IETF Logo Mail Archive

Re: Consultation on revised IETF Privacy Statement

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 04 December 2019 10:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1678120273 for <ietf@ietfa.amsl.com>; Wed, 4 Dec 2019 02:43:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.954
X-Spam-Level:
X-Spam-Status: No, score=-0.954 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8RaJumXqAQ5g for <ietf@ietfa.amsl.com>; Wed, 4 Dec 2019 02:43:15 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D72F120233 for <ietf@ietf.org>; Wed, 4 Dec 2019 02:43:14 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 08259BF1E for <ietf@ietf.org>; Wed, 4 Dec 2019 10:43:12 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PD8pPFHthXOw for <ietf@ietf.org>; Wed, 4 Dec 2019 10:43:09 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 964BFC050 for <ietf@ietf.org>; Wed, 4 Dec 2019 10:42:42 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1575456162; bh=ZaEnU00BQBWYvxHqr2fWTYRGPXny9YM7ClSouP8XiQE=; h=To:References:From:Subject:Date:In-Reply-To:From; b=jw3wxRv1yuzWT9YqFwZoB9EaIBGfU+Wqy1TSo9whVopznIr3z8PdHOB7YGeUaL5+0 04N8N6+uZWFU8j1aquJrWKymfeCbANIMnkHHQkQ4ivE0y9LMy+2lnw1yMzowqtmalS ho/E4De9bIspU80RYXfIbmND/fEnWn0bJpeCKtLs=
To: ietf@ietf.org
References: <157541908820.4734.11549038582739661941.idtracker@ietfa.amsl.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Subject: Re: Consultation on revised IETF Privacy Statement
Message-ID: <27d747e6-4b54-32e6-5ceb-d305b07c03c9@cs.tcd.ie>
Date: Wed, 04 Dec 2019 10:42:41 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <157541908820.4734.11549038582739661941.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="0YCSJfcYfuvyQcLmQ33ezxgVmg3OTU0C1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/z7v2pQAWU0nWEUuoovHVaWUswro>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 10:43:17 -0000

Hi,

Thanks for taking this on.

Some comments below:

1. What is a "privacy context"? I'm not a GDPR specialist
(thankfully:-) but have read bits about it and that's
not a well-defined term for me. I think I do know what it
means but want to check - if the IAB say keeps a file of
comments received on people who've volunteered for some
position, are we saying that data is covered by this
policy or not? OR, does this entire policy only really
apply to the public-facing IETF etc web sites and their
logs etc?

2. "Our Commitment to Privacy" - that subsection is only
about transparency, suggest renaming it to "Our Commitment
to Transparency." (That's not really a nit - there's a
significant proportion of our industry that publishes
what I believe are fake claims saying they are committed
to privacy, so we don't want to smell like that at all;-)

3. Whose "personal data" are comments submitted to the
nomcom feedback page?

4. The list of personal data is odd. Regarding an I-D
as personal data seems wrong in any case. I suspect
there may be a lack of definition somewhere here but
maybe it's ok to ignore that.

5. Pictures. I don't think this policy is consistent
with the red lanyards policy at IETF meetings. The text
here seems like it's over-riding that saying "we can
do whatever we want with pictures from meetings."

6. Sale of data. I like that bit:-) But please extend
it a little e.g. to "We do not sell your personal data,
or any data, nor do we monetize any data in any way,
such as by "renting" or making access available for
a fee." There have been many cases of companies making
what seem clear statements but where it turns out that
they do have "partners" and do end up making money from
people's data while still claiming that they don't "sell"
that.

7. "Our websites do not alter their behavior according to
the value of a browser Do Not Track (DNT) setting." Is
that new? (I forget sorry.) I don't like it anyway (even
though DNT is a crap specification:-). If someone emits
that signal we ought honour it unless we cannot.

8. "We use services from Cloudflare to support some of
their websites." s/their/our/?

9. I'm not keen on the "go find cloudflare's policy
yourself" statement. It'd be better if we had a pointer
to that and if we were clear that it applies to
www.ietf.org but not ietf.org or tools or datatracker
etc as applies. CF do after all have >1 policy and
tracking down which applies to www.ietf.org may be
non-trivial.

10. Stuff we don't share ought probably include feedback
to nomcom and other appointing bodies (e.g. IAB/IESG).
The ANRP and ANRW also involve reviews that some might
consider sensitive. Some but not all of those use web
based tools. Some will involve such feedback/comment
being sent on closed mailing lists.

11. Not asking we fix now, but, for a future version,
can we think about setting a policy for deleting old
data? I'm not sure anyone needs the payment info I
used for IETF35:-) If we already have such a policy,
then saying that here would be good.

12. Also for the future, I like warrant canaries. Not
so much because we might need one but to set what I
think is a good example. (Opinions vary on that though
so not asking you to do it, just to note it down to
ponder it later.)

Cheers,
S.

On 04/12/2019 00:24, IETF Executive Director wrote:
> The IETF Administration LLC has reviewed the IETF Privacy Statement
> [1] and proposes to introduce a new version [2].  The main reasons
> for this are to support the introduction of web analytics, to support
> the collection of demographic data in surveys and to make the whole
> statement more legally compliant, easier to read and clearer to
> understand.  This new version contains the following changes, which
> have been reviewed by our privacy counsel:
> 
> 1. Significant reordering, moving of text and changing of headings,
> with minimal change in meaning, in order to make the statement
> clearer and easier to understand.
> 
> 2. The scope statement has changed from covering the IETF/IRTF/IAB to
> identifying the specific groups that can legally be considered data
> controllers in various data protection regimes, namely the LLC, IESG,
> IAB, IRSG and RFC Editor, and being clear that their activities form
> a single privacy context.  The scope uses “IETF” as a collective term
> for all these groups, even though that is not structurally accurate,
> as attempting to convey accurate structure in this statement is too
> complex. “This statement sets out the privacy and data protection
> policy of the following related organizations and groups: the IETF
> Administration LLC ("LLC"); the Internet Engineering Steering Group
> (“IESG”); the Internet Architecture Board ("IAB"); the Internet
> Research Steering Group ("IRSG"); and the RFC Editor (each a
> "Party"), which are collectively referred to in this policy as  the
> Internet Engineering Task Force ("IETF") and whose activities
> constitute a single privacy context.“
> 
> 3. The existing version contains a number of references to the
> Internet Society (ISOC) given the legal structure that existed before
> the creation of the IETF Administration LLC.  Those references have
> all been removed as data will no longer be shared with ISOC and a
> statement added for the avoidance of doubt: “For the avoidance of
> doubt, this policy does not apply to the Internet Society (“ISOC”)
> and its activities and practices constitute a separate privacy
> context. ISOC should be regarded as a third-party for the purposes of
> this policy.”
> 
> 4. Two new elements have been added to the list of data that may be
> made public, which reflects existing practice.  These are “metadata
> related to the time and frequency of your interactions with any IETF
> system” and “message headers”.
> 
> 5. Added an additional example of personal data to be clear that
> email message headers contain a lot of data “the IP address of a
> message sender and details of the device or service used to send the
> message, as found in email headers”.
> 
> 6. Added a clear statement that we do not sell data "We do not sell
> your Personal Data".
> 
> 7. Added a new bullet on what data we collect to cover web analytics
> and a new paragraph that covers what we intend to do with that data.
> The bullet is “information provided when you interact with any IETF
> website” and the paragraph is “We track your usage of our websites in
> order to understand how our websites are used and how we can improve
> them.  We do this using Javascript based tracking code, which
> collects a limited set of technical data.  If Javascript is disabled
> or not available in your browser then this tracking will not take
> place and your usage of our websites should not be affected.”
> 
> 8. Section on Do Not Track (DNT) made clearer as previous version
> required you to read the specification to understand it “We do not
> enable or participate in any third-party tracking of your website
> activity.  As no third-party tracking is enabled on our website, our
> websites do not alter their behavior according to the value of a
> browser Do Not Track (DNT) setting.”
> 
> 9. The section on the use of cookies for online transactions has been
> made clearer “When you log into one of our websites or initiate an
> online transaction through one of our websites then we may use
> cookies to uniquely identify you during that session, to record your
> preferences and to simplify the establishment of new sessions.  If
> you disable your web browser's ability to accept cookies you will
> still be able to browse the site but authenticated and transactional
> services may not function.”
> 
> 10. A new section has been added to explain that if we collect
> demographic information in a survey then that will only be published
> in an aggregated form that does not allow individual identification.
> This addition is not needed to enable collection of demographics, we
> can do that anyway, it is solely to explain what we do if we do
> collect it.  “We may ask you to provide demographic information (e.g.
> age, sex, country of residence) in surveys or other information
> gathering activities.  You are not required to provide that
> information and your disclosure of that information to us is
> voluntary.  We do not disclose the demographic information of
> individuals.  We may publish aggregated information using demographic
> data as one dimension, in which case we will aggregate at a
> sufficient level to prevent disaggregation or deanonymization.“
> 
> This email now begins a two week consultation on this revised
> statement, closing on Wednesday 18 December.
> 
> If you have any comments or questions then you can submit those by
> any of the following methods:
> 
> * Raising an issue on the Github repository
> https://github.com/ietf-llc/ietf-privacy-statement-consultation *
> Direct to me at exec-director@ietf.org * To the ietf@ietf.org list
> 
> [1]  https://ietf.org/privacy-statement/ [2]
> https://github.com/ietf-llc/ietf-privacy-statement-consultation/blob/master/DRAFT%20IETF%20Privacy%20Statement%202019.md
> 
>

v2.23.0 | Report a Bug | By Email