IETF Logo Mail Archive

Re: IETF privacy policy - update

Andrew Sullivan <ajs@shinkuro.com> Thu, 15 July 2010 22:59 UTC

Return-Path: <ajs@shinkuro.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 89FD73A672E for <ietf@core3.amsl.com>; Thu, 15 Jul 2010 15:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.16
X-Spam-Level:
X-Spam-Status: No, score=-1.16 tagged_above=-999 required=5 tests=[AWL=1.439, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wANJNgkW5meT for <ietf@core3.amsl.com>; Thu, 15 Jul 2010 15:59:33 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id A85103A679F for <ietf@ietf.org>; Thu, 15 Jul 2010 15:59:33 -0700 (PDT)
Received: from crankycanuck.ca (69-196-144-230.dsl.teksavvy.com [69.196.144.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 148D71ECB423 for <ietf@ietf.org>; Thu, 15 Jul 2010 22:59:44 +0000 (UTC)
Date: Thu, 15 Jul 2010 18:59:42 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: ietf@ietf.org
Subject: Re: IETF privacy policy - update
Message-ID: <20100715225942.GQ81932@shinkuro.com>
References: <C858915E.22949%stewe@stewe.org> <9885A682-95F5-4610-BC02-0F289EDDAA85@cdt.org> <p0624083cc864d72a22c9@[10.20.30.158]> <23A0C2B7-9EAC-4C84-8D4F-C18FB2590991@cdt.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <23A0C2B7-9EAC-4C84-8D4F-C18FB2590991@cdt.org>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2010 22:59:34 -0000

I'm not really keen on getting involved in this discussion any more
than I have been, but I can't help noting one thing:

On Thu, Jul 15, 2010 at 11:50:58PM +0100, John Morris wrote:

> 2.  We have many examples of leading banks, stores, and others  
> mishandling credit card and other records, so unless the IETF has come  
> up with some secret security sauce to eliminate all possibility of a  
> human or technical screwup with personal info, there is clear risk that 
> the IETF could mishandle data and be at the wrong end of a litigation.  

Given that practically every such leading back and store and so on had
a rich, long, detailed, hard to read privacy policy, I fail completely
to see how the having of a policy provides any value at all to the
IETF in such cases.  In the case of companies and so on, it has a
value, because firing people for violating the policy is the sort of
consequence that employers can use.  But the IETF isn't like that.  It
isn't even a legal entity.  So it doesn't have anyone to fire, &c.

As I've said before, I can see arguments in both directions on this
topic.  But I don't think it does us any good to keep saying,
"Everyone else has one."  Everyone else is also incorporated.

A

-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

v2.23.0 | Report a Bug | By Email