Indeed, there is already an ECRIT document that covers most of this question, in particular providing guidance as to how precise is "precise enough" for routing emergency calls:
<http://tools.ietf.org/html/draft-ietf-ecrit-rough-loc>
> However, I could be wrong, but I think this is the first GEOPRIV document that describes a rule to deliberately reduce the accuracy of location information, so I think it would be appropriate to have at least a brief discussion of the consequences in this document.
The idea that privacy rules would modify returned location information is just about as old as GEOPRIV itself. See the following text from RFC 3693:
"
There are four scenarios in which some form of constraint or
override might be placed on the Privacy Rules of the Rule
Maker:
1. In the case of emergency services (such as E911 within the
United States), local or national laws may require that
accurate location information be transmitted in certain
defined emergency call situations. The Geopriv Working
Group MUST facilitate this situation.
"
That last sentence just means that the privacy rule systems developed by GEOPRIV must allow a Location Server / Rule Holder to overrule a Rule Maker, which both -policy and -policy-uri clearly do. So together with the above ECRIT document, I really don't think that draft-ietf-geopriv-policy needs to say anything on this matter.
--Richard
>
> I am suggesting some text to clarify whether a rule to obscure location will either prevent obtaining the most accurate location information available in cases that it is needed or desired, or will make it necessary to take additional actions to obtain accurate location information when it is needed.
>
> In other words, if a rule maker sets a rule to obscure location, does this mean a location recipient (either the location target or a third party) cannot obtain accurate location in the case that it needs it, whether for an emergency call (where the consequences for deliberately providing less useful location information are high) or to order a pizza? I think it appropriate for this document to provide some guidance to the rule maker to address this.
>
> Eric
>
>
> -----Original Message-----
> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> Sent: Tuesday, October 18, 2011 7:39 PM
> To: Richard L. Barnes
> Cc: Hannes Tschofenig; Arolick, Eric; geopriv@ietf.org
> Subject: Re: [Geopriv] Location Obfuscation and Emergency Services (geopriv-policy-25)
>
> Richard, Eric,
>
> I will put some text about this issues into the upcoming version of the trustworthy location document.
> Planning to work on it next week.
>
> Ciao
> Hannes
>
> On Oct 18, 2011, at 4:21 PM, Richard L. Barnes wrote:
>
>> <hat type="individual"/>
>>
>> Hi Eric,
>>
>> Thanks for the comments. You're correct that emergency services use cases do create new scenarios for location privacy. This document is not the place to address them. All this document does is define a policy language that can be applied in many different circumstances. Documents that define emergency services architectures should define how they handle privacy rules.
>>
>> Note that this will vary quite a bit from jurisdiction to jurisdiction. Your assumption that privacy rules can be ignored is not valid everywhere; for example, in Japanese emergency calls today, the caller can choose to suppress location information for the call.
>>
>> I think the best place to address these concerns is probably in the ECRIT location security document:
>> <http://tools.ietf.org/html/draft-ietf-ecrit-trustworthy-location-02>
>>
>> Best,
>> --Richard
>>
>>
>> On Oct 18, 2011, at 1:57 PM, Arolick, Eric wrote:
>>
>>> Hannes
>>>
>>> There does not appear to be text in draft-ietf-geopriv-policy-25.txt that addresses the impact of location obfuscation on the emergency services use case. Specifically, there may be a desire to obscure or lie about location to protect privacy in some or most cases. But in the emergency case, it is in the best interests of the location target, and there may be a legal obligation in some jurisdictions, to use the most accurate location information available.
>>>
>>> Parameters in the location object describing its use (e.g. retransmission allowed) can be ignored if appropriate for an emergency call, but nothing can be done to the location information itself once the object is created. It would be useful to clarify in this document the impact of a rule to deliberately obscure location when a location object is created would have on the emergency services use case and to describe how it is possible to make sure a location object contains accurate location information for an emergency call.
>>>
>>> Thanks
>>>
>>> Eric Arolick
>>>
>>> _______________________________________________
>>> Geopriv mailing list
>>> Geopriv@ietf.org
>>> https://www.ietf.org/mailman/listinfo/geopriv
>>
>
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
