Re: [RTG-DIR] Rtgdir telechat review of draft-ietf-mtgvenue-iaoc-venue-selection-process-12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Adrian,

<editor hat on; you can relate ;-)>


On 06.02.18 09:36, Adrian Farrel wrote:
> ==
> Physical and remote participants at IETF meetings should be aware that privacy
> norms vary considerably from country to country. Participants with a concern for
> their personal or work-related privacy are advised to familiarise themselves
> with the privacy risks associated with a venue before attending. Concerns may
> include privacy of Internet communications, record of having travelled, and
> freedom of association. Some people may have particular concern for the privacy
> of information stored on electronic devices when they cross specific national
> borders. 
>
> Participants are responsible for taking their own measures in mitigation.
>
> In general, the meeting selection process will not take privacy concerns into
> consideration and will not seek to report on them to the community for any
> chosen venue. However, it is expected that the selection process will exclude
> venues where privacy of attendees is known to be particularly at risk. Such
> exclusions might include (although not be limited to) venues where attendees
> cannot use VPNs or other security mechanisms to access their home networks and
> the Internet in general.
> ==
>
> ...I'm not wedded to that - I only had 4 hours sleep  :-)
>
>

I think you would agree that that text is a bit verbose, and some of
this is well covered in the networking requirements above.  On the other
hand, that text hasn't really changed since Fred created a placeholder
(good that he did), and it seems like we can and should at least provide
some guidance to the IASA (that is to say, your humble editor is
embarrassed that he didn't propose the below earlier).  I also think we
have to be careful how much responsibility to place on the IASA in this
regard.  Here then is my suggestion:

<--snip-->

Privacy Considerations
----------------------------
Different places have different constraints on individual privacy.  The
requirements in this memo are intended to provide for some limited
protections that attendees can apply.  As meetings are announced, IASA
SHALL provide the IETF with any limitations to privacy they have become
aware of in their investigations.  For example, participants would be
informed of any regulatory authentication or logging requirements.

<--snip-->

This provides some transparency without demanding more than a small
increment of work from the IASA (we don't want this to become a huge
legal exercise and expense).

<Editor hat off; now head exposed>

I do want to reinforce something that Alissa pointed out: it is
extremely easy for this organization to require itself out of all
venues.  We need to be very careful of that.

Thanks to you and Stewart, and Jordi earlier, for hammering on this point.

Eliot

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]