Re: IETF privacy policy - update
Ted Hardie <ted.ietf@gmail.com> Tue, 06 July 2010 21:28 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4A09F3A69F4 for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 14:28:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qgLMCqf+BtXg for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 14:28:25 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id E7EB43A69E1 for <ietf@ietf.org>; Tue, 6 Jul 2010 14:28:24 -0700 (PDT)
Received: by pwj1 with SMTP id 1so1605282pwj.31 for <ietf@ietf.org>; Tue, 06 Jul 2010 14:28:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=mmahTp2JqvH0bZ3jKn54Lz5sU+zmEyZ1u6xzz4RHf3k=; b=w3EaxColHKxy92+uLQ+o+CmLlIpaP/X3eryPLqMh8G6DTeOm3n3M7zNO+OB6gELRdR cE3nN5nRJd0JRlep5ZX8z7JuRZzqK1bHY/WJE2yPKJVxP3UtA5a9at9ONSsVmbzMUVWd /RiotwTo3NQGVbM6YwwYZerBt6xlZUAiUpFOw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=N8Dlt9XzFV+oe1W8cblJj8q+pdBk9kxGs6/ef/TQvtsoQUHE6R8C3hRVSmR6RIEDfx kPq4aUNMZ0N1xGoe0MWWRQjE4wvMawyBYE8uTln7Pfpt8FYafGYUdTEckB4XBJnAIVSw XyN7ATvNsDqvfUn1BATMYRuH3pWBLIATN4T3s=
MIME-Version: 1.0
Received: by 10.142.172.17 with SMTP id u17mr6611328wfe.78.1278451704968; Tue, 06 Jul 2010 14:28:24 -0700 (PDT)
Received: by 10.143.164.3 with HTTP; Tue, 6 Jul 2010 14:28:24 -0700 (PDT)
In-Reply-To: <12333DE7-DE1E-4306-87AE-ACB605585245@cdt.org>
References: <7022DEA1-7FC0-4D77-88CE-FA3788720B43@cdt.org> <4C322170.9040903@dcrocker.net> <4B42EB41-0502-4D51-8B43-A3EC30B58643@americafree.tv> <4C32270B.9020703@dcrocker.net> <61A4F69BF743EFD59BA45181@192.168.1.128> <12333DE7-DE1E-4306-87AE-ACB605585245@cdt.org>
Date: Tue, 06 Jul 2010 14:28:24 -0700
Message-ID: <AANLkTilQ474jpg7wx691FeVYU8PBFs5K_cHFWIFkmtQX@mail.gmail.com>
Subject: Re: IETF privacy policy - update
From: Ted Hardie <ted.ietf@gmail.com>
To: Alissa Cooper <acooper@cdt.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: IETF-Discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 21:28:26 -0000
On Tue, Jul 6, 2010 at 1:11 AM, Alissa Cooper <acooper@cdt.org> wrote: > Obviously, I started this process as an I-D, so I'm not necessarily opposed > to having the privacy policy exist as an RFC. But in conversations with the > IAOC and others, it seemed as though the RFC process might have two > drawbacks for this kind of document: First, I strongly support having the privacy policy written down. On several occasions we've had folks conduct experiments where there was an obvious need for a guiding policy. Thanks for taking on the work. But a bit more below. > > 1) While the RFC process is community consensus-based, the designation of > IETF policies about personal data handling is not necessarily so. The > policies around the RFID experiment at IETF 76 [1] and the policies around > admission control data for IETF 78 and 79 [2] are both examples of this -- > these policies were developed by the IAOC and others, and while in some > cases they may have been put out to the community for comment after they > were developed, their initial development was certainly not done via the > community consensus-based model. Ideally the IETF privacy policy would > document all of these policies before they come into force. If the privacy > policy was an RFC, the substance of these policies would be subject to > community review and would require consensus as well. > > 2) If the privacy policy is to be accurate, I do think it would change more > often than an average RFC (considering things like the RFID experiment and > But changing the policy to deal with things like the experiments is not where I would want us to go. Ideally, those constructing the experiments do so within the framework of the policy, so that there is no need for a change. On some level, you may still need an elaboration if there is a judgment call about whether some piece of data has specific characteristics, and I am happy for that process to have a very quick resolution time (though I suspect an appeals mechanism will be necessary). >Furthermore, even if changes are > infrequent, they may come up quickly. A good privacy policy would document > these changes before they occur. I think the argument can be made that if > the policy has to go through the RFC process for each change, the changes > may not be documented before they actually occur. > > With that said, laying out the core of the policy in an RFC and then having > a speedier mechanism to publish changes (which can also be incorporated into > the core policy when the RFC publication schedule allows) seems like a > decent option. > If we construct your statement above as either "to publish elaborations" or "to publish understanding of the privacy sensitivity of specific data", I think we're in agreement. regards, Ted Hardie > Alissa > > On Jul 6, 2010, at 2:39 AM, John C Klensin wrote: > >> >> >> --On Monday, July 05, 2010 11:40 AM -0700 Dave CROCKER >> <dhc2@dcrocker.net> wrote: >> >>> Marshall, >>> >>> On 7/5/2010 11:28 AM, Marshall Eubanks wrote: >>>> >>>> I assume (for I do not know) that people are worried about >>>> time involved in bringing a new RFC to publication. >>> >>> The IESG often states that it is not difficult to bring an RFC >>> to publication. >>> >>> In any event, what makes this document more urgent, and in >>> need of less scrutiny and processing, that any other potential >>> RFC? >>> >>> Personally, I would expect a document that attends to >>> explicitly and complexly legal concerns to need /more/ >>> scrutiny than an entry-level technical specification, not less. >> >> Agreed. >> >>>> I don't see why this couldn't be divided in the way that the >>>> Trust Legal Provisions have been : >>>> >>>> - a RFC to set the _goals_ and basic framework of the privacy >>>> policy, which might change something like every 5 years (or >>>> less often if we are lucky) and >>> >>> You expect the privacy policy, itself, to change more >>> frequently than this? >> >> I would hope not (either), but experience indicates that we have >> even more trouble getting legal documents right than we do >> protocol documents. Having a lightweight and speedy mechanism >> for correcting an incorrect realization of a policy outline laid >> out by the IETF seems reasonable. While I agree with you (Dave) >> that getting the policy principles in place should not be so >> urgent as to justify being done in haste, our experience >> (especially in the IPR area, which is likely to involve the same >> lawyers, both professional and amateur) has been that, >> sometimes, making a correction to specific mechanisms already >> deployed may be urgent. >> >>> Also, the implication of your suggestion is that we would have >>> a goals and framework document /after/ we have actual >>> policies. This seems a bit, ummmm, backward. It would make >>> more sense to have the two in one document, absent some >>> expectation of one being more stable than the other. >> >> I did not read that into Marshall's note but assumed that we >> would lay out the policy principles (the "goals and framework >> document") in the IETF first and then proceed to instruct the >> IASA to generate a specific policy statement for community >> review. "Policies first" would seem backwards to me too... >> to put it mildly. >> >> john >> >> >> >> >> _______________________________________________ >> Ietf mailing list >> Ietf@ietf.org >> https://www.ietf.org/mailman/listinfo/ietf >> > > > > > > > > > > > > > > > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf >
- Re: IETF privacy policy - update Marshall Eubanks
- IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Dave CROCKER
- Re: IETF privacy policy - update Dave CROCKER
- Re: IETF privacy policy - update SM
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Eliot Lear
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Eliot Lear
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Nathaniel Borenstein
- Re: IETF privacy policy - update Karen O'Donoghue
- Re: IETF privacy policy - update Stephan Wenger
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update todd glassey
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Bob Hinden
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Ted Hardie
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update todd glassey
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Larry Smith
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Sam Hartman
- Re: IETF privacy policy - update Ole Jacobsen
- Re: IETF privacy policy - update Paul Hoffman
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Sam Hartman
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Paul Hoffman
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Sam Hartman
- Comments on <draft-cooper-privacy-policy-01.txt> Bob Hinden
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Randy Bush
- Re: IETF privacy policy - update Cullen Jennings
- Re: IETF privacy policy - update joel jaeggli
- RE: IETF privacy policy - update Yoav Nir
- Re: IETF privacy policy - update David Morris
- Re: IETF privacy policy - update Arnt Gulbrandsen
- Re: IETF privacy policy - update Henk Uijterwaal
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Marshall Eubanks
- Re: IETF privacy policy - update jean-michel bernier de portzamparc
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Peter Saint-Andre
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Randy Bush
- Re: IETF privacy policy - update Martin Rex
- Re: IETF privacy policy - update GTW
- Re: IETF privacy policy - update Henk Uijterwaal
- Re: IETF privacy policy - update Patrik Fältström
- Re: IETF privacy policy - update Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: IETF privacy policy - update Ted Hardie
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: IETF privacy policy - update Alissa Cooper
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- RE: IETF privacy policy - update Monique Morrow (mmorrow)
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Donald Eastlake
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… Phillip Hallam-Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Martin Rex
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Martin Rex
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Andrew Sullivan
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Paul Hoffman
- Re: Comments on <draft-cooper-privacy-policy-01.t… Alissa Cooper
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: IETF privacy policy - update Martin Rex
- Re: IETF privacy policy - update todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - still a bad idea John Levine
- RE: IETF privacy policy - update Dearlove, Christopher (UK)
- Re: IETF privacy policy - still a bad idea John R. Levine
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Phillip Hallam-Baker
- Re: IETF privacy policy - still a bad idea Phillip Hallam-Baker
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Fred Baker
- Re: IETF privacy policy - still a bad idea Ole Jacobsen
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Arnt Gulbrandsen
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea John R. Levine
- Re: IETF privacy policy - still a bad idea Fred Baker
- Re: IETF privacy policy - still a bad idea todd glassey
- What does a privacy policy mean? John R. Levine
- Re: What does a privacy policy mean? Phillip Hallam-Baker