It has been the documented practice of the ietf meeting network operations to limit the amount of pii data collected in operation or experimentation and to destroy logs containing pii data if they exist (example data collected by the IDS or formerly http proxy back when we ran one) after the meeting. One can refer to the RFID experiment and discussion for another example of pii data handling in ietf experiments. Joel's iPad On Jul 1, 2010, at 8:44 AM, Andrew Sullivan <ajs@xxxxxxxxxxxx> wrote: > On Thu, Jul 01, 2010 at 08:26:35AM -0700, Fred Baker wrote: > >> While it is new in IETF meetings, it is far from unusual in WiFi >> networks to find some form of authentication. This happens at coffee >> shops, college campuses, corporate campuses, and people's >> apartments. > > I'd hate to think that the IETF is modelling its networks on dodgy > semi-opaque NAT boxes with bad DNS habits and poor performance. > > That aside, I have some questions. What are the plans for logging of > the authentication requests, failures, and successes, and who could > legally have access to those logs? In particular, are the governments > of the countries where the (respective) events are to be held able to > require that the logs be turned over? How long will the logs be kept, > and by whom? (Obviously, these are not new issues, but given the > increased ability under this approach to associate a particular human > with one or more MAC addresses, it would seem that the status of such > logging might be more important.) > > A > > -- > Andrew Sullivan > ajs@xxxxxxxxxxxx > Shinkuro, Inc. > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf