I don't disagree with what you're saying below. I'm advocating that a
privacy policy should exist -- what the policy says is another matter.
For example, the policy might say, "The IETF collects your data and
sells it to identity thieves." Although I doubt that's what it would
say, it would still be preferable for that policy to be published than
to not be published. One of the core, widely accepted tenets of
individual privacy is transparency. I personally doubt that the IETF's
practices with respect to the data that it collects will be
objectionable to many people, but I think those practices should be
known so that the community can judge for itself. I think the
practices should be documented -- whether they need to be changed or
not is something to discuss once they've been documented.
It is unclear to me whether the data retention policy applies to the
RFID data. Perhaps it counts as "Blue Sheets," in which case the data
is retained permanently, but that is not immediately obvious from
reading the policy. The note on the supplemental RFID page makes it
sound as though the RFID data might not ultimately be stored
electronically, but it's not totally clear.
Alissa
On Sep 2, 2009, at 4:02 AM, SM wrote:
Hi Alissa,
At 08:04 01-09-2009, Alissa Cooper wrote:
This entire thread is perfectly illustrative of why the IETF needs a
privacy policy. Without one, it is entirely unclear how the data
collected about IETF participants is used, disclosed and protected,
whether that data is part of an experiment or not. While the
supplemental information about the RFID tagging experiment (http://www.ietf.org/meeting/76/ebluesheet.html
) is helpful, it is not complete (for example, how long the RFID-
captured data is stored in electronic form is not disclosed), and
nothing equivalent exists (to my knowledge) for other kinds of data
about IETF participants, like registration data.
From the above webpage:
- The data will be printed and archived along with the paper blue
sheets
- The data will NOT be distributed to anyone other than the IAOC, IAD,
the Secretariat and the host team that is organizing and supporting
this experiment
- The data will be available for use if subpoenaed
It summarizes the use of the data after the meeting. There is
already a retention policy document and it may contain the answer to
your question.
I don't have any concerns about this experiment.
In our protocol development work, many of us try very hard to design
privacy and security features in from the outset, whether we're
designing a highly experimental prototype or a core protocol. The
same
should be true for the design of data collection mechanisms and
practices associated with IETF meetings.
You asked a similar question about a privacy policy a few weeks
ago. As we talking about IETF meetings, the question can be viewed
from a different angle. One of the goals of the Internet Standards
Process is openness and fairness. Participation in the IETF is
open, i.e. anyone can join in. We can already find out who are the
"contributors" in a Working Group as there are open discussions on
the relevant mailing list and there is a publicly accessible archive
of the discussions. The Working Group sessions (at a meeting) are
not that different.
Everything a person says in a Working Group session is not private.
For the process to be transparent, the list of individuals that are
there also should not be considered as private. In practice, the
IETF offers you a some leeway. Nobody will coerce you to sign the
attendance list. If you are going to the mic, you do have to
identify yourself. If you have any other concerns, please read the
messages posted by Doug Ewell and Tony Hain on this thread on how to
restrict what information is collected about you.
A list of session attendees is useful for:
(a) capacity planning (size of the meeting room to accommodate the
number of participants)
(b) catering
(c) session scheduling
(d) cross-area participation
The Area Directors and Working Group Chairs might have a rough idea
about item (d). The IETF can gain a better view of (d) if the
information is collected in electronic form.
I'll comment on Steve Crocker's questions:
(i) Do we need access controls on the information?
If the electronic process mimics existing practices, it is easier to
publish the information. That is already done for the meeting
attendees list. Note that this model may not be appropriate for
other organizations.
(ii) Do we need an ability to edit information that's been collected
if it's inaccurate?
The meeting registration form has a field for the "Name to appear on
badge". That can be used throughout the meeting. The Working Group
attendance collected during the session can be verified by the
participants in the room. Set up a procedure where they can contact
the IETF Secretariat to correct any errors they find.
(iii) Do we need more flexibility in the information stored in the
record, e.g. a distinct email address for each working group?
Some people prefer not to provide an email address (see bluesheet
"spam" discussions over the last few years). Some people may be
using a distinct email address for each working group for ease of
sorting or filtering. Provide the ability for the participant to
edit the email address. It is better not to publish these email
addresses to avoid rehashing the "spam" discussions.
At 07:10 01-09-2009, Dave CROCKER wrote:
An important datum in human studies is how humans react to things.
Taking such
a dismissive stance towards reactions to the RFID announcement
ensures missing
important information about acceptability to the target population.
Agreed. It is useful to know how many participants opted out of the
experiment and why they did so. For example, was it because there
was a misunderstanding about how the experiment works or what
information is collected? It is better to address this informally
instead of having a form asking the person why they are opting out.
I avoided the question of proximity tracking and the time the
participant spends in a session as my comments on items (i) to (iii)
would be different then.
Regards,
-sm
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf