Privacy Engineering or “Designing Privacy into Internet Protocols”

The privacy program of the Internet Architecture Board (IAB) has been working on a privacy tutorial for some time already and at the last IETF meeting in London I had the honor to present the work to the wider IETF community. The tutorial provided a sneak preview to a document we published last year, namely RFC 6973.

Privacy, as with security, has received increasing attention over the last few years as the number of security incidents and privacy violations increased. While security guidance has been offered in RFC 3552 and has been part of the IETF education tutorial for many years privacy related guidance has only been available recently with the publication of RFC 6973. This tutorial aims to provide the audience a brief overview of the privacy threats that engineers may encounter during their protocol work.

A core part of RFC 6973 is on offering guidance, i.e., a set of questions an engineer should ask himself or herself when designing new protocols or protocol extensions to take common privacy concerns into account.

The slides (PDF and PPT) are available. We also produced an audio recording of the session but unfortunately the audio quality is quite bad. I might just add audio to the slide deck myself and share it with the community.

Let me (us) know whether you find our approach useful. It is certainly not an easy checklist and requires a lot of thinking by the engineering designing the system but we couldn’t come up with another approach that covers the wide range of standardization activities the IETF is undertaking.

 

Leave a Reply

Your e-mail address will not be published. Required fields are marked *