On 4/22/12 23:54 , Yoav Nir wrote:
On Apr 23, 2012, at 9:00 AM, Joel jaeggli wrote:
On 4/22/12 22:45 , Robert Raszuk wrote:
Joel,
What property of the blue sheet makes it personal data.
WG meeting title and name or email address.
Nothing more helpful for recruiters to get hold of such list and
start spamming with job offers in given area of technology.
The participants are readily identifiable already.
Effort matters. If getting that data requires a subpoena, or if it
requires a formal letter from a lawyer, or if it's available on the
website, these are different things. I'm with Tobias on this.
But that wasn't my question. What data on the blue sheet is
personal?
It says where I was, and at what time, and it's nobody's business.
in the context of the meeting it is in fact the purpose of the blue sheet.
http://tools.ietf.org/html/rfc2418#section-3.1
All working group actions shall be taken in a public forum, and wide
participation is encouraged. A working group will conduct much of its
business via electronic mail distribution lists but may meet
periodically to discuss and review task status and progress, to
resolve specific issues and to direct future activities. IETF
Plenary meetings are the primary venue for these face-to-face working
group sessions, and it is common (though not required) that active
"interim" face-to-face meetings, telephone conferences, or video
conferences may also be held. Interim meetings are subject to the
same rules for advance notification, reporting, open participation,
and process, which apply to other working group meetings.
All working group sessions (including those held outside of the IETF
meetings) shall be reported by making minutes available. These
minutes should include the agenda for the session, an account of the
discussion including any decisions made, and a list of attendees.
It's information that does not need to be disclosed to the public,
and therefore shouldn't. We don't have to come up with an attack
vector first.
Every person who has registered since at least the publication of
3979 if not before has consented to the public disclosure of
records of the meeting. a list of the meeting attendees is required
by 2418.
Again, this is a different level of information. On the streets,
Legally I don't have an expectation of privacy. The police, or anyone
who cares to, may follow me around, and see where I'm going. There
is, however, a huge const involved in this, and that's why 20 years
ago, people did have an expectation of privacy on the streets. Having
surveillance cameras at street corners like they have in too much of
the western world right now does not change what the police can or
cannot do to an individual. There is a huge change, though, because
now they can afford to track everyone all the time.
Connect those cameras to the Internet as publicly accessible webcams,
and our society turns into a whole new kind of surveillance society.
Publishing blue sheets is not as bad as that, but it's a step in the
wrong direction.
Yoav