RE: Future Handling of Blue Sheets

["George, Wes" <wesley.george@twcable.com>]

> From: ietf-bounces@ietf.org [mailto:ietf-bounces@ietf.org] On Behalf Of Yoav
> Nir
> Sent: Monday, April 23, 2012 2:54 AM
> To: Joel jaeggli
> Cc: ietf@ietf.org
> Subject: Re: Future Handling of Blue Sheets
>
> Effort matters. If getting that data requires a subpoena, or if it requires a
> formal letter from a lawyer, or if it's available on the website, these are
> different things.
[WEG] and I'd counter by saying that anyone who cares enough about the whereabouts of a specific IETF attendee to bother tracking them via online blue sheets will not be stymied much by their unavailability.

> > But that wasn't my question. What data on the blue sheet is personal?
>
> It says where I was, and at what time, and it's nobody's business. It's
> information that does not need to be disclosed to the public, and therefore
> shouldn't. We don't have to come up with an attack vector first.
[WEG] While generally I understand the concept of "need to know" as a reason not to publish, that doesn't answer the question, especially since this information isn't available in real-time. What problem does it create as a matter of historical record of a public forum with a publicly-available attendee list? I think that what we're really talking about here is burden of proof: Is it incumbent upon the IETF to prove that there is material benefit to publishing this information publicly, or upon the attendees to prove that there is material harm in doing so? Given the terms of things like the note well, I tend to believe that it's the latter. Therefore, yes an attack vector would be helpful.

For that matter, shall we also start anonymizing the names of those who speak at the mic when they appear in the minutes? What about the mailing lists? Are you certain that no one with access to public mailing list records might see an email post by you, or a WG draft with your name on it and correctly infer that you may have attended a meeting of that WG during an IETF meeting where your name is on the public meeting attendee list? That would seem to have a similar problem where a low amount of effort would net similar information.

>
> > Every person who has registered since at least the publication of 3979
> > if not before has consented to the public disclosure of records of the
> > meeting. a list of the meeting attendees is required by 2418.
>
> Again, this is a different level of information. On the streets, Legally I
> don't have an expectation of privacy. The police, or anyone who cares to, may
> follow me around, and see where I'm going.
[WEG] The only meeting in recent memory where there were people actually checking badges to permit entry to the meeting areas (in Beijing), was roundly criticized for doing so, yet somehow IETF meetings are less public than the street? When was the last time that anyone challenged someone not wearing their name badge for simply being in the IETF meeting area?

I think it comes back to the difference between knowing this information in near-real-time (as with a physical tail or camera surveillance) vs. knowing it weeks or months after the fact when the proceedings are published. To participate in the IETF is to have your name publicly associated with it, and allow reasonably intelligent people to infer details about your whereabouts. I still don't understand how the blue sheets have much impact on that fact.

Wes George

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.