Re: Important Information about IETF 76 Meeting Registration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Alissa,
At 08:04 01-09-2009, Alissa Cooper wrote:
This entire thread is perfectly illustrative of why the IETF needs a
privacy policy. Without one, it is entirely unclear how the data
collected about IETF participants is used, disclosed and protected,
whether that data is part of an experiment or not. While the
supplemental information about the RFID tagging experiment (http://www.ietf.org/meeting/76/ebluesheet.html ) is helpful, it is not complete (for example, how long the RFID- captured data is stored in electronic form is not disclosed), and
nothing equivalent exists (to my knowledge) for other kinds of data
about IETF participants, like registration data.

From the above webpage:

 - The data will be printed and archived along with the paper blue sheets

 - The data will NOT be distributed to anyone other than the IAOC, IAD,
   the Secretariat and  the host team that is organizing and supporting
   this experiment

 - The data will be available for use if subpoenaed

It summarizes the use of the data after the meeting. There is already a retention policy document and it may contain the answer to your question.

I don't have any concerns about this experiment.

In our protocol development work, many of us try very hard to design
privacy and security features in from the outset, whether we're
designing a highly experimental prototype or a core protocol. The same
should be true for the design of data collection mechanisms and
practices associated with IETF meetings.

You asked a similar question about a privacy policy a few weeks ago. As we talking about IETF meetings, the question can be viewed from a different angle. One of the goals of the Internet Standards Process is openness and fairness. Participation in the IETF is open, i.e. anyone can join in. We can already find out who are the "contributors" in a Working Group as there are open discussions on the relevant mailing list and there is a publicly accessible archive of the discussions. The Working Group sessions (at a meeting) are not that different.

Everything a person says in a Working Group session is not private. For the process to be transparent, the list of individuals that are there also should not be considered as private. In practice, the IETF offers you a some leeway. Nobody will coerce you to sign the attendance list. If you are going to the mic, you do have to identify yourself. If you have any other concerns, please read the messages posted by Doug Ewell and Tony Hain on this thread on how to restrict what information is collected about you.

A list of session attendees is useful for:

(a) capacity planning (size of the meeting room to accommodate the number of participants)

 (b) catering

 (c) session scheduling

 (d) cross-area participation

The Area Directors and Working Group Chairs might have a rough idea about item (d). The IETF can gain a better view of (d) if the information is collected in electronic form.

I'll comment on Steve Crocker's questions:

(i) Do we need access controls on the information?

If the electronic process mimics existing practices, it is easier to publish the information. That is already done for the meeting attendees list. Note that this model may not be appropriate for other organizations.

(ii) Do we need an ability to edit information that's been collected if it's inaccurate?

The meeting registration form has a field for the "Name to appear on badge". That can be used throughout the meeting. The Working Group attendance collected during the session can be verified by the participants in the room. Set up a procedure where they can contact the IETF Secretariat to correct any errors they find.

(iii) Do we need more flexibility in the information stored in the record, e.g. a distinct email address for each working group?

Some people prefer not to provide an email address (see bluesheet "spam" discussions over the last few years). Some people may be using a distinct email address for each working group for ease of sorting or filtering. Provide the ability for the participant to edit the email address. It is better not to publish these email addresses to avoid rehashing the "spam" discussions.

At 07:10 01-09-2009, Dave CROCKER wrote:
An important datum in human studies is how humans react to things. Taking such
a dismissive stance towards reactions to the RFID announcement ensures missing
important information about acceptability to the target population.

Agreed. It is useful to know how many participants opted out of the experiment and why they did so. For example, was it because there was a misunderstanding about how the experiment works or what information is collected? It is better to address this informally instead of having a form asking the person why they are opting out.

I avoided the question of proximity tracking and the time the participant spends in a session as my comments on items (i) to (iii) would be different then.

Regards,
-sm
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]