004-02-0000
Possible Registration Activity
• This project does not envision any
registration activity.
8
privecsg-15-0004-02-0000
Managed Objects
• Describe the plan for developing a definition of
managed objects. The plan shall specify one of
the following:
– a) The definitions will be part of this project.
– b) The definitions will be part of a different project and
provide the plan for that project or anticipated future
project.
– c) The definitions will not be developed and explain
why such definitions are not needed.
• c) This is a recommended practice document
that does not specify any parameters, so it
has no managed objects.
9
privecsg-15-0004-02-0000
Coexistence
• A WG proposing a wireless project shall
demonstrate coexistence through the
preparation of a Coexistence Assurance (CA)
document unless it is not applicable.
– a) Will the WG create a CA document as part of the
WG balloting process as described in Clause 13?
(yes/no)
– b) If not, explain why the CA document is not
applicable.
• A CA document is not applicable because
this project does not use wireless spectrum.
10
privecsg-15-0004-02-0000
Broad Market Potential
•
Each proposed IEEE 802 LMSC standard shall have broad market potential. At a minimum,
address the following areas:
–
–
•
•
•
a) Broad sets of applicability.
b) Multiple vendors and numerous users.
New applications are being used across multiple networks and devices. These
developments bring enormous economic and social value to individuals and to
society as a whole. However, such value may not be fully achieved without
successfully addressing the growing privacy threat.
Users and operators are increasingly aware of privacy issues. According to the
report “Mobile Privacy Principles” of the mobile operators’ GSMA, “A critical factor
for the sustainable development of this (mobile technology) eco-system is a robust
and effective framework for the protection of privacy, where users can continue to
have confidence and trust in Internet technologies, applications and services.”
Privacy has also been identified as a key feature for Internet service providers,
network providers, device manufacturers and end users, as recent industry
announcements show.
Most Internet connections make use of technologies developed in IEEE 802 (e.g.
IEEE 802.1, 802.3, 802.11 and 802.15), and some companies have already started
implementing privacy features on top of IEEE 802 standards. Providing privacy
features is already seen as a business advantage. This recommendation will mitigate
the risk of privacy threats on IEEE 802 technologies and will foster continued growth
11
of deployment of IEEE 802 technologies for communication devices.
privecsg-15-0004-02-0000
Compatibility
• Each proposed IEEE 802 LMSC standard should be in conformance
with IEEE Std 802, IEEE 802.1AC, and IEEE 802.1Q. If any
variances in conformance emerge, they shall be thoroughly
disclosed and reviewed with IEEE 802.1 WG prior to submitting a
PAR to the Sponsor.
– a) Will the proposed standard comply with IEEE Std 802, IEEE Std
802.1AC and IEEE Std 802.1Q?
– b) If the answer to a) is no, supply the response from the IEEE 802.1
WG.
– The review and response is not required if the proposed standard is an
amendment or revision to an existing standard for which it has been
previously determined that compliance with the above IEEE 802
standards is not possible. In this case, the CSD statement shall state
that this is the case.
• a) Yes.
12
privecsg-15-0004-02-0000
Distinct Identity
• Each proposed IEEE 802 LMSC standard shall
provide evidence of a distinct identity. Identify
standards and standards projects with similar
scopes and for each one describe why the
proposed project is substantially different.
• There is currently no standard that defines a
privacy threat model and associated
recommended practice for IEEE 802
technologies.
13
privecsg-15-0004-02-0000
Technical Feasibility
• Each proposed IEEE 802 LMSC standard shall provide evidence
that the project is technically feasible within the time frame of the
project. At a minimum, address the following items to demonstrate
technical feasibility:
– a) Demonstrated system feasibility.
– b) Proven similar technology via testing, modeling, simulation, etc.
• The recommended practice will define recommendations that
can be followed by system designers and implementers to
improve privacy.
• Some experiments have been carried out and technical reports
of these experiments may be published, for instance as
Informational RFCs.
14
privecsg-15-0004-02-0000
Economic Feasibility
•
Each proposed IEEE 802 LMSC standard shall provide evidence of
economic feasibility. Demonstrate, as far as can reasonably be estimated,
the economic feasibility of the proposed project for its intended applications.
Among the areas that may be addressed in the cost for performance
analysis are the following:
–
–
–
–
–
•
a) Balanced costs (infrastructure versus attached stations).
b) Known cost factors.
c) Consideration of installation costs.
d) Consideration of operational costs (e.g., energy consumption).
e) Other areas, as appropriate.
The recommended practices will take into consideration the need to
minimize cost impact to implement the mitigation methods.
15