From: ietf-bounces(_at_)ietf(_dot_)org
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Yoav
Nir
Sent: Monday, April 23, 2012 2:54 AM
To: Joel jaeggli
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Future Handling of Blue Sheets
Effort matters. If getting that data requires a subpoena, or if it requires a
formal letter from a lawyer, or if it's available on the website, these are
different things.
[WEG] and I'd counter by saying that anyone who cares enough about the
whereabouts of a specific IETF attendee to bother tracking them via online blue
sheets will not be stymied much by their unavailability.
But that wasn't my question. What data on the blue sheet is personal?
It says where I was, and at what time, and it's nobody's business. It's
information that does not need to be disclosed to the public, and therefore
shouldn't. We don't have to come up with an attack vector first.
[WEG] While generally I understand the concept of "need to know" as a reason
not to publish, that doesn't answer the question, especially since this
information isn't available in real-time. What problem does it create as a
matter of historical record of a public forum with a publicly-available
attendee list? I think that what we're really talking about here is burden of
proof: Is it incumbent upon the IETF to prove that there is material benefit to
publishing this information publicly, or upon the attendees to prove that there
is material harm in doing so? Given the terms of things like the note well, I
tend to believe that it's the latter. Therefore, yes an attack vector would be
helpful.
For that matter, shall we also start anonymizing the names of those who speak
at the mic when they appear in the minutes? What about the mailing lists? Are
you certain that no one with access to public mailing list records might see an
email post by you, or a WG draft with your name on it and correctly infer that
you may have attended a meeting of that WG during an IETF meeting where your
name is on the public meeting attendee list? That would seem to have a similar
problem where a low amount of effort would net similar information.
Every person who has registered since at least the publication of 3979
if not before has consented to the public disclosure of records of the
meeting. a list of the meeting attendees is required by 2418.
Again, this is a different level of information. On the streets, Legally I
don't have an expectation of privacy. The police, or anyone who cares to, may
follow me around, and see where I'm going.
[WEG] The only meeting in recent memory where there were people actually
checking badges to permit entry to the meeting areas (in Beijing), was roundly
criticized for doing so, yet somehow IETF meetings are less public than the
street? When was the last time that anyone challenged someone not wearing their
name badge for simply being in the IETF meeting area?
I think it comes back to the difference between knowing this information in
near-real-time (as with a physical tail or camera surveillance) vs. knowing it
weeks or months after the fact when the proceedings are published. To
participate in the IETF is to have your name publicly associated with it, and
allow reasonably intelligent people to infer details about your whereabouts. I
still don't understand how the blue sheets have much impact on that fact.
Wes George
This E-mail and any of its attachments may contain Time Warner Cable
proprietary information, which is privileged, confidential, or subject to
copyright belonging to Time Warner Cable. This E-mail is intended solely for
the use of the individual or entity to which it is addressed. If you are not
the intended recipient of this E-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this E-mail is strictly prohibited and may be
unlawful. If you have received this E-mail in error, please notify the sender
immediately and permanently delete the original and any copy of this E-mail and
any printout.