On Thu, Jul 01, 2010 at 09:42:16AM -0700, Joel Jaeggli wrote: > It has been the documented practice of the ietf meeting network > operations to limit the amount of pii data collected in operation or > experimentation and to destroy logs containing pii data if they > exist (example data collected by the IDS or formerly http proxy back > when we ran one) after the meeting. This is useful, but not quite what I was asking. Clearly, the above means that the logs exist during the meeting, while we are at the host venue. I think it is safe to say that under some legal regimes, a government could require the delivery of such existing logs to them. Once such logs have been delivered, then even if the meeting netops people destroy the logs, the logs can persist. Right? What I'm trying to find out is what assurances, if any, we have about the ability of the IETF to remain in sole control of the data. I'm not really a paranoid type, but perhaps the recent experience of Toronto police simply lying (with government collusion) about what powers they had to detain people during the recent G20 meeting has made me a little sensitive to this kind of (surprise, new) requirement. I would also likely care less, except the whole point of this effort is plainly to support one government's policy -- a policy that I find odious, and one that appears at least once to have had technical side effects on the global DNS. I'll leave aside the optics of announcing the new policy less than a month before it is to be implemented, and after people have already made travel plans, paid meeting fees, and so on. A -- Andrew Sullivan ajs@xxxxxxxxxxxx Shinkuro, Inc. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf