Hi Adrian, <editor hat on; you can relate ;-)> On 06.02.18 09:36, Adrian Farrel wrote: > == > Physical and remote participants at IETF meetings should be aware that privacy > norms vary considerably from country to country. Participants with a concern for > their personal or work-related privacy are advised to familiarise themselves > with the privacy risks associated with a venue before attending. Concerns may > include privacy of Internet communications, record of having travelled, and > freedom of association. Some people may have particular concern for the privacy > of information stored on electronic devices when they cross specific national > borders. > > Participants are responsible for taking their own measures in mitigation. > > In general, the meeting selection process will not take privacy concerns into > consideration and will not seek to report on them to the community for any > chosen venue. However, it is expected that the selection process will exclude > venues where privacy of attendees is known to be particularly at risk. Such > exclusions might include (although not be limited to) venues where attendees > cannot use VPNs or other security mechanisms to access their home networks and > the Internet in general. > == > > ...I'm not wedded to that - I only had 4 hours sleep :-) > > I think you would agree that that text is a bit verbose, and some of this is well covered in the networking requirements above. On the other hand, that text hasn't really changed since Fred created a placeholder (good that he did), and it seems like we can and should at least provide some guidance to the IASA (that is to say, your humble editor is embarrassed that he didn't propose the below earlier). I also think we have to be careful how much responsibility to place on the IASA in this regard. Here then is my suggestion: <--snip--> Privacy Considerations ---------------------------- Different places have different constraints on individual privacy. The requirements in this memo are intended to provide for some limited protections that attendees can apply. As meetings are announced, IASA SHALL provide the IETF with any limitations to privacy they have become aware of in their investigations. For example, participants would be informed of any regulatory authentication or logging requirements. <--snip--> This provides some transparency without demanding more than a small increment of work from the IASA (we don't want this to become a huge legal exercise and expense). <Editor hat off; now head exposed> I do want to reinforce something that Alissa pointed out: it is extremely easy for this organization to require itself out of all venues. We need to be very careful of that. Thanks to you and Stewart, and Jordi earlier, for hammering on this point. Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature