Home»Documents»IAB Correspondence, Reports, and Selected Documents»2022»IAB Statement to OSTP on Privacy-Enhancing Technologies
On 8 July 2022, the IAB responded to the Office of Science and Technology Policy (OSTP)’s Request for Information on Advancing Privacy-Enhancing Technologies:
July 08, 2022 IAB Statement to OSTP on Privacy-Enhancing Technologies This is a response to the Office of Science and Technology Policy’s (OSTP) Request for Information on Advancing Privacy-Enhancing Technologies [Doc. 2022-12432] on behalf of the Internet Architecture Board (IAB). The IAB provides oversight for the protocols and procedures used on the Internet and developed by the Internet Engineering Task Force (IETF) [0]. The IETF is the main engineering organization that develops standards for Internet technology. The mission of the IETF is to produce relevant technical documents that influence the way people design, use, and manage the Internet (RFC 3935) [1]. The IETF is an open, diverse, global community consisting of network operators, vendors, researchers, and many other stakeholders. The IAB appreciates the opportunity to provide input to the OSTP on Information on Advancing Privacy-Enhancing Technologies, given the high relevance of related ongoing work in the IETF. PRIVACY TECHNOLOGIES IN THE IETF The IETF has a long history of working on privacy improvements for Internet technology and applications. A requirement of all IETF work is to include a discussion of the security and privacy implications of our protocols (see, for instance, RFC 6973 [2]), and it aims to avoid pervasive surveillance of Internet users (RFC 7258 [3]). Established IETF standards in areas such as ensuring confidentiality for Internet communications, including TLS (RFC 8446 [4]), are very widely used. They continue to be enhanced and used in new contexts, such as with new transport protocols like QUIC (RFC 9000 [5]) or application protocols like DNS (DoH, RFC 8484 [6]). In addition to IETF work on standards that improve privacy, privacy technologies are considered and researched in the Internet Research Task Force (IRTF) [7], e.g. in the Privacy Enhancements and Assessments Research Group (PEARG) [8]. The IRTF focuses on longer term research issues related to the Internet and is a parallel organization to IETF. We would like to provide additional information on two specific, highly relevant IETF standards developments in the Privacy Preserving Measurement (PPM) and Oblivious HTTP Application Intermediation (OHAI) working groups. Privacy Preserving Measurement in the IETF In March of 2022, the IETF chartered the Privacy Preserving Measurement (PPM) Working Group [9] to standardize protocols that enable a server to compute aggregate statistics over a population without learning any of the individual values, and without learning anything about any individual member of the population. The technical proposals currently active in this group require multiple servers that are trusted not to collude with each other. In these proposals, any single party who violates the protocol might disrupt the measurement process, but cannot break its privacy guarantees. The first proposal to be formally accepted by the working group is known as the Distributed Aggregation Protocol (DAP) [10]. This protocol provides an operational framework in which multiple Verifiable Distributed Aggregation Functions (VDAFs) can be implemented. The definition of a VDAF [11] is currently underway in the IRTF Crypto Forum Research Group (CFRG) [12]. VDAFs are intended to provide an abstract framework in which suitable cryptographic procedures can be represented. The VDAFs currently supported include Prio3 [13] for numeric aggregation and Poplar1 [13] for identification of popular strings (e.g. text or binary sequences). The DAP framework is inspired by the COVID-19 Exposure Notification Privacy-Preserving Analytics system [15]. This system was developed to assess the effectiveness of the Google-Apple COVID-19 Exposure Notification System [16], while ensuring that no party learns users’ sensitive health information. In operation, the roles of the non- colluding parties were performed by the Internet Security Research Group (ISRG) [17] and the National Institutes of Health (NIH), coordinated by the MITRE Corporation. Oblivious HTTP in the IETF In October of 2021, the IETF chartered the Oblivious HTTP Application Intermediation (OHAI) Working Group [18] to develop protocols for sending generic HTTP requests and responses through a privacy-preserving network of two non-colluding parties. The first standard developed by the group is the core Oblivious HTTP (OHTTP) protocol [19]. This protocol is appropriate for any client-to- server interaction where the client’s identity can be hidden from the server by using a proxy, and using Hybrid Public Key Encryption (HPKE) [20] to prevent the proxy from observing message contents. One application of OHTTP is the upload of metrics or metadata without revealing client identities. It is complementary to technologies being developed in the PPM Working Group. PPM protocols focus on the cryptographic operations applied to data, while OHTTP provides a mechanism for sending arbitrary messages without revealing client identities. IMPORTANCE OF TECHNICAL STANDARDS FOR PRIVACY TECHNOLOGIES Technical standards are crucial in the deployment of protocols for sharing data and analytics because the mechanisms used for preserving privacy fundamentally involve multiple parties that need to interoperate. This need is even more pronounced in the context of protocols that rely on a non-collusion condition. Such protocols require at least two entities to communicate for each measurement or collection of data, while strictly limiting the extent of their coordination. In the absence of relevant technical standards, these parties would have to collaborate deeply to establish communication, threatening the non-collusion assumption. The IETF fosters voluntarily adopted standards developed through global, open processes that support transparency, consensus, and the participation of all interested parties, regardless of jurisdiction. All IETF work happens in open working groups that anyone can join without fees or other limitations, and all IETF standards are freely available to all. Such open standards are highly important to ensure the continued growth and health of the global Internet. RECOMMENDATIONS To advance privacy-preserving measurement and data sharing technologies in the OSTP’s work, the IAB offers the following recommendations: • Encourage researchers and implementers to leverage and make their work compatible with existing open standards for measurement operations. • Encourage researchers and implementers to contribute improvements to such open standards whenever needed. • Ensure that federal procurement of privacy-preserving measurement services prefers solutions based on open technical standards, when possible. • Provide assurances that the federal government will uphold and strengthen the non-collusion obligations between operators of privacy-preserving measurement systems. • Incentivize researchers and implementers to work in open, global standard bodies like the IETF rather than jurisdictionally narrow regulatory bodies or technical committees. Sincerely, Mirja Kühlewind (IAB Chair) For the IAB [0] https://www.ietf.org [1]https://datatracker.ietf.org/doc/html/rfc3935 [2] https://datatracker.ietf.org/doc/html/rfc6973 [3] https://datatracker.ietf.org/doc/html/rfc7258 [4] https://datatracker.ietf.org/doc/html/rfc8446 [5] https://datatracker.ietf.org/doc/html/rfc9000 [6] https://datatracker.ietf.org/doc/html/rfc8484 [7] https://irtf.org/ [8] https://irtf.org/pearg [9] http://datatracker.ietf.org/wg/ppm/about/ [10] https://datatracker.ietf.org/doc/draft-ietf-ppm-dap/ [11] https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/ [12] https://datatracker.ietf.org/rg/cfrg/about/ [13] https://www.ietf.org/id/draft-irtf-cfrg-vdaf-01.html#name-prio3 [14] https://www.ietf.org/id/draft-irtf-cfrg-vdaf-01.html#name-poplar1 [15]https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ENPA_White_Paper.pdf [16] https://www.google.com/covid19/exposurenotifications/ [17] https://www.abetterinternet.org/post/prio-services-for-covid-en/ [18] https://datatracker.ietf.org/wg/ohai/about/ [19] https://datatracker.ietf.org/doc/draft-ietf-ohai-ohttp/ [20] https://datatracker.ietf.org/doc/rfc9180/