eap Mailing List: RE: comments on draft-groeting-eap-netselection-results-00. txt

[Tschofenig Hannes (hannes.tschofenig]

hi jari, 

thanks for your quick response. 
a short response to your privacy related comment.

~snip~  

>  > 2.2.5  Privacy Policy
> 
> This is interesting, though maybe not so critical. The 
> location of the user will be roughly known by his IP address 
> in any case. And I suspect that there are legal interception 
> & goverment regulations that dictate that the networks have 
> to hand over any information in any case, if requested. So it 
> isn't clear to me what value an advertisement of a privacy policy has.

privacy is a complex subject, as you know. there are different places
(access network, intermediate networks, end hosts, home network, etc.) and
different layers (network layer, link layer, application layer) where
information is leaking, which can harm the user's privacy. hence, this
simple extension cannot solve all privacy problems. 

things start to be problematic if a users long term identifier (such as a
NAI) can be associated with his location. the visited network might have
access to such a long term identifier. 

to be more specific, i had the work done with radius and geopriv in mind
when i wrote this text. see
http://www.ietf.org/internet-drafts/draft-tschofenig-geopriv-radius-lo-00.tx
t

i don't agree with you when it comes to issues of 'if i know your ip address
then i know your location'. the work in the geopriv working group showed
that there are much more issues to think about. 

it is true that there are legal inception and govermental regulations that
need to be considered. today, if you use a wireless lan hotspot then users
typically experience a high degree of privacy. this might change in the near
future but we should try to preserve the users privacy as far as possible.
if a network has to perform legal interception then it could indicate this
fact. 

ciao
hannes