(copying the IETF list, and changing the subject line to make
more sense there, per Jay's comment about 117attendees@xxxxxxxx
shutting down)
Jordi,
Independent of the legal niceties and hair-splitting (and Jay's
response is more useful than anything I could stay on those
subjects), it seems to me that your note pushes us toward
another problem: unlike, e.g., the RIRs, one of the IETF's main
functions is to produce standards whose adoption is voluntary.
In practice, that adoption depends on the IETF's credibility as
representing broad perspective as well as doing deep and
balanced technical work. Those considerations cannot be
evaluated without knowing who is participating and, indeed, any
affiliations they might have (such as the identify of employers
who are supporting their participation).
Noting that you said "attendees" and I said "participants" but
that some of the things the Note Well refers to blurs whatever
the difference might be under other circumstances, that gives
the IETF some real reasons for insisting on a public participant
list. If those who are participating can be secret, then it
because impossible to evaluate what might, other than technical
value and correctness, have influenced a particular
specification. That is particularly important when a WG is
faced with choices among a pair of options that are equally
plausible technically but where the choice might affect company
interests differently.
So, your idea (and Vittorio's) about check boxes might be
useful, but perhaps in form closer to the Note Well, i.e., "by
deciding to participate, I recognize, accept, and agreed to, the
IETF's legitimate interest in making a complete list of
attendees public". In other words, if one wants or needs one's
participation to be private/secret, don't come.
That, in turn, raises a number of other questions that I think
we have been circling around for years. Maybe it is time to
address them via an open community discussion leading to a
consensus document rather than avoiding them or nibbling at them
via administrative decisions (such a language on a registration
forms). Things on my list of questions that have come up
directly or indirectly in the last year or so and that we might
try to ask and resolve include:
(1) If one registers to attend an IETF meeting in person, is one
allowed to opt out of the public participants list? If so, is
one allowed to be anonymous in other ways, such as having one's
name obscured on a badge or wearing a hood that covers one's
head and face?
(2) Especially if people are not allowed to attend in-person
IETF meetings anonymously (or without being recorded as being
present), does the same principle apply to online meetings
(including --or not-- remote participation in those in-person
meetings)?
(3) If having one's identity published on a public list is a
condition for in-person attendance, do we need a mechanism for
anonymously attending/ observing meetings remotely in real time?
The current answer to the latter question has been "no, people
wanting to hide their identities that way can always watch the
YouTube videos" but I am not confident that position has
community consensus.
(4) Do we allow Internet-Drafts with anonymous authors? Authors
who provide a working email address but whose identities are
concealed?
(5) Do we allow anonymous participation on IETF mailing lists,
including making comments during IETF Last Call? "Allow" in
this context implies intentionally, not what people might be
able to trick the datatracker login/account process into
accepting. In other words, there is a difference between being
anonymous and participating under an obvious alias, such as of
the "M. Mouse" variety and the questions of whether the latter
is allowed, and how obvious the alias needs to be, are separate
ones.
(6) If someone is entitled to remove their names from public
attendance lists, is someone (else) who captures the participant
list for a particular meeting by screen-scraping the Meetecho
(or other) participant list breaking any rules? Note that,
while registering in Meetecho for a particular session at an
in-person meeting is required (but not enforced), remote
participants have not options other than registering under some
name.
(7) Should we be more or less aggressive about capturing, and
perhaps publishing, affiliations as well as names? Are we
willing to exclude people who have employer or client agreements
that bar them from disclosing that information? If so, when
none of those relationships involve current or plausible IETF
work, would a disclosure of that type be sufficient, or does the
IETF offer potential participants a choice between violating
those agreements and participating (generally or in specific
activities)?
(8) I have deliberately conflated "anonymous" with "do not
desire to have names published or made public" above, but are
there reasons to make distinctions in that area?
thanks,
john
(3) Is the IETF allowed to exclude people from its meetings and
by what mechanism? Can a Posting Rights ban extend to a meeting
participation ban?
--On Wednesday, August 2, 2023 15:38 +0200
"jordi.palet@xxxxxxxxxxxxxxxxxx"
<jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx> wrote:
Yes (I know that), and not, it all depend on how the data is
processed …
And anyway, I understand that the attendee list is public, but
should not be (even if we lose transparency). If I understand
GDPR nits correctly, attendees should have the right to
opt-out to the public list. There is also something called
"right to be forgotten" that imply that an attendee, in
the future may wish to "vanish".
If I recall correctly, several organizations, that also aim
for transparency (and I recall some RIRs), have already
decided to offer the choice, when registering, to appear in
public or not.
We really should work in that (I'm personally fine being in
the public list - at least today), because the Data Protection
Agencies work not only based on claims but also by their own
decision, so even if there is no bad faith in what we do …
we can get punished.
Regards,
Jordi
@jordipalet
El 2 ago 2023, a las 15:29, Ted Lemon <mellon@xxxxxxxxx>
escribió:
The IETF attendee list is public, so it is at least
technically possible that this was done without any GDPR
violations.
Op wo 2 aug 2023 om 06:26 schreef Christian Hopps
<chopps@xxxxxxxxxx <mailto:chopps@xxxxxxxxxx>>
Andrew Newton <andy@xxxxxx <mailto:andy@xxxxxx>> writes:
No good deed goes unpunished.
Jeez, no kidding.
Chris.
On Wed, Aug 2, 2023 at 8:29 AM
jordi.palet@xxxxxxxxxxxxxxxxxx
<mailto:jordi.palet@xxxxxxxxxxxxxxxxxx>
<jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx
<mailto:40theipv6company.com@xxxxxxxxxxxxxx>> wrote:
wow … that's a clear violation of privacy at least in
front of the GDPR for EU citizens and residents. I can
mean up to 20 million euros fine for Hilton and IETF,
really we want to risk for that?
Regards,
Jordi
@jordipalet
El 2 ago 2023, a las 14:24, Jay Daley
<exec-director@xxxxxxxx <mailto:exec-director@xxxxxxxx>>
escribió:
On 2 Aug 2023, at 12:58, jordi.palet@xxxxxxxxxxxxxxxxxx
<mailto:jordi.palet@xxxxxxxxxxxxxxxxxx>
<jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx
<mailto:40theipv6company.com@xxxxxxxxxxxxxx>> wrote:
Hi Jay,
I'm not sure to understand this part:
"any rooms booked at the cheaper rate would still count
towards our room block"
So even non-IETF participants counted for the IETF block?
I don't know the precise process, but in essence our
team sat down with the hotel to look through the list of
non-IETF bookings that were for the week of the meeting
and identified which ones were for our participants based
on a match of registered names.
--
117attendees mailing list
117attendees@xxxxxxxx <mailto:117attendees@xxxxxxxx>
https://www.ietf.org/mailman/listinfo/117attendees
--
117attendees mailing list
117attendees@xxxxxxxx
https://www.ietf.org/mailman/listinfo/117attendees
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be
privileged or confidential. The information is intended to be
for the exclusive use of the individual(s) named above and
further non-explicilty authorized disclosure, copying,
distribution or use of the contents of this information, even
if partially, including attached files, is strictly prohibited
and will be considered a criminal offense. If you are not the
intended recipient be aware that any disclosure, copying,
distribution or use of the contents of this information, even
if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must
reply to the original sender to inform about this
communication and delete it.
--
117attendees mailing list
117attendees@xxxxxxxx
https://www.ietf.org/mailman/listinfo/117attendees
