Re: IETF privacy policy - update
Andrew Sullivan <ajs@shinkuro.com> Thu, 08 July 2010 15:15 UTC
Return-Path: <ajs@shinkuro.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C43E3A6AE9 for <ietf@core3.amsl.com>; Thu, 8 Jul 2010 08:15:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.798
X-Spam-Level:
X-Spam-Status: No, score=-0.798 tagged_above=-999 required=5 tests=[AWL=1.801, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHdukJOgZoD4 for <ietf@core3.amsl.com>; Thu, 8 Jul 2010 08:15:36 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 1054F3A6AE0 for <ietf@ietf.org>; Thu, 8 Jul 2010 08:15:33 -0700 (PDT)
Received: from crankycanuck.ca (external.shinkuro.com [66.92.164.104]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 96CA41ECB408 for <ietf@ietf.org>; Thu, 8 Jul 2010 15:15:36 +0000 (UTC)
Date: Thu, 08 Jul 2010 11:15:35 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: ietf@ietf.org
Subject: Re: IETF privacy policy - update
Message-ID: <20100708151534.GC63066@shinkuro.com>
References: <9C72FA78-C9C2-4719-9BFD-112ABEFA7117@cdt.org> <56522CF0-088B-4027-AF45-A6075A7EA666@muada.com> <51D591B3-1954-47A6-A40A-7DCE6DDD5CF0@cdt.org> <A68985E3-A34B-47AB-A6A2-E6718E505652@muada.com> <B75D4F49-2361-4706-A24A-D5E7026EE58D@cdt.org> <573C3FFA-B8CA-4B71-9128-07863DF1CF2B@muada.com> <tsl630r6pj1.fsf@mit.edu> <Pine.GSO.4.63.1007071250260.20133@pita.cisco.com> <4C34F4BB.4040907@bogus.com> <006FEB08D9C6444AB014105C9AEB133FFE28C51DD8@il-ex01.ad.checkpoint.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <006FEB08D9C6444AB014105C9AEB133FFE28C51DD8@il-ex01.ad.checkpoint.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2010 15:15:37 -0000
On Thu, Jul 08, 2010 at 11:59:12AM +0300, Yoav Nir wrote: > Without a privacy policy, it's hard to say whether that is > acceptable or not. I keep seeing arguments of this sort in the current thread, and it seems to me to be backwards. Surely it is not the privacy _policy_ that determines whether something is acceptable. For instance, imagine a website privacy policy that says, "We take your personal information, including your credit card number, expiry date, and CCD number, and post it on our website." The existence of that privacy policy would not make the actions somehow better or defensible: it would be a bad policy. I suppose posting somewhere that you're going to do that would be better than just doing it without any warning, but the action would be unacceptable regardless. If the current no-written-policy arrangement is working, it is presumably because people are making the right choices. One analysis of that is that there is an implicit policy, that it is acceptable, and that the present effort to write down a policy is just a way of making that implicit policy explicit. But writing the policy down does not in itself do anything about whether a given activity with a given bit of PII is ok. On the larger topic of whether a privacy policy is actually needed, I am undecided. On the one hand, it does seem to me to be a good idea to have one place where the IETF states what it is going to do with any PII. On the other hand, I can easily imagine that such a privacy policy could end up being used as a mechanism to justify bad ideas in the event something comes up: it will be more work to change the policy if it turns out to be inadequate than it will be to accept the inadequacy. The present arrangement means that, if a bad idea crops up, it can be dealt with on its own (de)merits without dragging in a meta-issue about whether the proposal is consistent with some holy policy document. A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc.
- Re: IETF privacy policy - update Marshall Eubanks
- IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Dave CROCKER
- Re: IETF privacy policy - update Dave CROCKER
- Re: IETF privacy policy - update SM
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Eliot Lear
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Eliot Lear
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Nathaniel Borenstein
- Re: IETF privacy policy - update Karen O'Donoghue
- Re: IETF privacy policy - update Stephan Wenger
- Re: IETF privacy policy - update John C Klensin
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update todd glassey
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Bob Hinden
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Ted Hardie
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update todd glassey
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Larry Smith
- Re: IETF privacy policy - update Iljitsch van Beijnum
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Sam Hartman
- Re: IETF privacy policy - update Ole Jacobsen
- Re: IETF privacy policy - update Paul Hoffman
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Sam Hartman
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Paul Hoffman
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Sam Hartman
- Comments on <draft-cooper-privacy-policy-01.txt> Bob Hinden
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Randy Bush
- Re: IETF privacy policy - update Cullen Jennings
- Re: IETF privacy policy - update joel jaeggli
- RE: IETF privacy policy - update Yoav Nir
- Re: IETF privacy policy - update David Morris
- Re: IETF privacy policy - update Arnt Gulbrandsen
- Re: IETF privacy policy - update Henk Uijterwaal
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Marshall Eubanks
- Re: IETF privacy policy - update jean-michel bernier de portzamparc
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Peter Saint-Andre
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update joel jaeggli
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Melinda Shore
- Re: IETF privacy policy - update Fred Baker
- Re: IETF privacy policy - update Randy Bush
- Re: IETF privacy policy - update Martin Rex
- Re: IETF privacy policy - update GTW
- Re: IETF privacy policy - update Henk Uijterwaal
- Re: IETF privacy policy - update Patrik Fältström
- Re: IETF privacy policy - update Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: IETF privacy policy - update Ted Hardie
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: IETF privacy policy - update Alissa Cooper
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Hannes Tschofenig
- Re: Comments on <draft-cooper-privacy-policy-01.t… Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- RE: IETF privacy policy - update Monique Morrow (mmorrow)
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Donald Eastlake
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… Phillip Hallam-Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Fred Baker
- Re: Comments on <draft-cooper-privacy-policy-01.t… Martin Rex
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Martin Rex
- Re: Comments on <draft-cooper-privacy-policy-01.t… Joel Jaeggli
- Re: Comments on <draft-cooper-privacy-policy-01.t… todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Andrew Sullivan
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: Comments on <draft-cooper-privacy-policy-01.t… Randy Bush
- Re: IETF privacy policy - update Alissa Cooper
- Re: IETF privacy policy - update Paul Hoffman
- Re: Comments on <draft-cooper-privacy-policy-01.t… Alissa Cooper
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: Comments on <draft-cooper-privacy-policy-01.t… John C Klensin
- Re: IETF privacy policy - update Martin Rex
- Re: IETF privacy policy - update todd glassey
- Re: Comments on <draft-cooper-privacy-policy-01.t… Dave CROCKER
- Re: IETF privacy policy - update John Morris
- Re: IETF privacy policy - update Andrew Sullivan
- Re: IETF privacy policy - still a bad idea John Levine
- RE: IETF privacy policy - update Dearlove, Christopher (UK)
- Re: IETF privacy policy - still a bad idea John R. Levine
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Phillip Hallam-Baker
- Re: IETF privacy policy - still a bad idea Phillip Hallam-Baker
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Andrew Sullivan
- Re: IETF privacy policy - still a bad idea Fred Baker
- Re: IETF privacy policy - still a bad idea Ole Jacobsen
- Re: IETF privacy policy - still a bad idea Dave CROCKER
- Re: IETF privacy policy - still a bad idea Arnt Gulbrandsen
- Re: IETF privacy policy - still a bad idea Marshall Eubanks
- Re: IETF privacy policy - still a bad idea John R. Levine
- Re: IETF privacy policy - still a bad idea Fred Baker
- Re: IETF privacy policy - still a bad idea todd glassey
- What does a privacy policy mean? John R. Levine
- Re: What does a privacy policy mean? Phillip Hallam-Baker