I wouldn't focus on government surveillance per se. The IETF should consider that breaking privacy is much easier than it used to be, particularly given consolidation of services at all layers, and take that into account in our engineering best practices. Our mission is to make the Internet better, and right now the Internet's weakness in privacy is far from "better". The mandatory security considerations section should become security and privacy considerations. The privacy RFC should be expanded and worded more strongly than just nice suggestions. Perhaps the Nomcom should ask candidates about their understanding of privacy considerations. Scott