Hi Bob, just a very quick reaction to your mail: ~snip~ > > I have issues with the Introduction. The first sentence says: > > In keeping with the goals and objectives of this standards body, the > IETF is committed to the highest degree of respect for the privacy of > IETF participants and site visitors. > > This makes it sound like the highest priority of the IETF is Privacy. I > don't think this is true as I described above. The vast majority of what > the IETF does in Public. There is very little that is Private. The IETF is > careful about what needs to be kept private and does not disclose it. The Fair Information Practices are a set of principles most of us are quite likely to believe in, such as (copied from the Alissa's draft): " o Collection Limitation: There should be limits to the collection of data about people. o Data Quality: Personal data should be accurate, complete, up-to- date, and relevant to the purposes for which it was collected. o Purpose Specification: The purpose of collecting personal data should be specified in advance of collection. o Use Limitation: Personal data should only be used for the purposes for which it was collected. o Security: Personal data should be protected by reasonable security safeguards against unauthorised access, use, and disclosure. o Openness: Practices and policies with respect to personal data should be open and transparent. o Individual Participation: Individuals should have choice, access, correction, and redress rights with respect to their data. o Accountability: Those that collect and use data should be accountable for complying with the above principles. " When you read "privacy" then replace it with these principles and everything makes much more sense to you. As an example, imagine some researchers doing some interesting network testing and collect data that travels over the IETF network then these principles say that you should be transparent in what you do, you should tell people what you collect and why, etc. I think that this is something we want people to do. And "yes" we have researchers looking into the traffic, people storing all sorts of data, etc. I don't think we have anything to hide. It would be a bad sign to say that the IETF is so special that we don't need to follow privacy principles (even if we try to consider privacy in the development of our protocols and tell other SDOs that it is really important to do so). Ciao Hannes PS: If you do not know about the "OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data" then maybe some other folks have not heard about these privacy principles either. Maybe we should add privacy to our Sunday education program. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf