On Sep 1, 2009, at 11:04 AM, Alissa Cooper wrote:
This entire thread is perfectly illustrative of why the IETF needs a
privacy policy. Without one, it is entirely unclear how the data
collected about IETF participants is used, disclosed and protected,
whether that data is part of an experiment or not. While the
supplemental information about the RFID tagging experiment (http://www.ietf.org/meeting/76/ebluesheet.html
) is helpful, it is not complete (for example, how long the RFID-
captured data is stored in electronic form is not disclosed), and
nothing equivalent exists (to my knowledge) for other kinds of data
about IETF participants, like registration data.
In our protocol development work, many of us try very hard to design
privacy and security features in from the outset, whether we're
designing a highly experimental prototype or a core protocol. The
same should be true for the design of data collection mechanisms and
practices associated with IETF meetings.
I fully agree with you about the need for a privacy policy. However,
if we had one right now, it would likely not fully capture the full
possibilities and potential dangers of an experiment like this.
In my opinion, these experiments are as much or more organizational as
they are technological. In fact, I would assume that the technology is
likely to work. The real questions concern the organization, have to
be brought to the surface, weighed and discussed by the community, and
the answers improved based on experience. Or, to put it another way, I
expect that the privacy policy (and maybe the document retention
policy) will be informed and hopefully improved by the results of this
experiment.
Regards
Marshall
Alissa
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf