Well, as someone who believes that *all* websites and online-operating
organizations should have a clear and accessible privacy policy, I
think it is beyond embarrassing that the IETF does not have one. As
an organization that tries pretty hard to be sensitive to the privacy
impacts of the technologies it creates, it is disappointing that the
IETF does not itself meet even the most basic of privacy "best
practices," that is, having a privacy policy.
But I appreciate that others may view privacy policies as navel
gazing. In this case, however, the gazing could be fairly short and
focused -- there is already a draft policy that is in a second
version, with an author who has sought to work closely with the powers-
that-be to understand the IETF's current practices (and who is willing
to finish that work). The most important thing that needs to be
decided is "what form should a policy take," and I think there were a
number of good ideas on that point on the list. So I would urge us to
gaze into our navels just a little bit more to make this happen.
On Jul 7, 2010, at 10:42 AM, Iljitsch van Beijnum wrote:
On 7 jul 2010, at 16:32, John Morris wrote:
And, if you indeed think that something is missing, perhaps you
could suggest some language to address your concern, rather than
just dismiss the entire effort.
I think it's completely legitimate to question whether efforts like
this are worth the resources they soak up. The first time I went to
an IETF meeting I was shocked by the amount of talk about the
internals of the IETF itself that went on. We should really try to
minimize this navel gazing and only indulge in it when clearly
needed, something that hasn't been shown to be the case here.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf