On 7/6/2010 6:38 AM, Karen O'Donoghue wrote: > +1 on the IETF having a privacy policy. > > I am undecided on the best mechanisms to develop, document, and > maintain that policy. I am not... We need to create the Privacy Working Group and it will produce a non-RFC based work product which is the Participation Privacy Compliance Contract with the IETF's participants. There are certain legal issues which the Founders never considered in their design of the IETF which mandate a permanent type document status which is not part of the Standards or Intellectual Property publication list unless it is a specific template for other entities to use, and that would be out of scope for the IETF. What this means is we need a new class of legal framework document which is not a RFC and all of the legal controls which have been mis-implemented as "votable consensus" agreements are properly reduced to policy and boiler plate so that anyone can easily figure out what participation means. That said, why is simply that since a privacy policy is something that needs formal legal vetting and also something that a vote of the officers of the Operating Board should weigh in on meaning that ISOC and not the IETF's IAOC needs to formally ratify this since it is part of the formal Charter Package of the IETF. The privacy policy should be put together by a Working Group (lets call it the PWG) as a non-RFC type operating document. It is not a BCP either, it is a statement of the legal controls pertaining to the privacy of the parties participating in the IETF standards process. Further in regard to the review of that document, since it is the ISOC (and possibly the Trust) who is/are directly liable for damages therein at this time, it is they who must embrace and assert those privacy controls as operating policy. So they should have representation in this special Privacy Working Group. And finally since the privacy controls cannot set aside those laws in the EU and other places embracing strict privacy controls since "it" (the IETF) must be compliant to all of those. Think of it this way - Imaging having for parties in places in the EU implement the Nevada State PCI DSS standards for information security based on those privacy controls for someone collaborating on a submission from both Nevada and another party in say Finland or Denmark for instance. Also realize that a one-size fits all type model will not work because some people cannot contractually sign their right to privacy away and for them a policy of "assignment obfuscating privacy" probably also doesn't work. By the way - since the assignment of intellectual property rights has provable cash money value, this is a real issue and it needs to be dealt with both professionally and in a manner which makes the IETF more transparent and less of a place where the politics of the day drive the contract-controls on participation or use of the IETF intellectual properties. Todd Glassey > > Karen > > On 7/5/10 12:05 PM, Alissa Cooper wrote: >> A few months ago I drew up a strawman proposal for a public-facing >> IETF privacy policy >> (http://www.ietf.org/id/draft-cooper-privacy-policy-00.txt). I've >> submitted an update based on feedback received: >> http://www.ietf.org/id/draft-cooper-privacy-policy-01.txt >> >> In discussing the policy with the IAOC and others, it seems clear >> that the RFC model is probably not the best model for maintaining and >> updating a document like this. It is more likely to fall within the >> scope of the IAOC and/or the Trust. In order for the IAOC to consider >> taking this on and devoting resources to figuring out what its format >> should be, they need to hear from the community that a public-facing >> privacy policy is something that the community wants. So I have two >> requests for those with any interest in this: >> >> 1) Respond on this list if you support the idea of the IETF having a >> privacy policy (a simple "+1" will do). >> >> 2) If you have comments and suggestions about the policy itself, send >> them to this list. >> >> >> Thanks, >> Alissa >> >> >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> Ietf mailing list >> Ietf@xxxxxxxx >> https://www.ietf.org/mailman/listinfo/ietf > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf