Internet Architecture Board

RFC2850

IAB Minutes 2018-06-06

Home»Documents»Minutes»Minutes 2018»IAB Minutes 2018-06-06

Minutes of the 2018-06-06 IAB Teleconference (Tech Chat & Business Meeting)

1. Roll-call, agenda-bash, administrivia

1.1. Attendance

Present:
  • Jari Arkko
  • Alissa Cooper
  • Ted Hardie (IAB Chair)
  • Christian Huitema
  • Allison Mankin (IRTF Chair)
  • Gabriel Montenegro
  • Cindy Morgan (IAB Executive Administrative Manager)
  • Erik Nordmark
  • Karen O’Donoghue (ISOC Liaison)
  • Melinda Shore
  • Robert Sparks
  • Brian Trammell
  • Suzanne Woolf
Regrets:
  • Deborah Brungard (IESG Liaison)
  • Mark Nottingham
  • Jeff Tantsura
  • Martin Thomson
  • Amy Vezza (Secretariat)
Guests:
  • Deirdre Mulligan

1.2. Administrivia

Two new items (‘July Teleconferences’ and ‘NTIA notice of inquiry on International Internet Policy Priorities’) were added to the agenda

2. Tech Chat: Privacy Landscape

Deirdre Mulligan joined the IAB to discuss the current Internet privacy landscape. She noted that the Computing Community Consortium recently held a workshop on Privacy as Engineering Practice. The workshop was attended by 36 people from academia, 14 people from industry, 8 people from government, and 7 people from non-profits.

The workshop started with the following points:

  • Privacy must be addressed at design time
  • Privacy is distinct from security and requires additional engineering approaches
  • Engineering should increase transparency, empower users, and recognize the liability of collecting personal data.

The workshop resulted in the following key insights:

  • Formal specifications must balance abstraction and realism, improve transparency, and ensure humans are involved privacy-critical decisions
  • Definitions of privacy and relation to users and designers must be clear up front
  • Quantifying privacy and privacy risk can inform the allocation of design resources
  • Privacy design patterns are used to capture and share knowledge
  • Market incentives have made it difficult to achieve practical privacy standards
  • De-identification techniques should be tailored to the privacy risk and legal context.

There is not a uniform lexicon of privacy-related terminology. There is a need for concrete definitions of privacy and the system properties that align with them.

The workshop asked a series of questions about how to measure and quantify privacy:

  • What are the dimensions of privacy risks?
  • How do we measure success or failure of privacy technologies or design?
  • How do we design and implement techniques for detecting and measuring flows of personal information and other forms of privacy loss such as what is revealed through inference?
  • Can we develop a more complete, quantitative understanding of the privacy risks of aggregate data?

The workshop also discussed the relationship between privacy and security, and how much they intersect. Another issue that arose was the need for research and tools for building and verifying the different concepts of privacy. It would be useful to think about implementations, as well as what sort of guidance one might provide in addition to the specifications.

Christian Huitema observed that when information about people is collected and aggregated, people don’t know how the data will be used.

Deirdre Mulligan replied that people are concerned about how the information that is gleaned at that aggregate level might be used against them, but that she is not sure what can be done to address that at a technical level other than to make data aggregation more difficult.

Allison Mankin noted that the IRTF is planning to charter a Research Group to contribute in this space.

Deirdre Mulligan said that detailed privacy reviews of specifications might be helpful, and asked the IAB what their thinking was on this. Ted Hardie replied that if privacy reviews were made a requirement of the IETF standards process, then that would be under the purview of the IESG. Ted said that he thinks there is still a fair but of work to be done to make privacy reviews a common practice.

Alissa Cooper said that from her perspective, the IETF has been adopting a model that is better than taking a mandatory approach, in that there is more generalized knowledge across the various IETF Areas about privacy threats and what is needed to mitigate them.

3. Future Technical Plenaries

The IAB agreed to not have a technical presentation during the plenary at IETF 102. Brian Trammell will send a note to the community.

4. Meeting Minutes

Cindy Morgan will send out an e-vote to approve the minutes of the 16 May 2018 and 30 May 2018 IAB teleconferences.

5. Action Item Review

The internal action item list was reviewed.

6. Applied Networking Research Workshop

Allison Mankin reported that the organization for the Applied Networking Research Workshop is almost done. The Internet Society has agreed to comp the IETF meeting registration fee for eight of the professors who are presenting at the workshop. IETF attendees will not be charged to attend ANRW.

7. IAB agenda at IETF 102

Cindy Morgan reported that she and Suzanne Woolf are in the process of finding out when the ICANN liaison managers will be available to meet with the IAB during IETF 102.

Cindy Morgan asked the IAB to update the wiki or send her email to add items to the IAB agenda for IETF 102. She reminded Program Leads to start scheduling their Program meetings and let her know about any catering requirements.

8. IAB approval of draft-iab-marnew-report

Cindy Morgan will send out an e-vote for the IAB to approve publication of draft-iab-marnew-report as an Informational RFC on the IAB stream.

9. ICANN Root Zone Evolution Review Committee (RZERC) Appointment

The IAB agreed to reappoint Jim Reid to the ICANN Root Zone Evolution Review Committee for an additional one-year term. Ted Hardie will follow up with Jim.

10. July Teleconferences

Cindy Morgan noted that the date for what would normally be the last teleconference in the IAB cycle before IETF 102 is a holiday in the United States, and asked the IAB if they should move the meeting to another date. After a brief discussion, Cindy agreed to send out a Doodle poll to choose between 3 July 2018 and 11 July 2018 for the meeting.

11. NTIA notice of inquiry on International Internet Policy Priorities

Suzanne Woolf took an action item to work with the IANA Program to draft a response from the IAB to the NTIA notice of inquiry on International Internet Policy Priorities.

12. Community Coordination Group Appointment

The IAB briefly discussed their appointment to the Community Coordination Group.