On 7/9/2010 4:32 AM, Hannes Tschofenig wrote:
The Fair Information Practices are a set of principles most of us are quite
likely to believe in, such as (copied from the Alissa's draft):
Likely, yes. But do any of us know how to translate those principles into
particular behaviors? Is it likely that any two of us will make the same
translation? What about enough of us to constitute rough consensus?
Note, for example, my earlier comment that the draft's use of "the IETF" treats
it as an entity when in fact it has little legal standing and even less
cohesiveness in its behaviors. Who does the term refer to?
Principles need to be accompanied with very concrete behavioral prescriptions
and proscriptions, for the principles to have real meaning. That's what the
remaining sections of the draft seek to do.
The draft currently gives too little introduction to IETF-specific precepts,
concepts and motivation. All presented more simply, as Bob Hinden suggests.
As an example, imagine some researchers doing some interesting network
testing and collect data that travels over the IETF network then these
principles say that you should be transparent in what you do, you should
tell people what you collect and why, etc.
I think that this is something we want people to do. And "yes" we have
researchers looking into the traffic, people storing all sorts of data, etc.
This issue of measuring the network for research raises a deeper and more
serious problem: informed consent. Telling people about the work after the
fact violates this requirement.
As soon as the word "privacy" becomes relevant, an implication for research is
that we are in the realm of human subjects ethics, and the research world has
produced some fairly strict rules concerning this. For example:
especially section 46.116
Has "the IETF" been authorizing people to conduct human subjects research
without the informed consent of the subjects?
Ietf mailing list