Re: IETF privacy policy - update
Alissa Cooper <acooper@cdt.org> Tue, 06 July 2010 08:11 UTC
Return-Path: <acooper@cdt.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 80A7B3A68E8 for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 01:11:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2l7Tq8Sfbx9S for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 01:11:31 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by core3.amsl.com (Postfix) with ESMTP id 1F7A03A68D0 for <ietf@ietf.org>; Tue, 6 Jul 2010 01:11:31 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)) for ietf@ietf.org; Tue, 6 Jul 2010 04:11:30 -0400
Message-Id: <12333DE7-DE1E-4306-87AE-ACB605585245@cdt.org>
From: Alissa Cooper <acooper@cdt.org>
To: IETF-Discussion list <ietf@ietf.org>
In-Reply-To: <61A4F69BF743EFD59BA45181@[192.168.1.128]>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Re: IETF privacy policy - update
Date: Tue, 06 Jul 2010 09:11:07 +0100
References: <7022DEA1-7FC0-4D77-88CE-FA3788720B43@cdt.org> <4C322170.9040903@dcrocker.net> <4B42EB41-0502-4D51-8B43-A3EC30B58643@americafree.tv> <4C32270B.9020703@dcrocker.net> <61A4F69BF743EFD59BA45181@[192.168.1.128]>
X-Mailer: Apple Mail (2.936)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 08:11:37 -0000
Obviously, I started this process as an I-D, so I'm not necessarily opposed to having the privacy policy exist as an RFC. But in conversations with the IAOC and others, it seemed as though the RFC process might have two drawbacks for this kind of document: 1) While the RFC process is community consensus-based, the designation of IETF policies about personal data handling is not necessarily so. The policies around the RFID experiment at IETF 76 [1] and the policies around admission control data for IETF 78 and 79 [2] are both examples of this -- these policies were developed by the IAOC and others, and while in some cases they may have been put out to the community for comment after they were developed, their initial development was certainly not done via the community consensus-based model. Ideally the IETF privacy policy would document all of these policies before they come into force. If the privacy policy was an RFC, the substance of these policies would be subject to community review and would require consensus as well. 2) If the privacy policy is to be accurate, I do think it would change more often than an average RFC (considering things like the RFID experiment and the admission control for upcoming IETFs). Furthermore, even if changes are infrequent, they may come up quickly. A good privacy policy would document these changes before they occur. I think the argument can be made that if the policy has to go through the RFC process for each change, the changes may not be documented before they actually occur. With that said, laying out the core of the policy in an RFC and then having a speedier mechanism to publish changes (which can also be incorporated into the core policy when the RFC publication schedule allows) seems like a decent option. Alissa On Jul 6, 2010, at 2:39 AM, John C Klensin wrote: > > > --On Monday, July 05, 2010 11:40 AM -0700 Dave CROCKER > <dhc2@dcrocker.net> wrote: > >> Marshall, >> >> On 7/5/2010 11:28 AM, Marshall Eubanks wrote: >>> I assume (for I do not know) that people are worried about >>> time involved in bringing a new RFC to publication. >> >> The IESG often states that it is not difficult to bring an RFC >> to publication. >> >> In any event, what makes this document more urgent, and in >> need of less scrutiny and processing, that any other potential >> RFC? >> >> Personally, I would expect a document that attends to >> explicitly and complexly legal concerns to need /more/ >> scrutiny than an entry-level technical specification, not less. > > Agreed. > >>> I don't see why this couldn't be divided in the way that the >>> Trust Legal Provisions have been : >>> >>> - a RFC to set the _goals_ and basic framework of the privacy >>> policy, which might change something like every 5 years (or >>> less often if we are lucky) and >> >> You expect the privacy policy, itself, to change more >> frequently than this? > > I would hope not (either), but experience indicates that we have > even more trouble getting legal documents right than we do > protocol documents. Having a lightweight and speedy mechanism > for correcting an incorrect realization of a policy outline laid > out by the IETF seems reasonable. While I agree with you (Dave) > that getting the policy principles in place should not be so > urgent as to justify being done in haste, our experience > (especially in the IPR area, which is likely to involve the same > lawyers, both professional and amateur) has been that, > sometimes, making a correction to specific mechanisms already > deployed may be urgent. > >> Also, the implication of your suggestion is that we would have >> a goals and framework document /after/ we have actual >> policies. This seems a bit, ummmm, backward. It would make >> more sense to have the two in one document, absent some >> expectation of one being more stable than the other. > > I did not read that into Marshall's note but assumed that we > would lay out the policy principles (the "goals and framework > document") in the IETF first and then proceed to instruct the > IASA to generate a specific policy statement for community > review. "Policies first" would seem backwards to me too... > to put it mildly. > > john > > > > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf >
- Re: IETF privacy policy - update Marshall Eubanks
- IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Dave CROCKER
- Re: IETF privacy policy - update Dave CROCKER
- Re: IETF privacy policy - update SM
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Eliot Lear
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Eliot Lear
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Nathaniel Borenstein
- Re: IETF privacy policy - update Karen O'Donoghue
- Re: IETF privacy policy - update Stephan Wenger
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update todd glassey
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Bob Hinden
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Ted Hardie
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update todd glassey
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Larry Smith
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Sam Hartman
- Re: IETF privacy policy - update Ole Jacobsen
- Re: IETF privacy policy - update Paul Hoffman
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Sam Hartman
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Paul Hoffman
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Sam Hartman
- Comments on <draft-cooper-privacy-policy-01.txt> Bob Hinden
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Randy Bush
- Re: IETF privacy policy - update Cullen Jennings
- Re: IETF privacy policy - update joel jaeggli
- RE: IETF privacy policy - update Yoav Nir
- Re: IETF privacy policy - update David Morris
- Re: IETF privacy policy - update Arnt Gulbrandsen
- Re: IETF privacy policy - update Henk Uijterwaal
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Marshall Eubanks
- Re: IETF privacy policy - update jean-michel bernier de portzamparc
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Peter Saint-Andre
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Randy Bush
- Re: IETF privacy policy - update Martin Rex
- Re: IETF privacy policy - update GTW
- Re: IETF privacy policy - update Henk Uijterwaal
- Re: IETF privacy policy - update Patrik Fältström
- Re: IETF privacy policy - update Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: IETF privacy policy - update Ted Hardie
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: IETF privacy policy - update Alissa Cooper
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- RE: IETF privacy policy - update Monique Morrow (mmorrow)
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Donald Eastlake
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… Phillip Hallam-Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Martin Rex
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Martin Rex
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Andrew Sullivan
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Paul Hoffman
- Re: Comments on <draft-cooper-privacy-policy-01.t… Alissa Cooper
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: IETF privacy policy - update Martin Rex
- Re: IETF privacy policy - update todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - still a bad idea John Levine
- RE: IETF privacy policy - update Dearlove, Christopher (UK)
- Re: IETF privacy policy - still a bad idea John R. Levine
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Phillip Hallam-Baker
- Re: IETF privacy policy - still a bad idea Phillip Hallam-Baker
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Fred Baker
- Re: IETF privacy policy - still a bad idea Ole Jacobsen
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Arnt Gulbrandsen
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea John R. Levine
- Re: IETF privacy policy - still a bad idea Fred Baker
- Re: IETF privacy policy - still a bad idea todd glassey
- What does a privacy policy mean? John R. Levine
- Re: What does a privacy policy mean? Phillip Hallam-Baker