IETF Logo Mail Archive

Re: Proposed IETF Statement Concerning Personal Data for Review

"John R Levine" <johnl@taugh.com> Tue, 28 February 2017 16:10 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AED81295D7 for <ietf@ietfa.amsl.com>; Tue, 28 Feb 2017 08:10:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.921
X-Spam-Level:
X-Spam-Status: No, score=-0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.08, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=exMI8a3p; dkim=pass (1536-bit key) header.d=taugh.com header.b=ZnZLDefF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-yJrPn_WtEx for <ietf@ietfa.amsl.com>; Tue, 28 Feb 2017 08:10:51 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BABFB1294F7 for <ietf@ietf.org>; Tue, 28 Feb 2017 08:10:50 -0800 (PST)
Received: (qmail 4233 invoked from network); 28 Feb 2017 16:10:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1087.58b5a109.k1702; bh=uvu8DUEWKbqQnGEjI+me0siFJqU5in8tAnLAXWaQjq0=; b=exMI8a3po6mEUMimUvf4SlwGlkyxiQYhf/av6M5+1YT3IARLk8PRdej2eWdWkrEIY3+OpKBQ9c+JU2vN098Pvemv3VUiCJK9/a8JyyT33e0kc+rdRp99VqaZyuCkUBlvA9GEkr559vj33gWC3bfSEE08oQg7wq+YThBPmDHUp1Jpztz2nOJrIHEFNAjv33APm9RFD3xx4ZxLegkGmNtLE5/UFFHYoP1qATAXBUl5OodqUfcx3gWvIZRFQBV3E7ww
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1087.58b5a109.k1702; bh=uvu8DUEWKbqQnGEjI+me0siFJqU5in8tAnLAXWaQjq0=; b=ZnZLDefF0L6VoYKwbYcptMP0nN8Ew1cFIs1PPjbuCDmr4isyf3a9jA3N2v8esMZkaV8lHiL8enlDzVDtqw8qYLVPUsbDc4sxRgEdmw7ndFZBcI2V8vOHsoBkxrilrRLAbN4ja+q9g56IamIdDouUmrsEA7HtcMP0Qdm3Tu/IFJ4ac1rvDlwFCaradzb74R+kWUaaQxsDXUnr34Y6EmmXHylf8w5ORJpFcwV5QHCeL4pSz5L7J2Bw3tBQSqe6iO1N
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 28 Feb 2017 16:10:49 -0000
Date: Tue, 28 Feb 2017 08:10:48 -0800
Message-ID: <alpine.OSX.2.20.1702280807180.5224@ary.local>
From: John R Levine <johnl@taugh.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: Proposed IETF Statement Concerning Personal Data for Review
In-Reply-To: <0657258a-8690-03fa-9a00-3e8424629d0b@cs.tcd.ie>
References: <20170228074519.7786.qmail@ary.lan> <0657258a-8690-03fa-9a00-3e8424629d0b@cs.tcd.ie>
User-Agent: Alpine 2.20 (OSX 67 2015-01-07)
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="0-415671181-1488298250=:5224"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/7CQqmjmX533hqBE3NbjNuKi164g>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2017 16:10:53 -0000

> Let me try once more. The change I suggest to the IAOC IS:

Really, no.

Keep in mind that COPPA is only concerned with PII, so the only thing it 
would affect is whether 12 year olds can join mailing lists and create 
datatracker accounts.  We do not know or care who is looking at the web 
sites and mail archives.

If you say you allow under-13's to sign up at all, COPPA deliberately 
requires all sorts of record keeping that in practice means we'd have to 
hire one of a handful of specialist COPPA compliance firms.  It is not 
adequate to say we asked her mother who said it's OK.

Just leave the boilerplate alone.  It avoids significant legal exposure, 
and in practice limits nothing.

R's,
John

> We do not knowingly collect personally identifiable information from, or
> target our websites to, children under the age of 13.  In accordance
> with the United States Children’s Online Privacy Protection Act of 1998,
> if we discover that a child under 13 has provided us with personally
> identifiable information, without the consent and participation of a
> parent or guardian, we will remove it from our systems.

v2.23.0 | Report a Bug | By Email