(copying the IETF list, and changing the subject line to make more sense there, per Jay's comment about 117attendees@xxxxxxxx shutting down) Jordi, Independent of the legal niceties and hair-splitting (and Jay's response is more useful than anything I could stay on those subjects), it seems to me that your note pushes us toward another problem: unlike, e.g., the RIRs, one of the IETF's main functions is to produce standards whose adoption is voluntary. In practice, that adoption depends on the IETF's credibility as representing broad perspective as well as doing deep and balanced technical work. Those considerations cannot be evaluated without knowing who is participating and, indeed, any affiliations they might have (such as the identify of employers who are supporting their participation). Noting that you said "attendees" and I said "participants" but that some of the things the Note Well refers to blurs whatever the difference might be under other circumstances, that gives the IETF some real reasons for insisting on a public participant list. If those who are participating can be secret, then it because impossible to evaluate what might, other than technical value and correctness, have influenced a particular specification. That is particularly important when a WG is faced with choices among a pair of options that are equally plausible technically but where the choice might affect company interests differently. So, your idea (and Vittorio's) about check boxes might be useful, but perhaps in form closer to the Note Well, i.e., "by deciding to participate, I recognize, accept, and agreed to, the IETF's legitimate interest in making a complete list of attendees public". In other words, if one wants or needs one's participation to be private/secret, don't come. That, in turn, raises a number of other questions that I think we have been circling around for years. Maybe it is time to address them via an open community discussion leading to a consensus document rather than avoiding them or nibbling at them via administrative decisions (such a language on a registration forms). Things on my list of questions that have come up directly or indirectly in the last year or so and that we might try to ask and resolve include: (1) If one registers to attend an IETF meeting in person, is one allowed to opt out of the public participants list? If so, is one allowed to be anonymous in other ways, such as having one's name obscured on a badge or wearing a hood that covers one's head and face? (2) Especially if people are not allowed to attend in-person IETF meetings anonymously (or without being recorded as being present), does the same principle apply to online meetings (including --or not-- remote participation in those in-person meetings)? (3) If having one's identity published on a public list is a condition for in-person attendance, do we need a mechanism for anonymously attending/ observing meetings remotely in real time? The current answer to the latter question has been "no, people wanting to hide their identities that way can always watch the YouTube videos" but I am not confident that position has community consensus. (4) Do we allow Internet-Drafts with anonymous authors? Authors who provide a working email address but whose identities are concealed? (5) Do we allow anonymous participation on IETF mailing lists, including making comments during IETF Last Call? "Allow" in this context implies intentionally, not what people might be able to trick the datatracker login/account process into accepting. In other words, there is a difference between being anonymous and participating under an obvious alias, such as of the "M. Mouse" variety and the questions of whether the latter is allowed, and how obvious the alias needs to be, are separate ones. (6) If someone is entitled to remove their names from public attendance lists, is someone (else) who captures the participant list for a particular meeting by screen-scraping the Meetecho (or other) participant list breaking any rules? Note that, while registering in Meetecho for a particular session at an in-person meeting is required (but not enforced), remote participants have not options other than registering under some name. (7) Should we be more or less aggressive about capturing, and perhaps publishing, affiliations as well as names? Are we willing to exclude people who have employer or client agreements that bar them from disclosing that information? If so, when none of those relationships involve current or plausible IETF work, would a disclosure of that type be sufficient, or does the IETF offer potential participants a choice between violating those agreements and participating (generally or in specific activities)? (8) I have deliberately conflated "anonymous" with "do not desire to have names published or made public" above, but are there reasons to make distinctions in that area? thanks, john (3) Is the IETF allowed to exclude people from its meetings and by what mechanism? Can a Posting Rights ban extend to a meeting participation ban? --On Wednesday, August 2, 2023 15:38 +0200 "jordi.palet@xxxxxxxxxxxxxxxxxx" <jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx> wrote: > Yes (I know that), and not, it all depend on how the data is > processed … > > And anyway, I understand that the attendee list is public, but > should not be (even if we lose transparency). If I understand > GDPR nits correctly, attendees should have the right to > opt-out to the public list. There is also something called > "right to be forgotten" that imply that an attendee, in > the future may wish to "vanish". > > If I recall correctly, several organizations, that also aim > for transparency (and I recall some RIRs), have already > decided to offer the choice, when registering, to appear in > public or not. > > We really should work in that (I'm personally fine being in > the public list - at least today), because the Data Protection > Agencies work not only based on claims but also by their own > decision, so even if there is no bad faith in what we do … > we can get punished. > > > Regards, > Jordi > > @jordipalet > > >> El 2 ago 2023, a las 15:29, Ted Lemon <mellon@xxxxxxxxx> >> escribió: >> >> The IETF attendee list is public, so it is at least >> technically possible that this was done without any GDPR >> violations. >> >> Op wo 2 aug 2023 om 06:26 schreef Christian Hopps >> <chopps@xxxxxxxxxx <mailto:chopps@xxxxxxxxxx>> >>> >>> Andrew Newton <andy@xxxxxx <mailto:andy@xxxxxx>> writes: >>> >>> >>> > No good deed goes unpunished. >>> >>> Jeez, no kidding. >>> >>> Chris. >>> >>> > On Wed, Aug 2, 2023 at 8:29 AM >>> > jordi.palet@xxxxxxxxxxxxxxxxxx >>> > <mailto:jordi.palet@xxxxxxxxxxxxxxxxxx> >>> > <jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx >>> > <mailto:40theipv6company.com@xxxxxxxxxxxxxx>> wrote: >>> >> >>> >> wow … that's a clear violation of privacy at least in >>> >> front of the GDPR for EU citizens and residents. I can >>> >> mean up to 20 million euros fine for Hilton and IETF, >>> >> really we want to risk for that? >>> >> >>> >> Regards, >>> >> Jordi >>> >> >>> >> @jordipalet >>> >> >>> >> >>> >> El 2 ago 2023, a las 14:24, Jay Daley >>> >> <exec-director@xxxxxxxx <mailto:exec-director@xxxxxxxx>> >>> >> escribió: >>> >> >>> >> >>> >> >>> >> On 2 Aug 2023, at 12:58, jordi.palet@xxxxxxxxxxxxxxxxxx >>> >> <mailto:jordi.palet@xxxxxxxxxxxxxxxxxx> >>> >> <jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx >>> >> <mailto:40theipv6company.com@xxxxxxxxxxxxxx>> wrote: >>> >> >>> >> Hi Jay, >>> >> >>> >> I'm not sure to understand this part: >>> >> >>> >> "any rooms booked at the cheaper rate would still count >>> >> towards our room block" >>> >> >>> >> So even non-IETF participants counted for the IETF block? >>> >> >>> >> >>> >> I don't know the precise process, but in essence our >>> >> team sat down with the hotel to look through the list of >>> >> non-IETF bookings that were for the week of the meeting >>> >> and identified which ones were for our participants based >>> >> on a match of registered names. >>> >>> -- >>> 117attendees mailing list >>> 117attendees@xxxxxxxx <mailto:117attendees@xxxxxxxx> >>> https://www.ietf.org/mailman/listinfo/117attendees >> -- >> 117attendees mailing list >> 117attendees@xxxxxxxx >> https://www.ietf.org/mailman/listinfo/117attendees > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be > privileged or confidential. The information is intended to be > for the exclusive use of the individual(s) named above and > further non-explicilty authorized disclosure, copying, > distribution or use of the contents of this information, even > if partially, including attached files, is strictly prohibited > and will be considered a criminal offense. If you are not the > intended recipient be aware that any disclosure, copying, > distribution or use of the contents of this information, even > if partially, including attached files, is strictly > prohibited, will be considered a criminal offense, so you must > reply to the original sender to inform about this > communication and delete it. >
