Re: Important Information about IETF 76 Meeting Registration2009-09-08 17:45:44
I don't disagree with what you're saying below. I'm advocating that a
privacy policy should exist -- what the policy says is another matter.
For example, the policy might say, "The IETF collects your data and
sells it to identity thieves." Although I doubt that's what it would
say, it would still be preferable for that policy to be published than
to not be published. One of the core, widely accepted tenets of
individual privacy is transparency. I personally doubt that the IETF's
practices with respect to the data that it collects will be
objectionable to many people, but I think those practices should be
known so that the community can judge for itself. I think the
practices should be documented -- whether they need to be changed or
not is something to discuss once they've been documented.
It is unclear to me whether the data retention policy applies to the RFID data. Perhaps it counts as "Blue Sheets," in which case the data is retained permanently, but that is not immediately obvious from reading the policy. The note on the supplemental RFID page makes it sound as though the RFID data might not ultimately be stored electronically, but it's not totally clear. Alissa On Sep 2, 2009, at 4:02 AM, SM wrote: Hi Alissa, At 08:04 01-09-2009, Alissa Cooper wrote:This entire thread is perfectly illustrative of why the IETF needs a privacy policy. Without one, it is entirely unclear how the data collected about IETF participants is used, disclosed and protected, whether that data is part of an experiment or not. While thesupplemental information about the RFID tagging experiment (http://www.ietf.org/meeting/76/ebluesheet.html ) is helpful, it is not complete (for example, how long the RFID- captured data is stored in electronic form is not disclosed), andnothing equivalent exists (to my knowledge) for other kinds of data about IETF participants, like registration data.From the above webpage:- The data will be printed and archived along with the paper blue sheets- The data will NOT be distributed to anyone other than the IAOC, IAD, the Secretariat and the host team that is organizing and supporting this experiment - The data will be available for use if subpoenaedIt summarizes the use of the data after the meeting. There is already a retention policy document and it may contain the answer to your question.I don't have any concerns about this experiment.In our protocol development work, many of us try very hard to design privacy and security features in from the outset, whether we'redesigning a highly experimental prototype or a core protocol. The sameshould be true for the design of data collection mechanisms and practices associated with IETF meetings.You asked a similar question about a privacy policy a few weeks ago. As we talking about IETF meetings, the question can be viewed from a different angle. One of the goals of the Internet Standards Process is openness and fairness. Participation in the IETF is open, i.e. anyone can join in. We can already find out who are the "contributors" in a Working Group as there are open discussions on the relevant mailing list and there is a publicly accessible archive of the discussions. The Working Group sessions (at a meeting) are not that different.Everything a person says in a Working Group session is not private. For the process to be transparent, the list of individuals that are there also should not be considered as private. In practice, the IETF offers you a some leeway. Nobody will coerce you to sign the attendance list. If you are going to the mic, you do have to identify yourself. If you have any other concerns, please read the messages posted by Doug Ewell and Tony Hain on this thread on how to restrict what information is collected about you.A list of session attendees is useful for:(a) capacity planning (size of the meeting room to accommodate the number of participants)(b) catering (c) session scheduling (d) cross-area participationThe Area Directors and Working Group Chairs might have a rough idea about item (d). The IETF can gain a better view of (d) if the information is collected in electronic form.I'll comment on Steve Crocker's questions: (i) Do we need access controls on the information?If the electronic process mimics existing practices, it is easier to publish the information. That is already done for the meeting attendees list. Note that this model may not be appropriate for other organizations.(ii) Do we need an ability to edit information that's been collected if it's inaccurate?The meeting registration form has a field for the "Name to appear on badge". That can be used throughout the meeting. The Working Group attendance collected during the session can be verified by the participants in the room. Set up a procedure where they can contact the IETF Secretariat to correct any errors they find.(iii) Do we need more flexibility in the information stored in the record, e.g. a distinct email address for each working group?Some people prefer not to provide an email address (see bluesheet "spam" discussions over the last few years). Some people may be using a distinct email address for each working group for ease of sorting or filtering. Provide the ability for the participant to edit the email address. It is better not to publish these email addresses to avoid rehashing the "spam" discussions.At 07:10 01-09-2009, Dave CROCKER wrote:An important datum in human studies is how humans react to things. Taking such a dismissive stance towards reactions to the RFID announcement ensures missingimportant information about acceptability to the target population.Agreed. It is useful to know how many participants opted out of the experiment and why they did so. For example, was it because there was a misunderstanding about how the experiment works or what information is collected? It is better to address this informally instead of having a form asking the person why they are opting out.I avoided the question of proximity tracking and the time the participant spends in a session as my comments on items (i) to (iii) would be different then.Regards, -sm _______________________________________________ Ietf mailing list Ietf(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/ietf
|
|