Re: [IAOC] [IAB] Proposed IETF Privacy Policy for Review

Paul Wouters <paul@nohats.ca> Thu, 17 March 2016 12:50 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F383F12DC00; Thu, 17 Mar 2016 05:50:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.101
X-Spam-Level:
X-Spam-Status: No, score=-1.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, RP_MATCHES_RCVD=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eqFnvoY5v4WV; Thu, 17 Mar 2016 05:50:33 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A802C12DBE3; Thu, 17 Mar 2016 05:50:12 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3qQp9G6ytNz2Gq; Thu, 17 Mar 2016 13:50:10 +0100 (CET)
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id UTaMZBwPURmE; Thu, 17 Mar 2016 13:50:09 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 17 Mar 2016 13:50:09 +0100 (CET)
Received: from [193.111.228.86] (unknown [193.111.228.86]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 4725F6019B73; Thu, 17 Mar 2016 08:50:08 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca 4725F6019B73
References: <20160316170239.30920.41218.idtracker@ietfa.amsl.com> <E95E8599-6741-4F81-A7FB-06669EC3EA37@netapp.com> <214DF639-87DC-46D7-9731-F51027EBA97E@nohats.ca> <84BDDACE-C9E3-445A-91E6-8E80D7C6BFDE@sobco.com> <3A2CD852-64D8-40E9-821E-5247B22C2879@nohats.ca> <626999D6-D25C-4B51-8FAB-3B0312320A74@sobco.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <626999D6-D25C-4B51-8FAB-3B0312320A74@sobco.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <68FD9809-6D5C-48E7-953F-BDD78BFF22DA@nohats.ca>
X-Mailer: iPhone Mail (13D15)
From: Paul Wouters <paul@nohats.ca>
Subject: Re: [IAOC] [IAB] Proposed IETF Privacy Policy for Review
Date: Thu, 17 Mar 2016 08:49:57 -0400
To: Scott Bradner <sob@sobco.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/LLnDEEqES0qqMaQ5eKk4NbHabBM>
Cc: IAOC IAOC <iaoc@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2016 12:50:39 -0000


> On Mar 17, 2016, at 08:27, Scott Bradner <sob@sobco.com> wrote:
> 
> the lawyers we consulted said that it was important to say what was said
> 
> setting up a web site designed for people under 13 is a major effort (verifying ages of users etc)
> 
> this seemed the best way (the first proposal we got was to say that people under 13 could
> not use the site)

When law requires you to basically lie, the law needs updating. But I agree we shouldn't spend ietf money on that.

Paul

> 
> Scott
> 
>> On Mar 17, 2016, at 8:23 AM, Paul Wouters <paul@nohats.ca> wrote:
>> 
>> 
>> 
>> Sent from my iPhone
>> 
>>> On Mar 17, 2016, at 08:13, Scott Bradner <sob@sobco.com> wrote:
>>> 
>>> I agree but the law is what the law is 
>>> 
>>> see https://en.wikipedia.org/wiki/Children's_Online_Privacy_Protection_Act
>>> 
>>> the wording used says that its fine if the kid has parental OK
>> 
>> But then there is no need to say our website is not designed for people under 13. They are designed for people of all ages.
>> 
>> Paul 
>> 
>> 
>>> Scott
>>> 
>>>> On Mar 17, 2016, at 8:09 AM, Paul Wouters <paul@nohats.ca> wrote:
>>>> 
>>>> My only issue is that it claims our websites are not for use by children under 13. They most certainly are.
>>>> 
>>>> Paul
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>>> On Mar 17, 2016, at 03:01, Eggert, Lars <lars@netapp.com> wrote:
>>>>> 
>>>>> Hi Ray,
>>>>> 
>>>>> would this extend to and cover the IRTF as well?
>>>>> 
>>>>> Lars
>>>>> 
>>>>>> On 2016-03-16, at 18:02, IETF Administrative Director <iad@ietf.org> wrote:
>>>>>> 
>>>>>> The IAOC would like community input on a proposed IETF Privacy Policy.
>>>>>> 
>>>>>> We are required by California law (and good net citizenship) to have
>>>>>> an accurate privacy policy on our websites.  Counsel have reviewed
>>>>>> this statement for compliance with US and EU privacy regulations.
>>>>>> 
>>>>>> The policy discusses the following:
>>>>>> 1.  General – Most Personal Data Submitted to IETF Will Become Public
>>>>>> 2.  You Consent to International Transmission of Your Data
>>>>>> 3.  Exceptions – Information That We Do Not Release to the Public
>>>>>> 4.  Security
>>>>>> 5.  Children
>>>>>> 6.  Inquiries
>>>>>> 7.  Compliance
>>>>>> 8.  Other Organizations
>>>>>> 9.  Consent
>>>>>> 
>>>>>> The proposed Privacy Policy is located here:
>>>>>> http://iaoc.ietf.org/documents/IETF-General-Privacy-Statement-2016-02-24-02.htm
>>>>>> 
>>>>>> The IAOC will consider all comments received by 31 March 2016.
>>>>>> 
>>>>>> Ray Pelletier
>>>>>> IETF Administrative Director
>>