45 research outputs found
Recent Trends on Privacy-Preserving Technologies under Standardization at the IETF
End-users are concerned about protecting the privacy of their sensitive
personal data that are generated while working on information systems. This
extends to both the data they actively provide including personal
identification in exchange for products and services as well as its related
metadata such as unnecessary access to their location. This is when certain
privacy-preserving technologies come into a place where Internet Engineering
Task Force (IETF) plays a major role in incorporating such technologies at the
fundamental level. Thus, this paper offers an overview of the
privacy-preserving mechanisms for layer 3 (i.e. IP) and above that are
currently under standardization at the IETF. This includes encrypted DNS at
layer 5 classified as DNS-over-TLS (DoT), DNS-over-HTTPS (DoH), and
DNS-over-QUIC (DoQ) where the underlying technologies like QUIC belong to layer
4. Followed by that, we discuss Privacy Pass Protocol and its application in
generating Private Access Tokens and Passkeys to replace passwords for
authentication at the application layer (i.e. end-user devices). Lastly, to
protect user privacy at the IP level, Private Relays and MASQUE are discussed.
This aims to make designers, implementers, and users of the Internet aware of
privacy-related design choices.Comment: 9 pages, 5 figures, 1 tabl
Rethinking Privacy Online and Human Rights:The Internet’s Standardisation Bodies as the Guardians of Privacy Online in the Face of Mass Surveillance
There is a growing literature revolving around the role of non-state actors in the international law-making process. The starting point of this article is that, although informal international law-making may not be legally binding, it would be unwise to dismiss it as legally irrelevant. Informal law-making can be relevant with respect to conceptualising and applying existing law as well as guiding future regulation. The present discussion is placed in the context of cyberspace and, more specifically, the Internet standardisation bodies’ informal law-making functions when creating Internet protocols (by setting Internet standards). The article addresses the legitimacy and the ongoing work of the Internet Advisory Board and Internet Engineering Task Force in setting Internet standards with the aim to protect Internet users from mass surveillance and serious threats to privacy online. The article makes two main arguments. First, the effective protection of online privacy cannot be understood only in terms of compliance with legal frameworks but that – in practice - it also needs to be secured through technological means. Second, in the area of online privacy informal law-making and international law converge in a distinctive way. Internet standards should not necessarily be seen as “living a parallel life” to law or as displacing or merely complementing the law. Technical standards and international law can actively inform one another and converge in their application. The analysis explores the implications of the Internet’s technical features to policy-making and legal reasoning by discussing state and judicial practice. The article demonstrates how the technical perspective on privacy informs and enriches the manner in which the legal advisor argues about privacy, the legislator articulates the interests at stake and the judge and practitioner interpret and apply international human rights law. <br/
Engineering and lawyering privacy by design:understanding online privacy both as a technical and an international human rights issue
There is already evidence that “governmental mass surveillance emerges as a dangerous habit”. Despite the serious interests at stake, we are far from fully comprehending the ramifications of the systematic and pervasive violation of privacy online. This article underscores the reasons that policy-makers and lawyers must comprehend and value privacy not only as a human rights issue, but also as a fundamental technical property for the well-functioning of the Internet. The analysis makes two main arguments. First, it argues that the effective protection of online privacy cannot be thought of only in terms of compliance with legal frameworks but that – in practice - it also needs to be secured through technological means, such as privacy enhancing technologies and, most importantly, Privacy by Design. Recent developments in the standardization work of the Internet Advisory Board and the Internet Engineering Task Force suggest a paradigm shift with respect to integrating Privacy by Design into the core Internet protocols. The consideration of privacy as a requirement in the design of the Internet will have a significant impact on reducing states’ capability to conduct mass surveillance and on protecting the privacy of global end-users. Second, the article argues that Internet standards should not be seen as “living a parallel life” to, or as displacing or merely complementing, international human rights law. Technical standards and international law can actively inform one another. The analysis and findings demonstrate how the technical perspective on privacy can inform and enrich policy-making and legal reasoning