Doug,
you are right in the end I can not prevent someone else from publishing
this. Even today a party that subpoena'ed them might publish the data.
(Or a person might just take a photo of the blue sheet in the room and
publish that...)
Of course we can not control other people's actions, however the
question remains whether we (as the IETF) do publish that data and how
easy/fast we make it for others to publish that data.
Just to be clear, I agree basically with most of the proposal from the
IESG.*
But when it comes to privacy I think we must be extremely careful and
conservative with information, only releasing information where it
really adds benefit to transparency. Because once released, it's
impossible to get it back.
Thinking about how to thread the needle (as you put it), I don't agree
that the current proposal is optimal, and I would reiterate my proposal
to not publish the bluesheets in the proceedings but to make them
available to an individual upon email request to the IETF secretariat,
providing name and email of the requesting person (and with a disclaimer
in the IETF answer that this information is not meant to be re-published
to the public (note I intentionally say "public", i.e. sharing among
groups would still be ok.)).
If we are worried about high volumes of requests, I would like to ask
for more information on current volumes of subpoenas and why we get high
volumes in the future. And if it's really too cumbersome for a person to
answer the requests, we could then still discuss to use an email account
based request system (IETF tools login) as proposed by Ted yesterday.
Best regards, Tobias
Ps.: *just as a disclaimer regarding the scanning part of the IESG
proposal: I like it, but IMHO I would be slightly more cautious than the
IETF counsel with the admissibility of scanned documents in court
compared to paper originals. I've experienced quite some cases and legal
discussions around value of proof of scanned documents.... - what I
basically learned there was: scanning is ok in most IP jurisdictions,
but handling the scanned data must use well documented procedures and
access controls to keep the same level of non-repudiation of integrity
and authenticity later in court.
On 10/05/12 17:10, Doug Barton wrote:
On 5/10/2012 1:48 AM, Tobias Gondrom wrote:
What I dispute is that "make available to those who are interested"
necessarily leads to the need to broadcast the data (i.e. publish in the
proceedings).
What is the harm you are trying to guard against by requiring the request?
Or, to take a completely different tack, given that there are a non-zero
number of people who think the data should be published, how do you
intend to deal with someone who makes the request, and then puts it up
on their own website?
I don't hesitate to criticize when I think that the IESG gets it wrong,
but in this case I think they threaded the needle about as well as it
could be threaded.
Doug