Two things have occurred since the message below as sent to the IETF mail list. First, we got a lawyer in Europe to do some investigation, and the inclusion of the email address on the blue sheet will lead to trouble with the European privacy laws. Second, Ted Hardie suggested that we could require a password to access the scanned blue sheet. Based on the European privacy law information, the use of email will result in a major burden. If the email address is used, then we must provide a way for people to ask for their email address to be remove at any time in the future, even if we got prior approval to include it. Therefore, I suggest that we collect organization affiliation to discriminate between multiple people with the same name instead of email address. Based on Ted's suggestion, I checked with the Secretariat about using a datatracker login to download the scanned blue sheet. This is fairly easy to do, once the community tracking tools are deployed. However, with the removal of the email addresses from the blue sheets, it is unclear that there is any further need for password protection of these images. Therefore, I suggest that we proceed without password protection for the blue sheet images. Here is a summary of the suggested way forward: - Stop collecting email addresses on blue sheets; - Collect organization affiliation to discriminate between multiple people with the same name; - Scan the blue sheets and include the images in the proceedings for the WG session; - Add indication to top of the blue sheet so people know it will be part of the proceedings; and - Discard paper blue sheets after scanning. Russ On May 6, 2012, at 12:46 PM, IETF Chair wrote: > We have heard from many community participants, and consensus is quite rough on this topic. The IESG discussed this thread and reached two conclusions: > > (1) Rough consensus: an open and transparent standards process is more important to the IETF than privacy of blue sheet information. > > (2) Rough consensus: inclusion of email addresses is a good way to distinguish participants with the same or similar names. > > > Based on these conclusions, the plan is to handle blue sheets as follows: > > - Continue to collect email addresses on blue sheets; > > - Scan the blue sheet and include the image in the proceedings for the WG session; > > - Add indication to top of the blue sheet so people know it will be part of the proceedings; and > > - Discard paper blue sheets after scanning. > > > On behalf of the IESG, > Russ >