Hi Chris,
Thanks for sharing this presentation. If you are interested in the topic of privacy, I would like to encourage you to join the 802E group, that works on recommendations for privacy in 802 protocols. Dan is an active contributor, and all inputs and exchanges are welcome. We are about to start a new ballot, and will meet again in Vienna.
In general, there is no user at layer 2, there are MAC addresses. Stating that a layer 2 exchanges violates user privacy is a bit of a short-cut. For this reason (and for example), GDPR is not concerned with layer 2 information. However:
1. If the MAC belongs to a 'personal device' (this can be an endpoint or an infrastructure device)
2. If the MAC can be associated with that device with high enough probability or consistency
3. And if a correlation can be established between the device and an individual user
Then that MAC address can become a PII and affect user privacy. It is commonly understood that the privacy gets affected by the combination of 2. and 3., not by the fact that there is a MAC address, or by the fact that this MAC address exchanges frames. The exception of course is if the frame directly exposes user identification and user personal information (at L2), which would be uncommon (usually, these elements are carried in the payload, and upper layers determine what is okay or not okay to carry at L2).
However, the correlation between a device and its frames is achievable when specific elements can separate these frames from other frames sent by other devices. 802 protocols contain hundreds of cases where this can be true, in 802.11 and other groups, such case is not specific to 802.11az (if 802.11az presents this case, as your presentation states). This exposure is often inherent to the exchanges required to perform this or that function, for example to express specific capabilities or characteristics. We think that it is important to document them, for awareness, conscious network design, and also allow actors to decide scenarios where such correlation is acceptable, and when it is not. There are exchanges for which exposure is unavoidable. If the location of a MAC address is in the category of exchanges where such exposure happens, then correlation between that MAC and a personal device, and between that personal device and the user, must be achieved too. This can be the case for an ISTA and an RSTA (therefore if there is exposure risk for the ISTA, there is the same exposure risk, with the same importance, for the RSTA). It seems to me that this is possible for stable MAC addresses already associated to a network (but then there are other terms of exchanges that were established too). It is less obvious that this would affect temporal MAC addresses. But in all cases, if such exposure is linked to an exchange, it is important to allow the exposed side to decline the exchange.
Hope this helps
Jerome
To unsubscribe from the STDS-802-11 list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11&A=1