IAB Statement to OSTP on Privacy-Enhancing Technologies
statement-iab-statement-to-ostp-on-privacy-enhancing-technologies-00
Document | Type | IAB Statement | |
---|---|---|---|
Title | IAB Statement to OSTP on Privacy-Enhancing Technologies | ||
Published | 2022-07-08 | ||
Metadata last updated | 2023-08-09 | ||
State | Active | ||
Send notices to | (None) |
statement-iab-statement-to-ostp-on-privacy-enhancing-technologies-00
On 8 July 2022, the IAB responded to the Office of Science and Technology Policy (OSTP)’s Request for Information on Advancing Privacy-Enhancing Technologies:
July 08, 2022
IAB Statement to OSTP on Privacy-Enhancing Technologies
This is a response to the Office of Science and Technology Policy’s
(OSTP) Request for Information on Advancing Privacy-Enhancing
Technologies [Doc. 2022-12432] on behalf of the Internet Architecture
Board (IAB). The IAB provides oversight for the protocols and procedures
used on the Internet and developed by the Internet Engineering Task
Force (IETF) [0]. The IETF is the main engineering organization that
develops standards for Internet technology. The mission of the IETF is
to produce relevant technical documents that influence the way people
design, use, and manage the Internet (RFC 3935) [1]. The IETF is an
open, diverse, global community consisting of network operators,
vendors, researchers, and many other stakeholders.
The IAB appreciates the opportunity to provide input to the OSTP on
Information on Advancing Privacy-Enhancing Technologies, given the high
relevance of related ongoing work in the IETF.
PRIVACY TECHNOLOGIES IN THE IETF
The IETF has a long history of working on privacy improvements for
Internet technology and applications. A requirement of all IETF work is
to include a discussion of the security and privacy implications of our
protocols (see, for instance, RFC 6973 [2]), and it aims to avoid
pervasive surveillance of Internet users (RFC 7258 [3]).
Established IETF standards in areas such as ensuring confidentiality for
Internet communications, including TLS (RFC 8446 [4]), are very widely
used. They continue to be enhanced and used in new contexts, such as
with new transport protocols like QUIC (RFC 9000 [5]) or application
protocols like DNS (DoH, RFC 8484 [6]).
In addition to IETF work on standards that improve privacy, privacy
technologies are considered and researched in the Internet Research Task
Force (IRTF) [7], e.g. in the Privacy Enhancements and Assessments
Research Group (PEARG) [8]. The IRTF focuses on longer term research
issues related to the Internet and is a parallel organization to IETF.
We would like to provide additional information on two specific, highly
relevant IETF standards developments in the Privacy Preserving
Measurement (PPM) and Oblivious HTTP Application Intermediation (OHAI)
working groups.
Privacy Preserving Measurement in the IETF
In March of 2022, the IETF chartered the Privacy Preserving Measurement
(PPM) Working Group [9] to standardize protocols that enable a server to
compute aggregate statistics over a population without learning any of
the individual values, and without learning anything about any
individual member of the population. The technical proposals currently
active in this group require multiple servers that are trusted not to
collude with each other. In these proposals, any single party who
violates the protocol might disrupt the measurement process, but cannot
break its privacy guarantees.
The first proposal to be formally accepted by the working group is known
as the Distributed Aggregation Protocol (DAP) [10]. This protocol
provides an operational framework in which multiple Verifiable
Distributed Aggregation Functions (VDAFs) can be implemented. The
definition of a VDAF [11] is currently underway in the IRTF Crypto Forum
Research Group (CFRG) [12]. VDAFs are intended to provide an abstract
framework in which suitable cryptographic procedures can be represented.
The VDAFs currently supported include Prio3 [13] for numeric aggregation
and Poplar1 [13] for identification of popular strings (e.g. text or
binary sequences).
The DAP framework is inspired by the COVID-19 Exposure Notification
Privacy-Preserving Analytics system [15]. This system was developed to
assess the effectiveness of the Google-Apple COVID-19 Exposure
Notification System [16], while ensuring that no party learns users’
sensitive health information. In operation, the roles of the non-
colluding parties were performed by the Internet Security Research Group
(ISRG) [17] and the National Institutes of Health (NIH), coordinated by
the MITRE Corporation.
Oblivious HTTP in the IETF
In October of 2021, the IETF chartered the Oblivious HTTP Application
Intermediation (OHAI) Working Group [18] to develop protocols for
sending generic HTTP requests and responses through a privacy-preserving
network of two non-colluding parties.
The first standard developed by the group is the core Oblivious HTTP
(OHTTP) protocol [19]. This protocol is appropriate for any client-to-
server interaction where the client’s identity can be hidden from the
server by using a proxy, and using Hybrid Public Key Encryption (HPKE)
[20] to prevent the proxy from observing message contents.
One application of OHTTP is the upload of metrics or metadata without
revealing client identities. It is complementary to technologies being
developed in the PPM Working Group. PPM protocols focus on the
cryptographic operations applied to data, while OHTTP provides a
mechanism for sending arbitrary messages without revealing client
identities.
IMPORTANCE OF TECHNICAL STANDARDS FOR PRIVACY TECHNOLOGIES
Technical standards are crucial in the deployment of protocols for
sharing data and analytics because the mechanisms used for preserving
privacy fundamentally involve multiple parties that need to
interoperate. This need is even more pronounced in the context of
protocols that rely on a non-collusion condition. Such protocols
require at least two entities to communicate for each measurement or
collection of data, while strictly limiting the extent of their
coordination. In the absence of relevant technical standards, these
parties would have to collaborate deeply to establish communication,
threatening the non-collusion assumption.
The IETF fosters voluntarily adopted standards developed through global,
open processes that support transparency, consensus, and the
participation of all interested parties, regardless of jurisdiction. All
IETF work happens in open working groups that anyone can join without
fees or other limitations, and all IETF standards are freely available
to all. Such open standards are highly important to ensure the continued
growth and health of the global Internet.
RECOMMENDATIONS
To advance privacy-preserving measurement and data sharing technologies
in the OSTP’s work, the IAB offers the following recommendations:
• Encourage researchers and implementers to leverage and make their
work compatible with existing open standards for measurement
operations.
• Encourage researchers and implementers to contribute improvements to
such open standards whenever needed.
• Ensure that federal procurement of privacy-preserving measurement
services prefers solutions based on open technical standards, when
possible.
• Provide assurances that the federal government will uphold and
strengthen the non-collusion obligations between operators of
privacy-preserving measurement systems.
• Incentivize researchers and implementers to work in open, global
standard bodies like the IETF rather than jurisdictionally narrow
regulatory bodies or technical committees.
Sincerely,
Mirja Kühlewind (IAB Chair)
For the IAB
[0] https://www.ietf.org
[1]https://datatracker.ietf.org/doc/html/rfc3935
[2] https://datatracker.ietf.org/doc/html/rfc6973
[3] https://datatracker.ietf.org/doc/html/rfc7258
[4] https://datatracker.ietf.org/doc/html/rfc8446
[5] https://datatracker.ietf.org/doc/html/rfc9000
[6] https://datatracker.ietf.org/doc/html/rfc8484
[7] https://irtf.org/
[8] https://irtf.org/pearg
[9] http://datatracker.ietf.org/wg/ppm/about/
[10] https://datatracker.ietf.org/doc/draft-ietf-ppm-dap/
[11] https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/
[12] https://datatracker.ietf.org/rg/cfrg/about/
[13] https://www.ietf.org/id/draft-irtf-cfrg-vdaf-01.html#name-prio3
[14] https://www.ietf.org/id/draft-irtf-cfrg-vdaf-01.html#name-poplar1
[15]https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ENPA_White_Paper.pdf
[16] https://www.google.com/covid19/exposurenotifications/
[17] https://www.abetterinternet.org/post/prio-services-for-covid-en/
[18] https://datatracker.ietf.org/wg/ohai/about/
[19] https://datatracker.ietf.org/doc/draft-ietf-ohai-ohttp/
[20] https://datatracker.ietf.org/doc/rfc9180/