Re: IETF privacy policy - update

[John Morris <jmorris-lists@cdt.org>]

Well, as someone who believes that *all* websites and online-operating  
organizations should have a clear and accessible privacy policy, I  
think it is beyond embarrassing that the IETF does not have one.  As  
an organization that tries pretty hard to be sensitive to the privacy  
impacts of the technologies it creates, it is disappointing that the  
IETF does not itself meet even the most basic of privacy "best  
practices," that is, having a privacy policy.

But I appreciate that others may view privacy policies as navel  
gazing.  In this case, however, the gazing could be fairly short and  
focused -- there is already a draft policy that is in a second  
version, with an author who has sought to work closely with the powers- 
that-be to understand the IETF's current practices (and who is willing  
to finish that work).  The most important thing that needs to be  
decided is "what form should a policy take," and I think there were a  
number of good ideas on that point on the list.  So I would urge us to  
gaze into our navels just a little bit more to make this happen.


On Jul 7, 2010, at 10:42 AM, Iljitsch van Beijnum wrote:

> On 7 jul 2010, at 16:32, John Morris wrote:
>
>> And, if you indeed think that something is missing, perhaps you  
>> could suggest some language to address your concern, rather than  
>> just dismiss the entire effort.
>
> I think it's completely legitimate to question whether efforts like  
> this are worth the resources they soak up. The first time I went to  
> an IETF meeting I was shocked by the amount of talk about the  
> internals of the IETF itself that went on. We should really try to  
> minimize this navel gazing and only indulge in it when clearly  
> needed, something that hasn't been shown to be the case here.