The W3C's Geolocation API may rapidly standardize the transmission of location information on the Web, but, in dealing with such sensitive information, it also raises serious privacy concerns. We analyze the manner and extent to which the current W3C Geolocation API provides mechanisms to support privacy. We propose a privacy framework for the consideration… (More)
The functionality of the Internet and the World Wide Web is determined in large part by the standards that allow for interoperable implementations, as a result, the privacy of our online interactions depends on the work done within standard-setting organizations. But how do the organizational structure and processes of these multistake holder groups affect… (More)
Security and privacy issues for <i>Location-Based Services (LBS)</i> and geolocation-capable applications often revolve around designing a <i>User Interface (UI)</i> such that users are informed about what an application is doing and have the ability to accept or decline. However, in a world where applications increasingly draw on a wide variety of LBS… (More)
Relying on non-enforceable normative language to persuade Web sites to make their privacy practices clear has proven unsuccessful, and where privacy policies are present, they are notoriously unclear and unread. Various machine-readable techniques have been proposed to address this problem, but many have suffered from practical difficulties. We propose a… (More)
Microsoft has proposed an identity metasystem to standardize identity services and the principles behind them. A location metasystem can support interoperation between location services, protect users' privacy and handle issues of granularity. The simple OAuth protocol may be a good model for working towards a location metasystem.
Many government actions require an Environmental Impact Statement; some now require a Privacy Impact Assessment. 1 One might imagine a requirement that IETF protocol designers go through some similar activity. The IETF already requires proposed standards to have a "security considerations" section, why not a public policy considerations section? In 2003,… (More)
One critique of Privacy-by-Design has focused on its lack of concrete guidance for implementation. We have proposed privacy design patterns (drawing from architectural design patterns and object-oriented programming design patterns) as documentation that can be more directly applicable and have established a site to coordinate collaborative development of… (More)