IETF Logo Mail Archive

Re: IETF privacy policy - update

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 07 July 2010 19:59 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 247563A68FC for <ietf@core3.amsl.com>; Wed, 7 Jul 2010 12:59:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.679
X-Spam-Level:
X-Spam-Status: No, score=-0.679 tagged_above=-999 required=5 tests=[AWL=1.367, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ucaAqI-R7N36 for <ietf@core3.amsl.com>; Wed, 7 Jul 2010 12:59:57 -0700 (PDT)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 5E7D73A68F0 for <ietf@ietf.org>; Wed, 7 Jul 2010 12:59:57 -0700 (PDT)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o67Jxwtn009392 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jul 2010 13:00:00 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240828c85a8b88005c@[10.20.30.158]>
In-Reply-To: <tsl630r6pj1.fsf@mit.edu>
References: <7022DEA1-7FC0-4D77-88CE-FA3788720B43@cdt.org> <8FBEA0C7-9B80-4860-AFAE-FB5A19E660EF@muada.com> <4C33A406.1090801@bogus.com> <BBDFC939-2109-41BB-B4E1-BE2CEE43B8CA@muada.com> <9C72FA78-C9C2-4719-9BFD-112ABEFA7117@cdt.org> <56522CF0-088B-4027-AF45-A6075A7EA666@muada.com> <51D591B3-1954-47A6-A40A-7DCE6DDD5CF0@cdt.org> <A68985E3-A34B-47AB-A6A2-E6718E505652@muada.com> <B75D4F49-2361-4706-A24A-D5E7026EE58D@cdt.org> <573C3FFA-B8CA-4B71-9128-07863DF1CF2B@muada.com> <tsl630r6pj1.fsf@mit.edu>
Date: Wed, 07 Jul 2010 12:59:57 -0700
To: Sam Hartman <hartmans-ietf@mit.edu>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: IETF privacy policy - update
Content-Type: text/plain; charset="us-ascii"
Cc: IETF-Discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 19:59:58 -0000

At 3:49 PM -0400 7/7/10, Sam Hartman wrote:
>Generally when I look for an idea of whether work is a good idea I look
>for a clear statement of benefit.  I'll admit that I don't find privacy
>policies so valuable that I think everyone should have one.  So, I'll
>ask how will or work be improved or what problem are we running into
>that a privacy policy will solve?  If that cannot clearly we be
>answered, we should not engage in this activity.

At 3:51 AM +0000 7/7/10, John Levine wrote:
>I think we all agree that having a privacy policy would be desirable,
>in the sense that we are in favor of good, and opposed to evil.  But I
>don't know what it means to implement a privacy policy, and I don't
>think anyone else does either.
>
>A privacy policy is basically a set of assertions about what the IETF
>will do with your personal information.  To invent a strawman, let's
>say that the privacy policy says that registration information will be
>kept in confidence, and some newly hired clerk who's a little unclear
>on the concept gives a list of registrants' e-mail addresses to a
>conference sponsor so they can e-mail everyone an offer for a free
>IETF tee shirt.
>
>Then what happens?  Is a privacy policy a contract, and if it is, what
>remedies do IETF participants have for non-performance?  And if it's
>not, and there aren't remedies, what's the point?

Thank you, Sam and John.

Do some people not come to IETF meetings because of the current null privacy policy? Do they say less than they would have if we had a typical non-null policy? If either of those two are answered yes, would those people contribute better knowing that the IETF had a policy but no real way to enforce it other than by apologizing when it failed to follow the policy?

If having a privacy policy, even one where there was no real enforcement mechanism, was free, nearly everyone would want it. Given that getting such a policy is not free, and will cause cycles to be lost from other IETF work, is the tradeoff worth it? At this point, I would say "no", but mostly because I don't know of anyone who contributes less due to the current null policy.

--Paul Hoffman, Director
--VPN Consortium

v2.23.0 | Report a Bug | By Email