Joint forces for a cloud computing privacy manual

Monika Ermert, Heise, Intellectual Property Watch, VDI-Nachrichten, Germany

PUBLISHED ON: 26 Jul 2013

The upcoming meeting of the Internet Engineering Task Force (IETF) brings close to 1,500 internet engineers from small and large companies, universities and organisations to Berlin in the week of July 29, 2013. Will they help address the top question about how to enforce the fundamental right to privacy, or as Germany's constitutional court put it sublimely, the right to "informational self-determination?" A workshop at the Alexander von Humboldt Institute for Internet and Society (HIIG), just prior to IETF 87, tries to tap into the developers knowledge to collectively develop a cloud computing privacy manual with legislators.

Participants include privacy expert Caspar Bowden, long-time IETF participants Fred Baker (Cisco) and Patrik Fältström (Netnod) and Alissa Cooper (Center for Democracy and Technology), one of the driving forces of the privacy programme of the Internet Architecture Board (the IETF peer body) as well as officials from the European Commission and the German Ministry of the Interior.

It is an ambitious project – in only a few hours the workshop on Cloud Computing and EU Data Protection Regulation will try to get a discussion underway on a best current practice document that would give guidelines to cloud operators with regard to privacy-friendly cloud offers.

A Request for Comment for privacy-friendly cloud services?

Request for Comment (RFC)

The traditional format of standard and informational documents of the Internet Engineering Task Force (IETF). RFCs are developed by IETF Working Groups in an open standards process. Informational documents can also be prepared by the Internet Architecture Board (IAB) or as individual submissions.

A rough draft Request for Comment (RFC) prepared by HIIG expert Jörg Pohle lists privacy-relevant aspects of cloud services, the risks and how to mitigate them. Core aspects include confidentiality, integrity, availability, and the need to be transparent. To reduce opacity, the company processing the data informs data controllers about who is involved in the processing chain, who will be able and allowed to access and also where data is being held for some time.

On the topic of surveillance the draft document proposes a recommendation to inform about the existing surveillance obligations and "if the data processor is explicitly forbidden by law to disclose any information about the surveillance by one or more third parties, the data processor MUST NOT declare that it is providing a secure or privacy compliant or data protection compliant service."

It will be interesting to see how legislators invited to the workshop to provide – in RFC language – their "requirements" will react to such an idea. So far they have not followed up on recent complaints by data processors in Germany and elsewhere and have also not explained that they are torn between the loud cries to speak up on surveillance activities tapping on their infrastructure and official gag orders.

Inviting legislators from Germany and the EU and developers to one table, Pohle hopes, will help to create standard operators offering services that can be implemented globally and governments can refer to as a standard they will want to accept – or require.

Legislators and techies slow in making privacy by design real

The need to consider privacy in developing new protocols has been discussed and fought for in the IETF for quite some time. Discussions go back more than a decade and just before the Berlin meeting an informational RFC has been finalised and officially passed through the RFC editor process. RFC 6973 on "Privacy Considerations for Internet Protocols" aims, according to its short abstract, to "make designers, implementers, and users of Internet protocols aware of privacy-related design choices."

The core idea of the document certainly is that privacy by design too, something touted by politicians recently, can be done here, if anywhere. There are few groups in the IETF looking into privacy issues, like the long-standing Geopriv Working Group that considers location privacy solutions. But it is difficult to make privacy considerations an integral part of network and application designing as calls to bring more privacy work into the IETF illustrate. Stephen Farrell, a researcher at the school of Computer Science and Statistics at Trinity College Dublin and Security Area Co-Chair at the IETF, and as such "in charge of" privacy considerations, recently said he would welcome work tackling the privacy concerns (PDF) inherent for example in floating car data collected by Google Navigation and Waze to analyse traffic flows. But a draft fix for the traffic data generation did not find interest, the author wrote. Also, a proposal to have privacy icons in emails seems to be stuck in the process.

Privacy for those who help themselves – only?

The question in the end is who will push for privacy. Forget about many large service and application providers, Tor evangelist Jacob Appelbaum said at a talk at the Technical University of Munich on July 17, 2013. Tor is an anonymising tool that blurs traces of users. The companies whose CEOs had been lying to citizens about their cooperation with the intelligence services in amassing data about them were complicit to the erosion of privacy.

Appelbaum is not even content with how Mozilla, often perceived as a role model in implementing privacy, wants to handle anonymity in their browser and email software. The latter, for example by including time stamps, would ease tracking down users by informing which time zone they are in. The Tor project was working to have a fix on Thunderbird for that.

He appealed to IT students to help developing strong alternatives that would help to enforce fundamental rights. Does the activist who avoids the US for the reason of safety then agree with the recommendation of the German Minister of the Interior, Hans Peter Friedrich, that it's just up to the users to protect themselves? Appelbaum underlined governments had to really legislate privacy by design.

Telling citizens to help themselves was the subversive answer and a call to self-justice, says Jörg Pohle. He hopes for glimpses into how better enforcement could work during the workshop and in the follow-up discussion.

Update: In the discussion, the draft was criticised for being too imprecise concerning the presented threat mitigation measures to be useful for a best current practices (BCP) document. It was suggested to revise the draft as a taxonomy and problem statement document that could then lead to a new attempt to formulate a BCP document.

Add new comment