Skip to main content

IAB Statement to OSTP on Privacy-Enhancing Technologies
statement-iab-statement-to-ostp-on-privacy-enhancing-technologies-00

Document Type IAB Statement
Title IAB Statement to OSTP on Privacy-Enhancing Technologies
Published 2022-07-08
Metadata last updated 2023-08-09
State Active
Send notices to (None)
statement-iab-statement-to-ostp-on-privacy-enhancing-technologies-00

On 8 July 2022, the IAB responded to the Office of Science and Technology Policy (OSTP)’s Request for Information on Advancing Privacy-Enhancing Technologies:

July 08, 2022

IAB Statement to OSTP on Privacy-Enhancing Technologies


This is a response to the Office of Science and Technology Policy’s 
(OSTP) Request for Information on Advancing Privacy-Enhancing 
Technologies [Doc. 2022-12432] on behalf of the Internet Architecture 
Board (IAB). The IAB provides oversight for the protocols and procedures 
used on the Internet and developed by the Internet Engineering Task 
Force (IETF) [0]. The IETF is the main engineering organization that 
develops standards for Internet technology. The mission of the IETF is 
to produce relevant technical documents that influence the way people 
design, use, and manage the Internet (RFC 3935) [1]. The IETF is an 
open, diverse, global community consisting of network operators, 
vendors, researchers, and many other stakeholders. 

The IAB appreciates the opportunity to provide input to the OSTP on 
Information on Advancing Privacy-Enhancing Technologies, given the high 
relevance of related ongoing work in the IETF.

PRIVACY TECHNOLOGIES IN THE IETF

The IETF has a long history of working on privacy improvements for 
Internet technology and applications. A requirement of all IETF work is 
to include a discussion of the security and privacy implications of our 
protocols (see, for instance, RFC 6973 [2]), and it aims to avoid 
pervasive surveillance of Internet users (RFC 7258 [3]).

Established IETF standards in areas such as ensuring confidentiality for 
Internet communications, including TLS (RFC 8446 [4]), are very widely 
used. They continue to be enhanced and used in new contexts, such as 
with new transport protocols like QUIC (RFC 9000 [5]) or application 
protocols like DNS (DoH, RFC 8484 [6]). 

In addition to IETF work on standards that improve privacy,  privacy 
technologies are considered and researched in the Internet Research Task 
Force (IRTF) [7], e.g. in the Privacy Enhancements and Assessments 
Research Group (PEARG) [8]. The IRTF focuses on longer term research 
issues related to the Internet and is a parallel organization to IETF.

We would like to provide additional information on two specific, highly 
relevant IETF standards developments in the Privacy Preserving 
Measurement (PPM) and Oblivious HTTP Application Intermediation (OHAI) 
working groups.

Privacy Preserving Measurement in the IETF

In March of 2022, the IETF chartered the Privacy Preserving Measurement 
(PPM) Working Group [9] to standardize protocols that enable a server to 
compute aggregate statistics over a population without learning any of 
the individual values, and without learning anything about any 
individual member of the population.  The technical proposals currently 
active in this group require multiple servers that are trusted not to 
collude with each other. In these proposals, any single party who 
violates the protocol might disrupt the measurement process, but cannot 
break its privacy guarantees.

The first proposal to be formally accepted by the working group is known 
as the Distributed Aggregation Protocol (DAP) [10]. This protocol 
provides an operational framework in which multiple Verifiable 
Distributed Aggregation Functions (VDAFs) can be implemented. The 
definition of a VDAF [11] is currently underway in the IRTF Crypto Forum 
Research Group (CFRG) [12]. VDAFs are intended to provide an abstract 
framework in which suitable cryptographic procedures can be represented. 
The VDAFs currently supported include Prio3 [13] for numeric aggregation 
and Poplar1 [13] for identification of popular strings (e.g. text or 
binary sequences).

The DAP framework is inspired by the COVID-19 Exposure Notification 
Privacy-Preserving Analytics system [15]. This system was developed to 
assess the effectiveness of the Google-Apple COVID-19 Exposure 
Notification System [16], while ensuring that no party learns users’ 
sensitive health information. In operation, the roles of the non-
colluding parties were performed by the Internet Security Research Group 
(ISRG) [17] and the National Institutes of Health (NIH), coordinated by 
the MITRE Corporation.

