Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-Privacy] FW: Privacy Group - Next Steps

See note to page 15 of R41733 on the Act:

(g) It shall not be unlawful under this chapter or chapte
r 121 of this title for any person—(i) to intercept or access an
electronic communication made through an electronic communication system that is configured so that such electronic
communication is readily accessible to the general public

which brings up another point of distinction between passive and active attacks - even if the latter are trivial to execute.

Mick

On 10/23/2015 11:09 AM, Zuniga, Juan Carlos wrote:

Hi Randy,

 

I’m forwarding your mail to the list, as you bring up some interesting points and references.

 

I don’t know if this requires new IEEE initiatives, but it is worth discussing during the IEEE 802E Privacy sessions.

 

Regards,

 

Juan Carlos

 

From: Randy Rannow [mailto:rannow@xxxxxxxxxxx]
Sent: Wednesday, October 21, 2015 12:10 PM
To: Zuniga, Juan Carlos <JuanCarlos.Zuniga@xxxxxxxxxxxxxxxx>
Subject: RE: Privacy Group - Next Steps

 

Juan Carlos,

 

I missed today’s call, but looked through the notes.  I am curious if people are aware of the Electronic Communications Privacy Act as the CRS published a good overview (Congressional Research Service 7-5700 www.crs.gov R41733) and perhaps using some existing definitions may be helpful.  Also, a recent item in Computing Edge by Nir Kshetri perhaps highlights why diligence is prudent, and is perhaps better illustrated by the IEEE P1622 group and their efforts/concerns on privacy and security.  There are serious privacy and security concerns regarding and perhaps there is synergy that can be leveraged, as it is broadly said that the Fourth Amendment applies only to acts by the government.  However, there are at least two exceptions to this rule: if a utility performs a function traditionally exercised by the government and when a private utility acts as an instrument or agent of the police.

 

Does this endeavor further muddy security initiatives and how much can be leveraged by the IEEE?

 

Randy . . .

 

 

Recent US Cybersecurity Policy Initiatives:  Challenges and Implications

Computing Edge  (October 2015)

 

 

From: Zuniga, Juan Carlos  
Sent: Wednesday, October 21, 2015 8:21 AM
To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
Subject: [STDS-802-Privacy] Privacy Group - Next Steps

 

Dear all,

 

This is a summary of the discussions and agreements reached during the conference call:

 

-          Privacy Recommendations Survey (draft):

o   https://mentor.ieee.org/privecsg/dcn/15/privecsg-15-0039-00-0000-internet-privacy-recommendations-a-survey.docx

§  RFC 6973; Privacy Considerations for Internet Protocols; July 2013; https://tools.ietf.org/html/rfc6973

§  RFC 7624;  “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement”; August 2015; https://tools.ietf.org/html/rfc7624  

§  W3C Security and Privacy Questionnaire; April 2015; https://w3ctag.github.io/security-questionnaire/  

 

-          Next IEEE 802 Privacy teleconference:

o   2 December, 10:00 AM (ET)

o   802E Privacy (under 802.1 SEC)

 

-          Upcoming meetings:

o   9-13 November, 2015, IEEE 802 Plenary meeting in Dallas, TX, USA

 

-          Updated Chair’s slides:

o   https://mentor.ieee.org/privecsg/dcn/15/privecsg-15-0038-02-ecsg-october-21-conf-call-slides.pptx

 

 

Best regards,

 

Juan Carlos

This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.