Re: Future Handling of Blue Sheets

Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 23 April 2012 05:12 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E12AB21F8537 for <ietf@ietfa.amsl.com>; Sun, 22 Apr 2012 22:12:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.159
X-Spam-Level:
X-Spam-Status: No, score=-96.159 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_SORBS_WEB=0.619, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyzNau5rY3V5 for <ietf@ietfa.amsl.com>; Sun, 22 Apr 2012 22:12:18 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id BDD7721F853B for <ietf@ietf.org>; Sun, 22 Apr 2012 22:12:17 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=n4pZZRWA+4m434lz3kFqqkf1uX3Xs/tlfQJ3iB4Avw8JyrKFVs5z+Td2Hl3frng9dM7/eVBPgbEI7LpIosltreAB6cFVhT620PnG5yqTJPivVIOUyTYRzFbsc7P9tYd2; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:X-Priority:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Received: (qmail 32006 invoked from network); 23 Apr 2012 07:12:14 +0200
Received: from unknown (HELO ?172.27.51.107?) (203.127.223.69) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 23 Apr 2012 07:12:13 +0200
Message-ID: <4F94E4AB.5080706@gondrom.org>
Date: Mon, 23 Apr 2012 13:12:11 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1
MIME-Version: 1.0
To: housley@vigilsec.com
Subject: Re: Future Handling of Blue Sheets
X-Priority: 4 (Low)
References: <2AC114D8-E97B-47A0-B7E0-9EF016DCB09F@ietf.org> <4F94D01F.3070102@gondrom.org> <DDB8050A-7A04-4A0F-A364-0E3E511DCB43@vigilsec.com>
In-Reply-To: <DDB8050A-7A04-4A0F-A364-0E3E511DCB43@vigilsec.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2012 05:12:19 -0000

Hi Russ,

thank you for the information.
In this case, my preference would be not to publish the blue sheets with 
the proceedings.

Reasoning:
The blue sheet data can at some point be used to determine movement 
profiles of individual attendees at the meeting to a finer granularity 
than today and therefore can be an issue for privacy (even though I 
recognize that this is a public meeting). The fact that we "may reduce" 
the amount of subpoenas is a viable reason, still personal data should 
be handled as conservative as possible. Without a significant and 
measurable economic advantage by the publication, we should rather not 
publish this data with the proceedings.
(My underlying assumption is of course that currently our cost of 
subpoenas is not forbiddingly high compared to overall conference costs. 
If that assumption proves to be false, I would have to rethink my 
statement above.)

Besides that:
- am agnostic on whether we ask for email address or not (in the end I 
gave up on hiding my email address as a way to reduce spam...)
- even without publication, we could still scan the blue sheets and 
maintain them in an electronic archive without keeping the hard copies 
(please note there may be legal requirements on procedures of handling 
non-paper copies that are later to be used in a court of law).
- And if we would go to a Hiroshima/RFID model, the discovery in 
subpoenas could be much easier compared to scanned paper documents with 
handwritten names.

Just my 5cents.

Tobias



On 23/04/12 12:41, Russ Housley wrote:
> Hi Tobias.
>
> I would like to make them available as part of the proceedings so that anyone can find them and view them.  This _may_ reduce subpoenas for the blue sheets in the future.
>
> Many people have expressed similar thoughts about the RFID experiment.  Last time we investigated a system for IETF meetings, it was quite expensive.  I'll ask again to see if this has changed.
>
> Russ
>
>
> On Apr 22, 2012, at 11:44 PM, Tobias Gondrom wrote:
>
>> Hi Russ,
>>
>> from a privacy perspective: may I ask for what purpose you propose to publish the blue sheets (with the names of all WG session attendees) with the proceedings?
>> AFAIK, at the moment the blue sheets are basically available on request especially in case of IP questions. What would lead to the proposal to publish the list of names of attendees always with the proceedings?
>>
>> Best regards, Tobias
>>
>>
>> Ps.: btw. though I might be the only one, but I liked the blue sheet replacement experiment (RFID) in Hiroshima...
>>
>>
>>
>> On 22/04/12 22:31, IETF Chair wrote:
>>> At IETF 83, we had a discussion about the future of blue sheets, many spoke at the mic in support of the proposal.  There has been very little discussion on the mail list.  However, all of the discussion that I have see has been very supportive.
>>>
>>> The suggestion is three blue sheet changes:
>>> 1.  No longer ask for email address;
>>> 2.  Scan the blue sheet and include the image in the proceedings for the WG session; and
>>> 3.  Discard paper blue sheets after scanning.
>>>
>>> Please speak up if you think this is the wrong thing to do.
>>>
>>> Thanks,
>>>    Russ