On 7/9/2010 7:21 AM, Phillip Hallam-Baker wrote:
A lot of people have difficulty connecting the human level privacy
requirement with the technology level.
PH-B,
Look, the IETF is a public entity and yet there are formal disclosure
requirements for privacy controls. That is a dichotomy which creates
both protection responsibilities and use controls.
That said here are some thoughts on the specific areas a privacy policy
would impact.
Some participants cannot...
---------------------------------------------
This is important since there are also privacy constraints that some
global IETF members cannot contractually ameliorate or sign-away and as
such it means that those privacy controls must be implemented or those
parties cannot participate in the IETF.
Disclosure is required for any IP protection
---------------------------------------------
Also the scope of privacy means here in a public forum is another one of
the key issues, but since it has been noticed the 'concept of
transparency' is one of the attributes the IETF is supposed to embrace,
and transparency removes privacy...the issue of how much information is
private becomes a problem.
If transparency != [privacy] and the IETF[transparency] is real
transparency and not some term of art whipped up as icing on the cake,
this becomes moot.
Creating a privacy policy has broad sweeping impact
---------------------------------------------
As to the effect of creating a privacy policy, the physical creation of
the privacy policy has far sweeping implications. For instance the
IETF's use licenses need to specifically be restricted to conform to
this new policy as well so its not just creating a Policy Statement and
walking away, many other documents will need to be revised or they will
cease to have legal effect in being set aside or modified in their scope
and terms based on the newly formed privacy policy.
The goals of the privacy policy are simple. To enforce a set of controls
which protect individuals personal Intellectual Property (information
about us as individuals) while allowing for the collective vetting of
the group Intellectual Properties (i.e. work product and technical info
or IETF structure/ops info).
Email and personal contact data
---------------------------------------------
So that means all identities and points of contact need to be properly
disclosed and there is no license to use that data specifically for any
other purpose. I brought this up when I suggested formal changes to the
unheavelnly twins (BCP78 & 79) to specifically state that IETF email
contact information may not be used for any purpose outside of the
operations of the IETF working group some time ago.
Maybe now under the banner of eliminating the need for a formal privacy
policy, this can be reviewed.
Todd Glassey
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf