Two things have occurred since the message below as sent to the IETF mail list.
First, we got a lawyer in Europe to do some investigation, and the inclusion
of the email address on the blue sheet will lead to trouble with the European
privacy laws. Second, Ted Hardie suggested that we could require a password to
access the scanned blue sheet.
Based on the European privacy law information, the use of email will result in
a major burden. If the email address is used, then we must provide a way for
people to ask for their email address to be remove at any time in the future,
even if we got prior approval to include it. Therefore, I suggest that we
collect organization affiliation to discriminate between multiple people with
the same name instead of email address.
Based on Ted's suggestion, I checked with the Secretariat about using a
datatracker login to download the scanned blue sheet. This is fairly easy to
do, once the community tracking tools are deployed. However, with the removal
of the email addresses from the blue sheets, it is unclear that there is any
further need for password protection of these images. Therefore, I suggest
that we proceed without password protection for the blue sheet images.
Here is a summary of the suggested way forward:
- Stop collecting email addresses on blue sheets;
- Collect organization affiliation to discriminate between multiple people with
the same name;
- Scan the blue sheets and include the images in the proceedings for the WG
session;
- Add indication to top of the blue sheet so people know it will be part of the
proceedings; and
- Discard paper blue sheets after scanning.
Russ
On May 6, 2012, at 12:46 PM, IETF Chair wrote:
We have heard from many community participants, and consensus is quite rough
on this topic. The IESG discussed this thread and reached two conclusions:
(1) Rough consensus: an open and transparent standards process is more
important to the IETF than privacy of blue sheet information.
(2) Rough consensus: inclusion of email addresses is a good way to
distinguish participants with the same or similar names.
Based on these conclusions, the plan is to handle blue sheets as follows:
- Continue to collect email addresses on blue sheets;
- Scan the blue sheet and include the image in the proceedings for the WG
session;
- Add indication to top of the blue sheet so people know it will be part of
the proceedings; and
- Discard paper blue sheets after scanning.
On behalf of the IESG,
Russ