On 06/02/2018 09:36, Adrian Farrel wrote:
Hi all,
8. Privacy Considerations
This note reveals no personally identifying information apart from
its authorship.
SB> This is true, but does spawn the question of whether privacy should
be a meeting location selection criteria?
Any actionable criterion that I can conceive of to address this would likely
render
our already tiny set of acceptable locations to roughly zero. If you have a
proposal
that would do otherwise, feel free to suggest it.
In the spirit of Privacy Considerations for protocol specs we should not
necessarily be looking to resolve all privacy concerns, but we should be looking
to expose them so that participants can be aware of the risks and can mitigate
them or choose to not participate.
I would certainly agree that we are unlikely to find a nation stat that
perfectly respects personal and online privacy, but that need not be the
objective. Nor need it be a requirement that the IAOC report on the privacy of a
venue when announcing it. On the other hand, I bet we would all agree that a
venue that assigned a government official to accompany us at all times listening
to our conversations and noting our sleeping habits would rule itself out. So
there are lines :-)
But what this section should say is something like...
==
Physical and remote participants at IETF meetings should be aware that privacy
norms vary considerably from country to country. Participants with a concern for
their personal or work-related privacy are advised to familiarise themselves
with the privacy risks associated with a venue before attending. Concerns may
include privacy of Internet communications, record of having travelled, and
freedom of association. Some people may have particular concern for the privacy
of information stored on electronic devices when they cross specific national
borders.
Participants are responsible for taking their own measures in mitigation.
In general, the meeting selection process will not take privacy concerns into
consideration and will not seek to report on them to the community for any
chosen venue. However, it is expected that the selection process will exclude
venues where privacy of attendees is known to be particularly at risk. Such
exclusions might include (although not be limited to) venues where attendees
cannot use VPNs or other security mechanisms to access their home networks and
the Internet in general.
==
...I'm not wedded to that - I only had 4 hours sleep :-)
Adrian
That looks like good text.
- Stewart