Re: Future Handling of Blue Sheets

[Tobias Gondrom <tobias.gondrom@gondrom.org>]

Doug,

you are right in the end I can not prevent someone else from publishing 
this. Even today a party that subpoena'ed them might publish the data. 
(Or a person might just take a photo of the blue sheet in the room and 
publish that...)

Of course we can not control other people's actions, however the 
question remains whether we (as the IETF) do publish that data and how 
easy/fast we make it for others to publish that data.

Just to be clear, I agree basically with most of the proposal from the 
IESG.*
But when it comes to privacy I think we must be extremely careful and 
conservative with information, only releasing information where it 
really adds benefit to transparency. Because once released, it's 
impossible to get it back.
Thinking about how to thread the needle (as you put it), I don't agree 
that the current proposal is optimal, and I would reiterate my proposal 
to not publish the bluesheets in the proceedings but to make them 
available to an individual upon email request to the IETF secretariat, 
providing name and email of the requesting person (and with a disclaimer 
in the IETF answer that this information is not meant to be re-published 
to the public (note I intentionally say "public", i.e. sharing among 
groups would still be ok.)).
If we are worried about high volumes of requests, I would like to ask 
for more information on current volumes of subpoenas and why we get high 
volumes in the future. And if it's really too cumbersome for a person to 
answer the requests, we could then still discuss to use an email account 
based request system (IETF tools login) as proposed by Ted yesterday.

Best regards, Tobias


Ps.: *just as a disclaimer regarding the scanning part of the IESG 
proposal: I like it, but IMHO I would be slightly more cautious than the 
IETF counsel with the admissibility of scanned documents in court 
compared to paper originals. I've experienced quite some cases and legal 
discussions around value of proof of scanned documents.... - what I 
basically learned there was: scanning is ok in most IP jurisdictions, 
but handling the scanned data must use well documented procedures and 
access controls to keep the same level of non-repudiation of integrity 
and authenticity later in court.


On 10/05/12 17:10, Doug Barton wrote:
> On 5/10/2012 1:48 AM, Tobias Gondrom wrote:
>> What I dispute is that "make available to those who are interested"
>> necessarily leads to the need to broadcast the data (i.e. publish in the
>> proceedings).
> What is the harm you are trying to guard against by requiring the request?
>
> Or, to take a completely different tack, given that there are a non-zero
> number of people who think the data should be published, how do you
> intend to deal with someone who makes the request, and then puts it up
> on their own website?
>
> I don't hesitate to criticize when I think that the IESG gets it wrong,
> but in this case I think they threaded the needle about as well as it
> could be threaded.
>
> Doug
>