On 7/12/2010 1:37 PM, Martin Rex wrote: > Dave CROCKER wrote: >> On 7/9/2010 4:32 AM, Hannes Tschofenig wrote: >>> The Fair Information Practices are a set of principles most of us are quite >>> likely to believe in, such as (copied from the Alissa's draft): >> Likely, yes. But do any of us know how to translate those principles into >> particular behaviors? Is it likely that any two of us will make the same >> translation? What about enough of us to constitute rough consensus? > Exactly. > > As I previously mentioned, "acceptable" means different things to > different people. > > Some people seem to hope that creation of a "privacy policy" is going > to improve things. Personally, I don't think so. You mean that you think change that will protect the disclosure of identities and proper notice as to who people represent is a bad thing? > Likely it will get > worse, and it may get *much* worse. While a privacy policy may look > nice, it adds A LOT of wiggle room for lawyers. It can't possibly have any more wiggle room that the IETF's current processes and that also is something worth looking at since it says the people writing those policies either have the intent to create that wiggle room - which is the case from my perspective or that they are so stupid that they are dangerous to themselves and everyone around them. Personally I think most of the people here are pretty smart - not all ethical but damn smart. Meaning that the inclusion of the wiggle room is intentional. That unfortunately has ethical constraints which are also important and is a key reason why public disclosure of who you represent is so critical here in the IETF. That being so that they can be held accountable in a court of law for your actions here. Todd > Most companies > privacy policies are created for the "cover your ass" (CYA) purpose > by lawyers. > > > Going back to the Google example (because they made news several times here): > > Excerpts from what they've posted: > > http://www.google.com/intl/en/privacy.html > > We have 5 privacy principles that describe how we approach privacy > and user information across all of our products: > > 1. Use information to provide our users with valuable products and services. > 2. Develop products that reflect strong privacy standards and practices. > 3. Make the collection of personal information transparent. > 4. Give users meaningful choices to protect their privacy. > 5. Be a responsible steward of the information we hold. > > http://www.google.com/intl/en/privacypolicy.html > > At Google we recognize that privacy is important. This Privacy Policy > applies to all of the products, services and websites offered by > Google Inc. or its subsidiaries or affiliated companies except > DoubleClick (DoubleClick Privacy Policy) and Postini (Postini Privacy > Policy); collectively, Googles services. > > > But the reality actually looks like this: > > http://www.spiegel.de/international/zeitgeist/0,1518,626075,00.html > http://www.spiegel.de/international/germany/0,1518,631149,00.html > http://www.spiegel.de/international/business/0,1518,695718,00.html > http://www.spiegel.de/international/germany/0,1518,645581,00.html > > i.e. the government must step in to stop them from committing > large scale illegal privacy violations, because their own focus is > much more on their business model than on respect for the privacy of > the people about which they collect data. > > > I would be OK with consenting to very specific and explicit > PII usage scenarios within the IETF. But many "privacy policies" > I've come across are simple inacceptable to _me_. Probably every > "social networking site" out there, or businesses with ridiculous > policies, such as e.g. PayPal. > > > -Martin > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf