Minutes of the 2021-12-08 IAB Technical Discussion
1. Administrivia
1.1. Attendance
Present:
- Jari Arkko
- Deborah Brungard
- Ben Campbell
- Lars Eggert (IETF Chair)
- Wes Hardaker
- Cullen Jennings
- Mirja Kühlewind (IAB Chair)
- Zhenbin Li
- Jared Mauch
- Cindy Morgan (IAB Executive Administrative Manager)
- Karen O’Donoghue (IS-OC Liaison)
- Tommy Pauly
- Colin Perkins (IRTF Chair)
- Amy Vezza (IETF Secretariat)
- Greg Wood (IETF Director of Communications and Operations)
- Jiankang Yao
Regrets:
- David Schinazi
- Martin Vigoureux (IESG Liaison)
- Russ White
Guests:
- Hamed Haddadi
- Pete Snyder
Observers:
- Mark McFadden
2. IAB Technical Discussion: Data Privacy for the Internet.
Hamed Haddadi and Pete Snyder joined the IAB to discuss data privacy for the Internet.
Hamed Haddadi said that privacy on the Internet/web is mostly left to app developers and service providers. There are some regulatory measures, like GDPR in the EU and CCPA in California, but those are open to misinterpretation because the issue of consent on the Web is complicated. There is also a gap between regulation and enforcement.
There are no widely-adopted standards (other than encryption agreements) that are readily integrable into the Internet pipeline. In recent years, more privacy has been embedded into data collection and telemetry protocols. Measures that rely on local privacy might not work very well.
Pete Snyder noted that in IETF and elsewhere, there have been discussions about how to blind who is talking to whom. This includes things like Oblivious HTTP and Oblivious DNS. Other proposals have been made in TOR and W3C. Given that there are several proposals all trying to accomplish the same thing through different techniques, having some standards would be useful.
Hamed Haddadi said that people are looking for ways to introduce transparency into their protocols, but there are complexities around providing attested services. These mechanisms have their own challenges, and it would be good to think about what could be standardized.
Pete Snyder added that signed exchange/web bundles is a category where users are protected at the network level. The servers do not learn about the client that is participating with them, but then that removes some information that the client gets.
Hamed Haddadi observed that there are many security and verification issues. There is a need for anonymity, but that leaves things open for scammers. The need for monetization on the Web is one of the main drivers. The current options are to embed ads/trackers, or to put things behind a paywall. Current efforts at monetization at a protocol level/network layer (e.g. decentralized web) include:
- WebMonitization: https://webmonetization.org/specification.html
- Brave Ads: https://brave.com/brave-ads/
- Tor + Coil: https://write.as/sabine/progress-report
Pete Snyder said that there is a growing need for privacy-preserving analytics at the IETF. Some of this was discussed at the Privacy Respecting Incorporation of Values (PRIV) BOF at IETF 112. There are several proposals with different tradeoffs.
Wes Hardaker said that his biggest concern is that current privacy-preserving technology are only used by those who were trying to do the right thing in the first place, and he worries that by developing things that are only workable for good folks, they can be easily worked around by bad actors.
Pete Snyder replied that helping the good guys to do good things is a laudable goal in itself because it can help make unintentional errors less catastrophic. He also noted that there is a proposal in the W3C to allow law enforcement to hook into these protocols to help keep bad actors more honest.
Wes Hardaker said that legislation is a great option, but that the Internet is so fragmented that it can’t help in places where the regulators don’t want to do that.
Tommy Pauly asked whether we have to trust the people providing privacy services. The proposals in the IETF include Oblivious-like things (OHAI, oblivious DOH, PPM) that assume you are working with cooperating parties, and as such are optimized for working with known entities. Other proposals use proxying, e.g. MASQUE.
Jared Mauch said that he is concerned that some proposals just shift who the centralized party is.
Tommy Pauly said that it can be bootstrapped to a large company, but that does not mean that is the way that the protocol has to evolve. He asked whether the protocol decides reality, or the economic model?
Pete Snyder said that he shares that concern.
Tommy Pauly noted that some proposals rely on having a large enough anonymity set, so they have to be a certain size before they are actually good for privacy.
Pete Snyder said that some of those have strong enforcement until the crowd size is big enough. There are analytics approaches that say that the data is locked until the crowd reaches a certain size. However, that might not work for things with high bandwidth, low latency requirements.
Jari Arkko observed that the IETF talks a lot about telemetry and analytics, but asked if this moves the needle in a world where a social network can track you across 60% of the Web.
Pete Snyder replied that there are enough technical issues with regards to privacy problems that they could use 10 times the amount of effort. Efforts have to be made at more than just the network level.
Hamed Haddadi added that there are things that can be done locally, such as adding noise to the data. It is also worth looking at whether a sample size is too small to make doing analytics worthwhile. There needs to be standards and tools for providing long-term privacy, and there needs to be regulatory involvement as well.
Tommy Pauly asked where the line is between the guarantees one gets from technology and the guarantees one gets from regulation.
Mirja Kühlewind said this was discussed recently at IGF. Not knowing where data is collected or how it is used makes it difficult to regulate.
Cullen Jennings said that we need to think about solutions that use a combination of protocol design, contracts, and regulation.
Hamed Haddadi said that thanks to things like Facebook and Instagram ads, the average Internet user is more aware of tracking and privacy issues than they used to be.
Hamed Haddadi said that one of the challenges is that doing attestation revolves around using centralized services. It would be nice to think about where standardization could help there.
Pete Snyder asked what else would be helpful to do here.
Tommy Pauly replied that having smaller companies participate in the standardization discussions in OHAI, MASQUE, and other places is important, because while the companies may not be the biggest, they have the know-how about what is actually doable. The success in decentralizing the solutions relies on the participation; people are needed to work on them and deploy them in a distributed fashion.
The IAB thanked Hamed Haddadi and Pete Snyder for the discussion. Hamed will update their slides and send them out to the IAB for reference.
Mirja Kühlewind asked what the next steps are for the IAB here.
Tommy Pauly said that the IETF is good at building the building blocks, but they don’t always look at the incentives and deployment models.
Cullen Jennings said that the ones that the protocols that look at the the incentives and think about the deployment models tend to be the ones that have more successful deployments. He added that he has seen BOFs where discussions about incentives and deployment are shut down as being out of scope, and suggested that the IAB could push back against that.
Tommy Pauly agreed to lead a follow-up discussion with the IAB about data privacy at a future IAB teleconference.