[Nea] privacy: exposing information to owner

[Pekka Savola <pekkas at netcore.fi>]

On Tue, 14 Nov 2006, Keith Moore wrote:
> 1. NEA MUST NOT expose information about a host to any party other than the
> owner of that host.   (and a host has at most one owner)
> 
> (an alternative would be that NEA can only expose details about a host's
> configuration to host's owner, but that it could expose yes/no information in
> the sense of "I do/don't meet the requirements of your network" to parties
> other than the host's owner.  which might make NEA more broadly applicable,
> but might also open up a big can of worms and/or be out of scope for this WG's
> current charter.)

Actually, I think in some contexts this might need to be stronger than 
this.  For example, even if an employee's laptop is owned by the 
enterprise, some legislations (at least here in Finland) there are 
prohibitions on what the employer may (or may not) do e.g., to track 
the employee or employee's usage.

For example, it would be illegal to track which websites the user 
surfs to ("to ensure productive use of working time"), the amount of 
time keyboard/mouse is idle ("the user is not doing anything at work") 
etc.

It is not clear to me to what extent this would need to be reflected 
in the NEA protocol or requirements.  Nonetheless 'only the owner can 
get full information' might be too much in some cases.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea