Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Data portability threat model, mitigations #424

Closed
lisad opened this issue May 20, 2024 · 6 comments · Fixed by #426
Closed

Data portability threat model, mitigations #424

lisad opened this issue May 20, 2024 · 6 comments · Fixed by #426
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response.

Comments

@lisad
Copy link

lisad commented May 20, 2024

The right to port data is indeed important for choice, but I think it would be good to have a small amount of extra discussion about the privacy and safety considerations involved in that kind of functionality.

This is way TL,DR; but I've put a bunch of work into a reference architectural model for secure data portability, as well as a detailed threat model (in two parts), so I would be able to help if there is agreement to say a little more more.

Some of the onus is on regulators and 3rd parties such as standards bodies - without help, companies are left liable (especially in the US) for data transfers that end badly even if nobody could have predicted that outcome. There's stuff we can do, projects I'm for one actively working on, and maybe it wouldn't hurt to have a little acknowledgement of the work to do in this excellent principles doc!

@jyasskin
Copy link
Collaborator

We discussed this question in our meeting today, and while we don't want to add a long discussion about the details of how to do data portability well, we'd like to add a citation from https://w3ctag.github.io/privacy-principles/#dfn-right-to-portability to some document that does go into those details. Does DTI have a good document that supports and explains the right to port, which you'd like us to cite?

I think we'd also be happy to take changes to the text that don't make it appreciably longer. Would you like to suggest such a change, or is the current summary basically ok?

Also, thanks for working on the details of this problem!

@lisad
Copy link
Author

lisad commented May 29, 2024

I'm working on some more citable documents. We're definitely working on a single link for the threat model document, coming soon. I'll think more about a summary of the right to port.

I still think that a small addition to the text is worthwhile. Not very much longer, but definitely worth mentioning the additional threats around phishing/permissions and harmful content, which are challenging threats to manage in a data portability context.

E.g.: "Data portability increases challenges in content moderation and maintaining content policies. Bulk transfers of data are harder to apply some protective tools to, and services will need to create or use new protections. New avenues for phishing for personally-identifying or sensitive material are also likely, as data transfer is complex and involves permissions and scopes that need to offer what various users need, yet also be simple and clear."

@plehegar plehegar added security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. labels May 31, 2024
@torgo
Copy link
Member

torgo commented Jun 5, 2024

Hi @lisad - After discussion on today's call, we're still minded to not include further text but instead cite something. It's a different tone from the rest of the section and we don't feel it's balanced with the other rights we discussed so in the interest of brevity we'd like to instead include a citation.

@lisad
Copy link
Author

lisad commented Jun 7, 2024

Okay! I'm working with our ED Chris on a couple documents that we can provide on dtinit.org as stable citations - one on the threat model, one that I think will be a short, great explainer on what is the right to data portability. It will be useful in other contexts as well - I'm constantly running into people, both technical and not, who question whether this should be a right and why it's not already solved with exporting support. I'll keep you posted when we have something available.

@lisad
Copy link
Author

lisad commented Jun 12, 2024

Our single-permanent-link threat model doc is now at: https://dtinit.org/assets/ThreatModel.pdf
We are still working on a referenceable doc for "the right to data portability", after thinking about it we did agree that's a worthwhile effort. ( Some folks who are technical and informed ask why we bother, or why export/import doesn't solve this -so it's worth documenting at least a couple trends and use cases that make this matter, as well as the laws that support this right.)

@torgo
Copy link
Member

torgo commented Jul 6, 2024

Thank you, @lisad !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants