Re: [Shutup] [ietf-smtp] Proposed Charter for something

Richard Clayton <richard@highwayman.com> Thu, 10 December 2015 17:43 UTC

Return-Path: <richard@highwayman.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B42CA1A909F; Thu, 10 Dec 2015 09:43:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.353
X-Spam-Level: *
X-Spam-Status: No, score=1.353 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hT52y3X99ADv; Thu, 10 Dec 2015 09:43:49 -0800 (PST)
Received: from mail.highwayman.com (happyday.demon.co.uk [80.177.121.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 519841A908B; Thu, 10 Dec 2015 09:43:40 -0800 (PST)
Received: from localhost ([127.0.0.1]:33155 helo=happyday.al.cl.cam.ac.uk) by mail.highwayman.com with esmtp (Exim 4.86) (envelope-from <richard@highwayman.com>) id 1a75Fi-0005mu-9S; Thu, 10 Dec 2015 17:43:38 +0000
Message-ID: <2dguxzCGmbaWFA0x@highwayman.com>
Date: Thu, 10 Dec 2015 17:42:30 +0000
To: Martijn Grooten <martijn@lapsedordinary.net>
From: Richard Clayton <richard@highwayman.com>
References: <20151210144814.GA16386@lapsedordinary.net> <20151210151541.68326.qmail@ary.lan> <20151210164041.GA27258@lapsedordinary.net> <usu4dgC96aaWFAkI@highwayman.com> <20151210172336.GC27258@lapsedordinary.net>
In-Reply-To: <20151210172336.GC27258@lapsedordinary.net>
MIME-Version: 1.0
X-Mailer: Turnpike Integrated Version 5.03 M <zN2$+jT777vptPKL3qe+de7JLR>
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/__yv1oM610tZ0pOw4Xm2NsKifAs>
Cc: shutup@ietf.org, ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for something
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 17:43:50 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <20151210172336.GC27258@lapsedordinary.net>et>, Martijn Grooten
<martijn@lapsedordinary.net> writes

>> for many individuals there is only a short-term linkage between
>> themselves and the IP address (think dialup, DHCP systems for broadband
>> and carrier grade NAT solutions for mobile) so you can seldom use it for
>> long-term tracking of activity ("what else has this person done")
>
>I have been told that in the case of a home ISP, the linkage lasts long
>enough that if you send me a job application email from 1.2.3.4 that a
>visit to our website three days ago from 1.2.3.4 was quite likely made
>from the same house.

My home cable connection has had the same IP for 15 months... but I
would expect to get a different IP if I powered the cable modem down for
more than a few minutes.

There are no general rules here and almost every possible case is common

>I believe this is in part why some legislations consider an IP address
>personal data.

It's not to do with lifetimes per se because there may exist
organisations that can link the IP to a person....  the test is

        any information
        relating to
        an identified or identifiable
        natural person

and you should read

<http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.
pdf>

for a detailed analysis of each of those four elements.

And then you can amuse yourself for seeing how the UK failed to
transcribe this especially well (so the test is different here) and then
note that the EU is almost certainly going to go forward with a
Regulation next week (so that the UK can't "cheat" in future)

>A "crypgraphic blob" would still be linked to the customer, but not to
>any other activity.

all recipients of the email (and the blob) will of course become
processors of personal data (but we all knew that already, didn't we)

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBVmm5huINNVchEYfiEQLA+ACg1u6NX+1xHYeoNf2tXa8aQyImRJQAmgO0
l7b42AE+91j5SAuHAtBO4ulc
=pqqN
-----END PGP SIGNATURE-----