On 7/6/2010 6:38 AM, Karen O'Donoghue wrote:
+1 on the IETF having a privacy policy.
I am undecided on the best mechanisms to develop, document, and
maintain that policy.
I am not... We need to create the Privacy Working Group and it will
produce a non-RFC based work product which is the Participation Privacy
Compliance Contract with the IETF's participants. There are certain
legal issues which the Founders never considered in their design of the
IETF which mandate a permanent type document status which is not part of
the Standards or Intellectual Property publication list unless it is a
specific template for other entities to use, and that would be out of
scope for the IETF.
What this means is we need a new class of legal framework document which
is not a RFC and all of the legal controls which have been
mis-implemented as "votable consensus" agreements are properly reduced
to policy and boiler plate so that anyone can easily figure out what
participation means.
That said, why is simply that since a privacy policy is something that
needs formal legal vetting and also something that a vote of the
officers of the Operating Board should weigh in on meaning that ISOC and
not the IETF's IAOC needs to formally ratify this since it is part of
the formal Charter Package of the IETF.
The privacy policy should be put together by a Working Group (lets call
it the PWG) as a non-RFC type operating document. It is not a BCP
either, it is a statement of the legal controls pertaining to the
privacy of the parties participating in the IETF standards process.
Further in regard to the review of that document, since it is the ISOC
(and possibly the Trust) who is/are directly liable for damages therein
at this time, it is they who must embrace and assert those privacy
controls as operating policy. So they should have representation in this
special Privacy Working Group. And finally since the privacy controls
cannot set aside those laws in the EU and other places embracing strict
privacy controls since "it" (the IETF) must be compliant to all of those.
Think of it this way - Imaging having for parties in places in the EU
implement the Nevada State PCI DSS standards for information security
based on those privacy controls for someone collaborating on a
submission from both Nevada and another party in say Finland or Denmark
for instance.
Also realize that a one-size fits all type model will not work because
some people cannot contractually sign their right to privacy away and
for them a policy of "assignment obfuscating privacy" probably also
doesn't work.
By the way - since the assignment of intellectual property rights has
provable cash money value, this is a real issue and it needs to be dealt
with both professionally and in a manner which makes the IETF more
transparent and less of a place where the politics of the day drive the
contract-controls on participation or use of the IETF intellectual
properties.
Todd Glassey
Karen
On 7/5/10 12:05 PM, Alissa Cooper wrote:
A few months ago I drew up a strawman proposal for a public-facing
IETF privacy policy
(http://www.ietf.org/id/draft-cooper-privacy-policy-00.txt). I've
submitted an update based on feedback received:
http://www.ietf.org/id/draft-cooper-privacy-policy-01.txt
In discussing the policy with the IAOC and others, it seems clear
that the RFC model is probably not the best model for maintaining and
updating a document like this. It is more likely to fall within the
scope of the IAOC and/or the Trust. In order for the IAOC to consider
taking this on and devoting resources to figuring out what its format
should be, they need to hear from the community that a public-facing
privacy policy is something that the community wants. So I have two
requests for those with any interest in this:
1) Respond on this list if you support the idea of the IETF having a
privacy policy (a simple "+1" will do).
2) If you have comments and suggestions about the policy itself, send
them to this list.
Thanks,
Alissa
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf