Skip to main content
  • The new GREEN working group gets ready for an energy efficient Internet

    The Getting Ready for Energy-Efficient Networking (GREEN) working group will explore use cases, derive requirements, and provide solutions to optimize energy efficiency across the Internet.

    29 Oct 2024
  • IETF Annual Report 2023

    The IETF Annual Report 2023 provides a summary of Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and RFC Editor community activities from last year.

    25 Oct 2024
  • IETF 122 Bangkok registration open

    Registration is now available for the IETF 122 Bangkok meeting scheduled for 15-21 March 2025, which is the first time registration for an IETF meeting has been open before the preceding meeting registration has closed.

    25 Oct 2024
  • First Impressions from the IAB AI-CONTROL workshop

    The Internet Architecture Board (IAB) organized a workshop on 19-20 September 2024 to discuss issues around and possibilities for practical mechanisms that publishers of data on the Internet could employ to opt out of use by the Large Language Models and other machine learning techniques used for Artificial Intelligence (AI).

    24 Oct 2024
  • New Participant activities at the IETF: Major expansion coming for IETF 122!

    The IETF New Participants program has a long history of helping people just starting out in the IETF be more effective. Based on feedback from program participants over the past two years, and in consultation with the Internet Engineering Steering Group (IESG), the program will be significantly enhanced starting with IETF 122 Bangkok.

    22 Oct 2024

Filter by topic and date

Filter by topic and date

Celebrating Data Privacy Day

28 Jan 2014

Today is International Data Privacy Day, and I wanted to let Alissa Cooper say a few words about how we are working on privacy topics at the IETF. - Jari Arkko, IETF Chair

Each year, Data Privacy Day is celebrated on January 28 to commemorate the signing of the first legally binding international data protection treaty. It is an opportunity to promote user empowerment and education about protecting personal data.

The IETF has seen the launch of many new privacy-relevant activities in recent months, including efforts that reflect the particular kinds of user empowerment that standards organizations such as ours can effectuate. Last year the IAB published RFC 6973, Privacy Considerations for Internet Protocols, one goal of which was to provide guidance to those working in the IETF about how to consider privacy threats and mitigations within their protocol designs. Since then, the IAB Privacy Program has been refining a privacy tutorial to help put RFC 6973’s guidance into practice. After several trial runs, the tutorial has been solidified and will be conducted for all IETF participants on Sunday, March 2, at the start of the next IETF meeting.

Recent revelations concerning pervasive monitoring have spurred work on empowering users in a different way, by re-emphasising the need for security and privacy technologies to be easier to deploy and use. At least some of the attacks that we’ve learned about in recent months could have been deterred or mitigated if technologies and standards that already existed had been deployed (for example, the use of transport layer security to encrypt traffic between mail servers or data centers). But we know far too well that the difficulty of deploying and using security technologies has often prevented their adoption, both by corporations and individual end users. One consequence of the pervasive monitoring revelations has been to re-focus the technical community’s attention on usable security.

This trend is apparent within many different IETF efforts. Using TLS in Applications (UTA) is a new working group that aims to (among other things) provide greater clarity for application developers about best practices for using transport layer security in their applications. There have been discussions in many different workings groups, mailing lists, and Internet drafts about whether and how to increase the use of opportunistic encryption, which can have fewer deployment barriers compared to fully authenticated encryption and could thereby help to mitigate passive traffic sniffing.

While these examples reflect a desire to make encryption more usable, encryption alone does not suffice for meeting all data protection needs. Even with payload encryption, meta-data collection and traffic analysis can still reveal sensitive information to intermediaries, and care must be taken to ensure that payloads themselves do not include personal data unnecessarily.

Tackling these sorts of problems requires adopting data minimization and anonymization techniques that in some cases have proved even more onerous to deploy and use than transport encryption. Making this class of solutions more usable will require significant effort going forward ­ meaning that there is plenty more work to be done both inside and outside the IETF.

The IETF has long been committed to building secure protocols (see RFC 3365RFC 3552) and is currently debating extending that commitment to defending against pervasive monitoring. We still have a ways to go to make security more usable and to build in additional privacy protections beyond what security features already provide, but today we can celebrate our recent efforts and the renewed enthusiasm for privacy protection emerging throughout the IETF community. Let’s turn that energy into concrete solutions in the coming months and years.


Share this page