On 7/7/2010 8:53 AM, Dave CROCKER wrote:
On 7/7/2010 8:46 AM, Marshall Eubanks wrote:
Having a privacy policy in place does two primary things IMO. It
helps to
inform and set policy and it gives others a metric to evaluate
performance
and a tool to improve performance.
It also may have the useful effect of finding holes or
inconsistencies in
what we are doing, as it is reviewed and revised as technology and
conditions
change.
On its face, this line of thinking might appear to justify something
that is
explicitly toothless and, by implication, useless.
In fact, there's plenty of precedence in the world for having formal
clarity
about a policy but without realistic enforcement power.
A common example is non-disclosure agreements. Although they usually
contain
language that sounds like there is serious recourse, in practice there
isn't.
Typical misrepresentation by an IPR group member... If you want to know
about NDA's and their damage capabilities ask the folks at Rockwell who
paid 65M in damages over the NDA used to convey the IP under the K56
Flex modem to them.
Rather, the document serves as an explicit statement of concerns and an
acknowledgement by the signers that the concerns are understood.
Frequently, just having the issues stated clearly and brought to a
participant's
attention is enough to get improved behavior.
Unenforceable policy based on the doctrine of impossibility are
worthless. Having one creates a liability because it was "designed to be
unenforceable" and as such the intent is clear.
Todd
d/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf