IETF Logo Mail Archive

RE: IAOC and permissions [Re: Future Handling of Blue Sheets]

Christian Huitema <huitema@microsoft.com> Wed, 25 April 2012 07:57 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8522B21F869E; Wed, 25 Apr 2012 00:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.056
X-Spam-Level:
X-Spam-Status: No, score=-5.056 tagged_above=-999 required=5 tests=[AWL=1.543, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IHwRO+2bEyz; Wed, 25 Apr 2012 00:57:35 -0700 (PDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe003.messaging.microsoft.com [65.55.88.13]) by ietfa.amsl.com (Postfix) with ESMTP id 4A66D21F867F; Wed, 25 Apr 2012 00:57:35 -0700 (PDT)
Received: from mail120-tx2-R.bigfish.com (10.9.14.253) by TX2EHSOBE007.bigfish.com (10.9.40.27) with Microsoft SMTP Server id 14.1.225.23; Wed, 25 Apr 2012 07:57:34 +0000
Received: from mail120-tx2 (localhost [127.0.0.1]) by mail120-tx2-R.bigfish.com (Postfix) with ESMTP id A90052001FF; Wed, 25 Apr 2012 07:57:34 +0000 (UTC)
X-SpamScore: 0
X-BigFish: VS0(zzzz1202hzzz2fh2a8h668h839h93fhd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail120-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=huitema@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail120-tx2 (localhost.localdomain [127.0.0.1]) by mail120-tx2 (MessageSwitch) id 1335340650799449_28094; Wed, 25 Apr 2012 07:57:30 +0000 (UTC)
Received: from TX2EHSMHS006.bigfish.com (unknown [10.9.14.254]) by mail120-tx2.bigfish.com (Postfix) with ESMTP id AB0DCC0153; Wed, 25 Apr 2012 07:57:30 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS006.bigfish.com (10.9.99.106) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 25 Apr 2012 07:57:26 +0000
Received: from TK5EX14MBXC273.redmond.corp.microsoft.com ([169.254.1.142]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0298.005; Wed, 25 Apr 2012 07:57:26 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, IAOC <iaoc@ietf.org>
Subject: RE: IAOC and permissions [Re: Future Handling of Blue Sheets]
Thread-Topic: IAOC and permissions [Re: Future Handling of Blue Sheets]
Thread-Index: AQHNIrcJOgSRIBUhfkOFdxYPXwbjSZarKgPw
Date: Wed, 25 Apr 2012 07:57:25 +0000
Message-ID: <C91E67751B1EFF41B857DE2FE1F68ABA03D1A797@TK5EX14MBXC273.redmond.corp.microsoft.com>
References: <D4345C087CD29FF2165406B7@JCK-EEE10> <201204242217.q3OMHCls018770@fs4113.wdf.sap.corp> <201204242319.q3ONJFQA003966@mtv-core-1.cisco.com> <AE015D7E36663F8F0DD4314F@JCK-EEE10> <4F97AAEA.6050105@gmail.com>
In-Reply-To: <4F97AAEA.6050105@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 07:57:36 -0000

Brian,

> I suggest that your standard dealings with local hosts should include requiring them to perform a local check on
> whether the standard "Note Well" takes account of all local legal requirements, including for example 
> consent to publication of images. If it doesn't, the host should provide an augmented "Note Well" for use 
> during meeting registration.

Rather than going this route, we might consider some better balance between privacy and standard-settings. Taking and publishing a person's image is a step above listing their names. Do we really need that for the purpose of standard making, let alone Internet Engineering? How about answering the classic privacy checklist:

1) How much personal information do we collect, and for what purpose? The rule here should be to collect the strict minimum necessary for the purpose. Pictures don't appear to meet that bar.
2) How do we process that information? Who in the IETF has access to it?
3) Do we make that information available to third parties? Under which guidelines? Again, there is a big difference between answering a subpoena and publishing on a web page.
4) How do we safeguard that information? Is it available to any hacker who sneaks his way into our database?
5) How long do we keep the information? Why?
6) How do we dispose of the expired information?

These look like the right questions to the IAOC.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email