On Thu, Jul 01, 2010 at 09:42:16AM -0700, Joel Jaeggli wrote:
It has been the documented practice of the ietf meeting network
operations to limit the amount of pii data collected in operation or
experimentation and to destroy logs containing pii data if they
exist (example data collected by the IDS or formerly http proxy back
when we ran one) after the meeting.
This is useful, but not quite what I was asking. Clearly, the above
means that the logs exist during the meeting, while we are at the host
venue. I think it is safe to say that under some legal regimes, a
government could require the delivery of such existing logs to them.
Once such logs have been delivered, then even if the meeting netops
people destroy the logs, the logs can persist. Right?
What I'm trying to find out is what assurances, if any, we have about
the ability of the IETF to remain in sole control of the data. I'm
not really a paranoid type, but perhaps the recent experience of
Toronto police simply lying (with government collusion) about what
powers they had to detain people during the recent G20 meeting has
made me a little sensitive to this kind of (surprise, new)
requirement. I would also likely care less, except the whole point of
this effort is plainly to support one government's policy -- a policy
that I find odious, and one that appears at least once to have had
technical side effects on the global DNS. I'll leave aside the optics
of announcing the new policy less than a month before it is to be
implemented, and after people have already made travel plans, paid
meeting fees, and so on.
Ietf mailing list