Oblivious HTTP in the IETF

In October of 2021, the IETF chartered the Oblivious HTTP Application 
Intermediation (OHAI) Working Group [18] to develop protocols for 
sending generic HTTP requests and responses through a privacy-preserving 
network of two non-colluding parties.

The first standard developed by the group is the core Oblivious HTTP 
(OHTTP) protocol [19]. This protocol is appropriate for any client-to-
server interaction where the client’s identity can be hidden from the 
server by using a proxy, and using Hybrid Public Key Encryption (HPKE) 
[20] to prevent the proxy from observing message contents.

One application of OHTTP is the upload of metrics or metadata without 
revealing client identities. It is complementary to technologies being 
developed in the PPM Working Group. PPM protocols focus on the 
cryptographic operations applied to data, while OHTTP provides a 
mechanism for sending arbitrary messages without revealing client 
identities.

IMPORTANCE OF TECHNICAL STANDARDS FOR PRIVACY TECHNOLOGIES

Technical standards are crucial in the deployment of protocols for 
sharing data and analytics because the mechanisms used for preserving 
privacy fundamentally involve multiple parties that need to 
interoperate. This need is even more pronounced in the context of 
protocols that rely on a non-collusion condition.  Such protocols 
require at least two entities to communicate for each measurement or 
collection of data, while strictly limiting the extent of their 
coordination. In the absence of relevant technical standards, these 
parties would have to collaborate deeply to establish communication, 
threatening the non-collusion assumption.

The IETF fosters voluntarily adopted standards developed through global, 
open processes that support transparency, consensus, and the 
participation of all interested parties, regardless of jurisdiction. All 
IETF work happens in open working groups that anyone can join without 
fees or other limitations, and all IETF standards are freely available 
to all. Such open standards are highly important to ensure the continued 
growth and health of the global Internet.

RECOMMENDATIONS

To advance privacy-preserving measurement and data sharing technologies 
in the OSTP’s work, the IAB offers the following recommendations:

  • Encourage researchers and implementers to leverage and make their 
    work compatible with existing open standards for measurement 
    operations. 

  • Encourage researchers and implementers to contribute improvements to 
    such open standards whenever needed.

  • Ensure that federal procurement of privacy-preserving measurement 
    services prefers solutions based on open technical standards, when 
    possible.

  • Provide assurances that the federal government will uphold and 
    strengthen the non-collusion obligations between operators of 
    privacy-preserving measurement systems.

  • Incentivize researchers and implementers to work in open, global 
    standard bodies like the IETF rather than jurisdictionally narrow 
    regulatory bodies or technical committees.

Sincerely,

Mirja Kühlewind (IAB Chair)
For the IAB

[0] https://www.ietf.org
[1]https://datatracker.ietf.org/doc/html/rfc3935
[2] https://datatracker.ietf.org/doc/html/rfc6973
[3] https://datatracker.ietf.org/doc/html/rfc7258
[4] https://datatracker.ietf.org/doc/html/rfc8446
[5] https://datatracker.ietf.org/doc/html/rfc9000
[6] https://datatracker.ietf.org/doc/html/rfc8484
[7] https://irtf.org/
[8] https://irtf.org/pearg
[9] http://datatracker.ietf.org/wg/ppm/about/
[10] https://datatracker.ietf.org/doc/draft-ietf-ppm-dap/
[11] https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/
[12] https://datatracker.ietf.org/rg/cfrg/about/
[13] https://www.ietf.org/id/draft-irtf-cfrg-vdaf-01.html#name-prio3
[14] https://www.ietf.org/id/draft-irtf-cfrg-vdaf-01.html#name-poplar1
[15]https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ENPA_White_Paper.pdf
[16] https://www.google.com/covid19/exposurenotifications/
[17] https://www.abetterinternet.org/post/prio-services-for-covid-en/
[18] https://datatracker.ietf.org/wg/ohai/about/
[19] https://datatracker.ietf.org/doc/draft-ietf-ohai-ohttp/
[20] https://datatracker.ietf.org/doc/rfc9180/