Re: Consultation on revised IETF Privacy Statement
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 05 December 2019 10:43 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 096D61200FD; Thu, 5 Dec 2019 02:43:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.29
X-Spam-Level:
X-Spam-Status: No, score=-4.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MDqg5R8iIAi; Thu, 5 Dec 2019 02:43:13 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6153120026; Thu, 5 Dec 2019 02:43:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 62175BE4D; Thu, 5 Dec 2019 10:43:09 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DwzQ0QbRJwCh; Thu, 5 Dec 2019 10:43:09 +0000 (GMT)
Received: from [134.226.36.133] (unknown [134.226.36.133]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 15501BE2F; Thu, 5 Dec 2019 10:43:09 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1575542589; bh=LYImqcJ0aGf8RJimmYc9Wju1NkKu5zFn23AW9rjCHg0=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=F0udLc+7bkTZvooSmdEFEiJcN8Essie8L6K8Pr2fY/ev85kQyzLLnxPJrhzY5yP6C nenzs7r0tlOPe0CsNb+e+WmNMrRpbta1if64XCCmeugtaqOZJck8lN/hlekBie4pLu z4Nhqtv6CUxQZs0A5kmLVAIsTJF2JjeDHnQw++sc=
Subject: Re: Consultation on revised IETF Privacy Statement
To: Jay Daley <jay@ietf.org>
Cc: ietf@ietf.org
References: <157541908820.4734.11549038582739661941.idtracker@ietfa.amsl.com> <27d747e6-4b54-32e6-5ceb-d305b07c03c9@cs.tcd.ie> <5CC83C2E-F728-431E-8C75-9D0E0D5AB6A4@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <183096bd-0792-56f1-e953-0bdcc976cc04@cs.tcd.ie>
Date: Thu, 05 Dec 2019 10:43:07 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <5CC83C2E-F728-431E-8C75-9D0E0D5AB6A4@ietf.org>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="AjJY3sejhkGl4ovxOPKbeTk4Ah0zJRDpA"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/iaS8jU8Q4rHj-2VRbesFuR2jZ_M>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2019 10:43:16 -0000
Hi Jay, All your responses below look good to me and I see you created a few issues to track things in GH. Thanks, S. On 04/12/2019 19:00, Jay Daley wrote: > Hi Stephen > >> On 4/12/2019, at 11:42 PM, Stephen Farrell >> <stephen.farrell@cs.tcd.ie> wrote: 1. What is a "privacy context"? >> I'm not a GDPR specialist (thankfully:-) but have read bits about >> it and that's not a well-defined term for me. I think I do know >> what it means but want to check - if the IAB say keeps a file of >> comments received on people who've volunteered for some position, >> are we saying that data is covered by this policy or not? OR, does >> this entire policy only really apply to the public-facing IETF etc >> web sites and their logs etc? > > While the new version tries to use plain english as much as possible, > this is the one area where we need explicit legalese. A privacy > context relates to the full range of activities undertaken so > everything is covered. The NomCom comments you mention are indeed an > exception that needs to be called out. > >> >> 2. "Our Commitment to Privacy" - that subsection is only about >> transparency, suggest renaming it to "Our Commitment to >> Transparency." (That's not really a nit - there's a significant >> proportion of our industry that publishes what I believe are fake >> claims saying they are committed to privacy, so we don't want to >> smell like that at all;-) > > Yes, that was changed by the lawyers to a standard term and you’re > quite right that in our context it is inappropriate. "Our Commitment > to Transparency" works. > >> >> 3. Whose "personal data" are comments submitted to the nomcom >> feedback page? > > Agreed, that’s an exception to be listed. > >> >> 4. The list of personal data is odd. Regarding an I-D as personal >> data seems wrong in any case. I suspect there may be a lack of >> definition somewhere here but maybe it's ok to ignore that. > > The general definition of personal data is anything that can be used > to identify, through linkage, a real person. IDs are well > established as personal data unless specific precautions are taken, > and since we can’t know that we will use the safest definition. > >> >> 5. Pictures. I don't think this policy is consistent with the red >> lanyards policy at IETF meetings. The text here seems like it's >> over-riding that saying "we can do whatever we want with pictures >> from meetings." > > Agreed. This section was not changed in any detail and so that issue > has always been there, but it can be tidied up now. > >> >> 6. Sale of data. I like that bit:-) But please extend it a little >> e.g. to "We do not sell your personal data, or any data, nor do we >> monetize any data in any way, such as by "renting" or making access >> available for a fee." There have been many cases of companies >> making what seem clear statements but where it turns out that they >> do have "partners" and do end up making money from people's data >> while still claiming that they don't "sell" that. > > "nor do we monetize it in any way" works. > >> >> 7. "Our websites do not alter their behavior according to the value >> of a browser Do Not Track (DNT) setting." Is that new? (I forget >> sorry.) I don't like it anyway (even though DNT is a crap >> specification:-). If someone emits that signal we ought honour it >> unless we cannot. > > This again is a clause that has been there for a while and only > changed to make it clearer. While DNT has differing levels of > support it is a clear specification and DNT specifically only applies > to third-party tracking not first-party tracking. In other words, we > track you on our sites only as those are a single privacy context and > do not enable you to be tracked between our context and a different > context nor do we attempt to track you from another context to ours. > I do not think it appropriate to use our own custom definition, even > if we believe that’s what people expect and given that first-party > tracking can be disabled by other means. > >> >> 8. "We use services from Cloudflare to support some of their >> websites." s/their/our/? > > Noted. > >> >> 9. I'm not keen on the "go find cloudflare's policy yourself" >> statement. It'd be better if we had a pointer to that and if we >> were clear that it applies to www.ietf.org <http://www.ietf.org/> >> but not ietf.org <http://ietf.org/> or tools or datatracker etc as >> applies. CF do after all have >1 policy and tracking down which >> applies to www.ietf.org <http://www.ietf.org/> may be non-trivial. > > Ok, we can look at that. > >> >> 10. Stuff we don't share ought probably include feedback to nomcom >> and other appointing bodies (e.g. IAB/IESG). The ANRP and ANRW also >> involve reviews that some might consider sensitive. Some but not >> all of those use web based tools. Some will involve such >> feedback/comment being sent on closed mailing lists. > > I’ve had similar comments privately and these will be addressed. > >> >> 11. Not asking we fix now, but, for a future version, can we think >> about setting a policy for deleting old data? I'm not sure anyone >> needs the payment info I used for IETF35:-) If we already have such >> a policy, then saying that here would be good. > > The LLC is working on a records retention policy, which should be out > soon (couple of months?), which will cover that. > >> >> 12. Also for the future, I like warrant canaries. Not so much >> because we might need one but to set what I think is a good >> example. (Opinions vary on that though so not asking you to do it, >> just to note it down to ponder it later.) > > This would be more appropriately covered in something like an annual > transparency report. I also like warrant canaries but as you say, > that’s for a future discussion. > > Jay > >> >> Cheers, S. >> >> On 04/12/2019 00:24, IETF Executive Director wrote: >>> The IETF Administration LLC has reviewed the IETF Privacy >>> Statement [1] and proposes to introduce a new version [2]. The >>> main reasons for this are to support the introduction of web >>> analytics, to support the collection of demographic data in >>> surveys and to make the whole statement more legally compliant, >>> easier to read and clearer to understand. This new version >>> contains the following changes, which have been reviewed by our >>> privacy counsel: >>> >>> 1. Significant reordering, moving of text and changing of >>> headings, with minimal change in meaning, in order to make the >>> statement clearer and easier to understand. >>> >>> 2. The scope statement has changed from covering the >>> IETF/IRTF/IAB to identifying the specific groups that can legally >>> be considered data controllers in various data protection >>> regimes, namely the LLC, IESG, IAB, IRSG and RFC Editor, and >>> being clear that their activities form a single privacy context. >>> The scope uses “IETF†as a collective term for all these >>> groups, even though that is not structurally accurate, as >>> attempting to convey accurate structure in this statement is too >>> complex. “This statement sets out the privacy and data >>> protection policy of the following related organizations and >>> groups: the IETF Administration LLC ("LLC"); the Internet >>> Engineering Steering Group (“IESGâ€); the Internet >>> Architecture Board ("IAB"); the Internet Research Steering Group >>> ("IRSG"); and the RFC Editor (each a "Party"), which are >>> collectively referred to in this policy as the Internet >>> Engineering Task Force ("IETF") and whose activities constitute a >>> single privacy context.“ >>> >>> 3. The existing version contains a number of references to the >>> Internet Society (ISOC) given the legal structure that existed >>> before the creation of the IETF Administration LLC. Those >>> references have all been removed as data will no longer be shared >>> with ISOC and a statement added for the avoidance of doubt: >>> “For the avoidance of doubt, this policy does not apply to the >>> Internet Society (“ISOCâ€) and its activities and practices >>> constitute a separate privacy context. ISOC should be regarded as >>> a third-party for the purposes of this policy.†>>> >>> 4. Two new elements have been added to the list of data that may >>> be made public, which reflects existing practice. These are >>> “metadata related to the time and frequency of your >>> interactions with any IETF system†and “message headersâ€. >>> >>> 5. Added an additional example of personal data to be clear that >>> email message headers contain a lot of data “the IP address of >>> a message sender and details of the device or service used to >>> send the message, as found in email headersâ€. >>> >>> 6. Added a clear statement that we do not sell data "We do not >>> sell your Personal Data". >>> >>> 7. Added a new bullet on what data we collect to cover web >>> analytics and a new paragraph that covers what we intend to do >>> with that data. The bullet is “information provided when you >>> interact with any IETF website†and the paragraph is “We >>> track your usage of our websites in order to understand how our >>> websites are used and how we can improve them. We do this using >>> Javascript based tracking code, which collects a limited set of >>> technical data. If Javascript is disabled or not available in >>> your browser then this tracking will not take place and your >>> usage of our websites should not be affected.†>>> >>> 8. Section on Do Not Track (DNT) made clearer as previous >>> version required you to read the specification to understand it >>> “We do not enable or participate in any third-party tracking of >>> your website activity. As no third-party tracking is enabled on >>> our website, our websites do not alter their behavior according >>> to the value of a browser Do Not Track (DNT) setting.†>>> >>> 9. The section on the use of cookies for online transactions has >>> been made clearer “When you log into one of our websites or >>> initiate an online transaction through one of our websites then >>> we may use cookies to uniquely identify you during that session, >>> to record your preferences and to simplify the establishment of >>> new sessions. If you disable your web browser's ability to >>> accept cookies you will still be able to browse the site but >>> authenticated and transactional services may not function.†>>> >>> 10. A new section has been added to explain that if we collect >>> demographic information in a survey then that will only be >>> published in an aggregated form that does not allow individual >>> identification. This addition is not needed to enable collection >>> of demographics, we can do that anyway, it is solely to explain >>> what we do if we do collect it. “We may ask you to provide >>> demographic information (e.g. age, sex, country of residence) in >>> surveys or other information gathering activities. You are not >>> required to provide that information and your disclosure of that >>> information to us is voluntary. We do not disclose the >>> demographic information of individuals. We may publish >>> aggregated information using demographic data as one dimension, >>> in which case we will aggregate at a sufficient level to prevent >>> disaggregation or deanonymization.“ >>> >>> This email now begins a two week consultation on this revised >>> statement, closing on Wednesday 18 December. >>> >>> If you have any comments or questions then you can submit those >>> by any of the following methods: >>> >>> * Raising an issue on the Github repository >>> https://github.com/ietf-llc/ietf-privacy-statement-consultation >>> * Direct to me at exec-director@ietf.org * To the ietf@ietf.org >>> list >>> >>> [1] https://ietf.org/privacy-statement/ [2] >>> https://github.com/ietf-llc/ietf-privacy-statement-consultation/blob/master/DRAFT%20IETF%20Privacy%20Statement%202019.md >>> >>> >> >>> <0x5AB2FAF17B172BEA.asc> >
- Re: Consultation on revised IETF Privacy Statement Stephen Farrell
- Re: Consultation on revised IETF Privacy Statement Jay Daley
- Re: Consultation on revised IETF Privacy Statement Salz, Rich
- Re: Consultation on revised IETF Privacy Statement Stephen Farrell