On 7/9/2010 7:21 AM, Phillip Hallam-Baker wrote: > A lot of people have difficulty connecting the human level privacy > requirement with the technology level. PH-B, Look, the IETF is a public entity and yet there are formal disclosure requirements for privacy controls. That is a dichotomy which creates both protection responsibilities and use controls. That said here are some thoughts on the specific areas a privacy policy would impact. Some participants cannot... --------------------------------------------- This is important since there are also privacy constraints that some global IETF members cannot contractually ameliorate or sign-away and as such it means that those privacy controls must be implemented or those parties cannot participate in the IETF. Disclosure is required for any IP protection --------------------------------------------- Also the scope of privacy means here in a public forum is another one of the key issues, but since it has been noticed the 'concept of transparency' is one of the attributes the IETF is supposed to embrace, and transparency removes privacy...the issue of how much information is private becomes a problem. If transparency != [privacy] and the IETF[transparency] is real transparency and not some term of art whipped up as icing on the cake, this becomes moot. Creating a privacy policy has broad sweeping impact --------------------------------------------- As to the effect of creating a privacy policy, the physical creation of the privacy policy has far sweeping implications. For instance the IETF's use licenses need to specifically be restricted to conform to this new policy as well so its not just creating a Policy Statement and walking away, many other documents will need to be revised or they will cease to have legal effect in being set aside or modified in their scope and terms based on the newly formed privacy policy. The goals of the privacy policy are simple. To enforce a set of controls which protect individuals personal Intellectual Property (information about us as individuals) while allowing for the collective vetting of the group Intellectual Properties (i.e. work product and technical info or IETF structure/ops info). Email and personal contact data --------------------------------------------- So that means all identities and points of contact need to be properly disclosed and there is no license to use that data specifically for any other purpose. I brought this up when I suggested formal changes to the unheavelnly twins (BCP78 & 79) to specifically state that IETF email contact information may not be used for any purpose outside of the operations of the IETF working group some time ago. Maybe now under the banner of eliminating the need for a formal privacy policy, this can be reviewed. Todd Glassey _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf