I view having the policy in place as the first step. Once there's a
policy, we can think about formalizing a process to update the policy.
Ideally, when a new experiment introduces a new kind of data
collection or use, we would think about the privacy impact in advance
of launching the experiment, and adjust the policy accordingly. But it
should no doubt be fluid.
This is not rocket science -- it's the process that many other
organizations and companies use to address privacy. They develop a
policy that covers existing practices, and when a new practice comes
along, they analyze the impact of the new practice and whether the
policy needs to change, and then they change the policy if necessary.
This process might or might not result in constraining what happens to
collected data, but the value is derived from having done the
analysis, whether or not that analysis affects the ultimate outcome.
Alissa
On Sep 2, 2009, at 6:10 PM, Marshall Eubanks wrote:
On Sep 1, 2009, at 11:04 AM, Alissa Cooper wrote:
This entire thread is perfectly illustrative of why the IETF needs
a privacy policy. Without one, it is entirely unclear how the data
collected about IETF participants is used, disclosed and protected,
whether that data is part of an experiment or not. While the
supplemental information about the RFID tagging experiment (http://www.ietf.org/meeting/76/ebluesheet.html
) is helpful, it is not complete (for example, how long the RFID-
captured data is stored in electronic form is not disclosed), and
nothing equivalent exists (to my knowledge) for other kinds of data
about IETF participants, like registration data.
In our protocol development work, many of us try very hard to
design privacy and security features in from the outset, whether
we're designing a highly experimental prototype or a core protocol.
The same should be true for the design of data collection
mechanisms and practices associated with IETF meetings.
I fully agree with you about the need for a privacy policy. However,
if we had one right now, it would likely not fully capture the full
possibilities and potential dangers of an experiment like this.
In my opinion, these experiments are as much or more organizational
as they are technological. In fact, I would assume that the
technology is likely to work. The real questions concern the
organization, have to be brought to the surface, weighed and
discussed by the community, and the answers improved based on
experience. Or, to put it another way, I expect that the privacy
policy (and maybe the document retention policy) will be informed
and hopefully improved by the results of this experiment.
Regards
Marshall
Alissa
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf