ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IETF privacy policy - update

2010-07-10 00:12:10
from [Monique Morrow (mmorrow)] [Permanent Link] 
+1 also

Monique


-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org on behalf of Fred Baker (fred)
Sent: Thu 7/8/2010 12:07 PM
To: IETF-Discussion list
Subject: Re: IETF privacy policy - update
 
+1 for a privacy policy. As to the question of this particular one, I'm going 
to profess some level of ignorance. I suggested starting from Google, Cisco, 
and/or ISOC's privacy policies and editing from there, and someone said I 
should pick a more appropriate starting point. What would be appropriate 
privacy policies to compare/contrast?

Personally, apart from references to ISOC-specific things, I thought ISOC's 
privacy policy was relatively simple and covered the major points. The draft is 
more detailed and more complete. The differences may be a matter of taste: look 
at http://www.isoc.org/help/privacy/ and ask yourself whether the provisions in 
"what do we collect" and "what do we do with it" are reflected in the draft, 
and I think you might agree that they are, with the draft being more explicit 
in different areas. But I think that the ISOC rules, when considered in an IETF 
light, are actually the same. We collect things that are standardly collected, 
but we don't share them, and we do use them to make our internal processes work 
better.

If there are others to compare/contrast, to see if we have missed a point or 
are stating for something not usually said, I'd be interested to know.

I would agree that this statement should be made by someone in I* leadership, 
either the IESG, IAOC, or perhaps IAB, and that it belongs on a web page as 
opposed to being in an RFC. 

I would suggest that a consensus be called for via a hum over VoIPv6. But the 
web page should be in flat ASCII with no graphics other than ASCII-art.


On Jul 7, 2010, at 11:00 PM, Cullen Jennings wrote:



On Jul 5, 2010, at 10:05 AM, Alissa Cooper wrote:


A few months ago I drew up a strawman proposal for a public-facing IETF 
privacy policy (http://www.ietf.org/id/draft-cooper-privacy-policy-00.txt). 
I've submitted an update based on feedback received: 
http://www.ietf.org/id/draft-cooper-privacy-policy-01.txt

In discussing the policy with the IAOC and others, it seems clear that the 
RFC model is probably not the best model for maintaining and updating a 
document like this. It is more likely to fall within the scope of the IAOC 
and/or the Trust. In order for the IAOC to consider taking this on and 
devoting resources to figuring out what its format should be, they need to 
hear from the community that a public-facing privacy policy is something 
that the community wants. So I have two requests for those with any interest 
in this:

1) Respond on this list if you support the idea of the IETF having a privacy 
policy (a simple "+1" will do).


+1 



2) If you have comments and suggestions about the policy itself, send them 
to this list.


I would be very happy if the IETF adopted the privacy policy proposed in your 
draft.

It seems to me the work of writing an acceptable policy is 90% done and the 
arguments that creating a privacy policy will detract from other work are 
pretty weak. It's a volunteer organization, people vote with their feet with 
what they want to work on. Just because Alissa spend time writing a policy 
document does not mean that time would be directed to other things if we did 
not want to do a privacy policy document. I don't think that having a privacy 
policy is going to bring a bunch of new contributors to the IETF, but I can 
imagine a case where the lack of a privacy policy caused some administrative 
group to do something really unfortunate which resulted in some good people 
leaving the IETF. 

A privacy policy is not something the IETF typically has a lot of people that 
are really experienced and qualified to draft. But we are very lucky here - 
we have multiple people that understand IETF culture and values, understand 
internet privacy policies and laws, and are willing to write a proposal. 
Unless this proposal is deeply flawed in some way I can't see, why wouldn't 
we just do it.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


http://www.ipinc.net/IPv4.GIF

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dispatch] VIPR - proposed charter version 3, Jonathan Rosenberg
Next by Date:  Re: [BEHAVE] Last Call: draft-ietf-behave-v6v4-xlate-stateful (Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard, marcelo bagnulo braun
Previous by Thread:  Re: IETF privacy policy - update, Peter Saint-Andre
Next by Thread:  Comments on <draft-cooper-privacy-policy-01.txt>, Bob Hinden
Indexes:  [Date] [Thread] [Top] [All Lists]