IETF Logo Mail Archive

Re: IETF privacy policy - update

jean-michel bernier de portzamparc <jmabdp@gmail.com> Thu, 08 July 2010 19:05 UTC

Return-Path: <jmabdp@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F00583A6874 for <ietf@core3.amsl.com>; Thu, 8 Jul 2010 12:05:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vUYnFq2l1ugo for <ietf@core3.amsl.com>; Thu, 8 Jul 2010 12:05:36 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 47DF23A686A for <ietf@ietf.org>; Thu, 8 Jul 2010 12:05:35 -0700 (PDT)
Received: by bwz7 with SMTP id 7so728343bwz.31 for <ietf@ietf.org>; Thu, 08 Jul 2010 12:05:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=OlBhUn52vjBkvznhlhy9gwzWqHeDEcESNTeBOg08b0o=; b=xpdSxcO1VIatrlzaryTRWdGG31CMdCje6JnlO3grQT/05GNuPW+oxQ0LhJvfIYlb3A ChXVTEOelsXWqfMZwf1ikZVNv0FdBbpOYkSdY0f5za2wBq6gLc//Ts9BEjFB3ymgGScD Ojk/Yde5IsSnJj05sQYJ1qqFhfHcliEAuWTy0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=VqJZjufDssHKEpoQm0nnsdaR4Jzr9ZpKR14uPjKCkPc2fVVG22KxvRqUC3BDwA7AVq ncXy+pjCnE8TjyYptctlEOmSMb4pRYu1hVvRF0F2NhVCd5d2szZtaNEU56eY/lAmtvn7 7pnw9oMzIwCa2BzNvs23bllp1LwmQJ2R4Yj8M=
MIME-Version: 1.0
Received: by 10.204.74.10 with SMTP id s10mr6527620bkj.26.1278615934477; Thu, 08 Jul 2010 12:05:34 -0700 (PDT)
Received: by 10.204.2.129 with HTTP; Thu, 8 Jul 2010 12:05:34 -0700 (PDT)
In-Reply-To: <25062F4E-3CE7-4EBD-A5BF-4CE26A0E9079@americafree.tv>
References: <9C72FA78-C9C2-4719-9BFD-112ABEFA7117@cdt.org> <56522CF0-088B-4027-AF45-A6075A7EA666@muada.com> <51D591B3-1954-47A6-A40A-7DCE6DDD5CF0@cdt.org> <A68985E3-A34B-47AB-A6A2-E6718E505652@muada.com> <B75D4F49-2361-4706-A24A-D5E7026EE58D@cdt.org> <573C3FFA-B8CA-4B71-9128-07863DF1CF2B@muada.com> <tsl630r6pj1.fsf@mit.edu> <Pine.GSO.4.63.1007071250260.20133@pita.cisco.com> <4C34F4BB.4040907@bogus.com> <006FEB08D9C6444AB014105C9AEB133FFE28C51DD8@il-ex01.ad.checkpoint.com> <20100708151534.GC63066@shinkuro.com> <25062F4E-3CE7-4EBD-A5BF-4CE26A0E9079@americafree.tv>
Date: Thu, 08 Jul 2010 21:05:34 +0200
Message-ID: <AANLkTil6c3toAAkHJ814LPV82uVs8wv_1WKPigBCoJBY@mail.gmail.com>
Subject: Re: IETF privacy policy - update
From: jean-michel bernier de portzamparc <jmabdp@gmail.com>
To: ietf@ietf.org
Content-Type: multipart/alternative; boundary="0016e6d97635942481048ae4f8f7"
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2010 19:05:38 -0000

I tend to agree with Andrew and Marshall.

However, from our own JEDI's (so-labelled "Jefsey's disciples") experience I
would suggest some kind of "ietf privacy netiquette". It could be equivalen
to architectural quotes like "dumb network", "end to end", "protocol on the
wire", "rough consensus", etc. It could be added to the Tao.

This way everyone would know-where he/she comes and can behave equally. This
could concern the so-called "puppets", negative privacy (ad hominem have a
perpetual impact on private reputation), disclosed/non-disclosed
affiliations, who paid for the travel tickets and attendance fees,
architectural perspective, mailing list participations, etc. I think this
could be proactive if the information is not "protected" but "personally and
optionally disclosed". There could be a database where every IETF
participant could document what he/she wants on him/herself. I am sure that
what would not be disclosed would eventually inform more than what is
disclosed and help better debates, avoiding misunderstandings, and focusing
on concepts rathers than on percepts.

Portzamparc

2010/7/8 Marshall Eubanks <tme@americafree.tv>

>
> On Jul 8, 2010, at 11:15 AM, Andrew Sullivan wrote:
>
>  On Thu, Jul 08, 2010 at 11:59:12AM +0300, Yoav Nir wrote:
>>
>>  Without a privacy policy, it's hard to say whether that is
>>> acceptable or not.
>>>
>>
>> I keep seeing arguments of this sort in the current thread, and it
>> seems to me to be backwards.  Surely it is not the privacy _policy_
>> that determines whether something is acceptable.  For instance,
>> imagine a website privacy policy that says, "We take your personal
>> information, including your credit card number, expiry date, and CCD
>> number, and post it on our website."  The existence of that privacy
>> policy would not make the actions somehow better or defensible: it
>> would be a bad policy.  I suppose posting somewhere that you're going
>> to do that would be better than just doing it without any warning, but
>> the action would be unacceptable regardless.
>>
>> If the current no-written-policy arrangement is working, it is
>> presumably because people are making the right choices.  One analysis
>> of that is that there is an implicit policy, that it is acceptable,
>> and that the present effort to write down a policy is just a way of
>> making that implicit policy explicit.  But writing the policy down
>> does not in itself do anything about whether a given activity with a
>> given bit of PII is ok.
>>
>
> I see this as a normal part of an organization growing up. Small, young,
> organizations don't
> typically need much structure, as everyone knows everybody, people trust
> each other,
> and everything tends to be in people's heads. That doesn't scale. Putting
> implicit policies down in writing is an attempt to make sure that the
> organization doesn't
> change in adverse ways as it grows and matures.
>
> Regards
> Marshall
>
>
>
>
>> On the larger topic of whether a privacy policy is actually needed, I
>> am undecided.  On the one hand, it does seem to me to be a good idea
>> to have one place where the IETF states what it is going to do with
>> any PII.  On the other hand, I can easily imagine that such a privacy
>> policy could end up being used as a mechanism to justify bad ideas in
>> the event something comes up: it will be more work to change the
>> policy if it turns out to be inadequate than it will be to accept the
>> inadequacy.  The present arrangement means that, if a bad idea crops
>> up, it can be dealt with on its own (de)merits without dragging in a
>> meta-issue about whether the proposal is consistent with some holy
>> policy document.
>>
>> A
>>
>> --
>> Andrew Sullivan
>> ajs@shinkuro.com
>> Shinkuro, Inc.
>> _______________________________________________
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
>>
>>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>

v2.23.0 | Report a Bug | By Email