ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last call: draft-montemurro-gsma-imei-urn-16.txt

2013-07-19 18:04:30
from [Tim Bray] [Permanent Link] 
Hm, I confess that I searched the text of the draft for the word “privacy”
and jumped to conclusions upon seeing no matches.  Probably a good idea to
work it in for impatient folk like me.

I would expand that section to point out that since the IMEI survives
device wipes and changes of possession, it shouldn’t be assumed to identify
a person.

And I really wouldn’t ever expose an IMEI at the application level, but
maybe it’s appropriate at the level this draft is addressing.  We had
endless nightmares, not only because of the wipe-survival, but because app
code would try to run on a device that didn't have an IMEI and crash, and
so on.  -T


On Fri, Jul 19, 2013 at 3:53 PM, Andrew Allen 
<aallen(_at_)blackberry(_dot_)com> wrote:



Tim

Do you not think that the text in the security considerations section::

"because IMEIs can be loosely correlated to a user, they need to be
treated as any other personally identifiable information. In particular,
the IMEI URN MUST NOT be included in messages intended to convey any level
of anonymity"

covers the privacy issue?

If not what is the additional privacy concern?

Andrew

 *From*: Tim Bray [mailto:tbray(_at_)textuality(_dot_)com]
*Sent*: Friday, July 19, 2013 12:07 PM Central Standard Time
*To*: S Moonesamy <sm+ietf(_at_)elandsys(_dot_)com>
*Cc*: IETF-Discussion Discussion <ietf(_at_)ietf(_dot_)org>
*Subject*: Re: Last call: draft-montemurro-gsma-imei-urn-16.txt

 On Fri, Jul 19, 2013 at 9:52 AM, S Moonesamy 
<sm+ietf(_at_)elandsys(_dot_)com>wrote:



It would be easier to have the draft discuss the GSMA URN only.  The
alternative is to have the draft discuss the privacy considerations of
using IMEI and IMEISV.



 Good catch.  Assuming this is a good idea (I’m dubious) it would be
completely unacceptable to register it without a discussion of privacy
implications. -T




Regards,
S. Moonesamy



 ---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from
your system. Use, dissemination, distribution, or reproduction of this
transmission by unintended recipients is not authorized and may be
unlawful.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last call: draft-montemurro-gsma-imei-urn-16.txt, Andrew Allen
Next by Date:  Re: Last call: draft-montemurro-gsma-imei-urn-16.txt, Stephen Farrell
Previous by Thread:  Re: Last call: draft-montemurro-gsma-imei-urn-16.txt, Andrew Allen
Next by Thread:  Re: Last call: draft-montemurro-gsma-imei-urn-16.txt, Stephen Farrell
Indexes:  [Date] [Thread] [Top] [All Lists]