Paul, Sam,
I understand your arguments to bascially be "we've never had an
internal privacy problem here at the IETF, and as far as I know no one
decides not to participate because of the lack of a privacy policy, so
we have no need to follow basic standards of privacy hygiene."
What would you say to a network operator who maintains an open mail
relay, but says "we've never had any spam abuse on my open relay, and
as far as I know I have never lost any business because of my relay,
and so I have no need to follow basic standards of SMTP hygiene (as
set out in RFCs 2505 and 5321)"?
I would say to the network operator that (a) open mail relays create a
risk of abuse, (b) industry best practices discourage such relays to
help minimize that risk, and so (c) unless you have a really really
good reason to maintain an open relay, you should not do so. And if
the network operator were a prominent participant in the industry, I
would add that maintaining an open relay sets a really bad example for
other industry players and developers.
In the IETF privacy context, as far as I know, we have not had any
significant internal privacy problems at the IETF, probably because
the powers-that-be are generally pretty thoughtful, careful people.
And I have no idea whether anyone was so put off by the lack of a
privacy policy as to reduce their participation IETF -- probably no
one (but that is pretty unknowable).
But there is a risk -- indeed, as we see going into the next two IETF
meetings, there is a growing risk -- that the IETF will be collecting
information that could be misused, in ways that none of us can foresee
now. A privacy policy would not eliminate that risk, but it would
help to guide future efforts to minimize privacy risk, and it would
tell IETF site visitors how much they are tracked, etc., should they
decide to use the site.
So I, at least, would say to the IETF that (a) not having a privacy
policy increases the risk of a privacy mistake, (b) online best
practices encourage having a privacy policy, and so (c) unless you
have a really really good reason not to have a privacy policy, you
should have one. And because lots of developers look to the IETF for
guidance in their work, I think the IETF's lack of a policy sets a bad
example.
And I think it is possible that having a clear, public, and well-
thought-out set of principles and policies to guide the IETF's
collection, retention, and use of data might even reduce or at least
constrain the debates we have on this list every year or two about
IETF data collection and retention.... Thus, spending what you view
as wasted cycles now may well reduce wasted cycles later. But even if
it does not, I think any organization that promulgates a series of
documents named "Best Current Practices" (and hopes that people will
pay attention to them) should itself be prepared to follow widely
accepted "best current practices" for its operations, even if the
participants of the organization find those practices to be outside of
the core work of the group.
John
On Jul 7, 2010, at 3:59 PM, Paul Hoffman wrote:
At 3:49 PM -0400 7/7/10, Sam Hartman wrote:
Generally when I look for an idea of whether work is a good idea I
look
for a clear statement of benefit. I'll admit that I don't find
privacy
policies so valuable that I think everyone should have one. So, I'll
ask how will or work be improved or what problem are we running into
that a privacy policy will solve? If that cannot clearly we be
answered, we should not engage in this activity.
At 3:51 AM +0000 7/7/10, John Levine wrote:
I think we all agree that having a privacy policy would be desirable,
in the sense that we are in favor of good, and opposed to evil.
But I
don't know what it means to implement a privacy policy, and I don't
think anyone else does either.
A privacy policy is basically a set of assertions about what the IETF
will do with your personal information. To invent a strawman, let's
say that the privacy policy says that registration information will
be
kept in confidence, and some newly hired clerk who's a little unclear
on the concept gives a list of registrants' e-mail addresses to a
conference sponsor so they can e-mail everyone an offer for a free
IETF tee shirt.
Then what happens? Is a privacy policy a contract, and if it is,
what
remedies do IETF participants have for non-performance? And if it's
not, and there aren't remedies, what's the point?
Thank you, Sam and John.
Do some people not come to IETF meetings because of the current null
privacy policy? Do they say less than they would have if we had a
typical non-null policy? If either of those two are answered yes,
would those people contribute better knowing that the IETF had a
policy but no real way to enforce it other than by apologizing when
it failed to follow the policy?
If having a privacy policy, even one where there was no real
enforcement mechanism, was free, nearly everyone would want it.
Given that getting such a policy is not free, and will cause cycles
to be lost from other IETF work, is the tradeoff worth it? At this
point, I would say "no", but mostly because I don't know of anyone
who contributes less due to the current null policy.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf