At Sun, 13 Sep 2009 21:19:53 -0700 (PDT), Ole Jacobsen wrote: > > > Eric, > > The local hosts are reading the messages on this list and will take > appropriate steps including: > > * Not displaying the ID number <--> attendee mapping anywhere > > * Not assigning numbers sequencially That seems like a good start. As Richard and I have both indicated, however, this system seems to have substantial residual privacy risk, even if the identifiers are assigned completely unpredictably (and note that non-sequential and unpredictable are not at all the same thing). > Again, anyone may opt out, but this IS an experiment and it is > certainly hoped that people will participate. I'm not trying to be difficult, but I'm not overly impressed with the defense that people keep offering that this is an experiment and people can opt out. If this were being done as an experiment at a university, you would be expected to go in front of a human subjects committee and demonstrate that your subjects had given informed consent, probably wouldn't be harmed, etc. Now, obviously, this isn't an academic setting, but I think it's fair to say that the people running this experiment haven't done anything like full disclosure of the relevant risks--and it's not even clear that they understand them themselves. [It would also be consistent with common practice for people to specifically opt in, not out.] Now, I'm not saying that the IETF can never experiment with anything (e.g., a new brand of pen at registration) without going through this kind of review, but given that there has historically been quite a bit of concern about the about the privacy implications of this sort of RFID tagging (see, for instance, the issue of RFID tags in passports) and that several people have raised concerns about this particular use, ISTM that a somewhat higher bar is appropriate. I'm not sure exactly what I would consider meaningful for such an experiment in order for participants to be fully informed, but it seems to me that at minimum it would be the sort of security analysis that we would expect to be provided in an I-D under RFC 3552. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf