Re: Comments on draft-cooper-privacy-policy-01.txt
The assumption that simply posting a notice constitutes sufficient permission to disclose data is one more example of the challenges we face in producing reasonable policies and following them. i think you had better have a cite for where a message was posted and ietf network data were disclosed. or is this more wild hyperbole? randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/14/2010 11:02 PM, Randy Bush wrote: The assumption that simply posting a notice constitutes sufficient permission to disclose data is one more example of the challenges we face in producing reasonable policies and following them. i think you had better have a cite for where a message was posted and ietf network data were disclosed. or is this more wild hyperbole? Randy, As always, a delight to watch you in action. So, thanks for your kind suggestion but I don't feel the need of trying to defend a statement that I did not make. In this case, I never made the claim that data was divulged. Others did. Please consider reading the text that is actually in front of you.[*] Since your goal in an exchange like this is to keep things unproductive, to distract from the original goal, I'll leave you on your own for any further creative misinterpretations. Heck, you might even find then sitting on a petard. d/ [*] Perhaps you meant to challenge: On 7/11/2010 6:17 PM, Donald Eastlake wrote: The sniffed passwords were sometimes displayed in real time on a monitor facing the audience from the front of the room. This activity was never called research that I can recall. I think the majority reaction was that this was a fine thing to motivate improvements in security practice. Only one person was upset, that I remember. And several people, seeing that this was going on, wrote little network apps to give the appearance to sniffers that plaintext passwords were being sent so use they could display messages on said monitor, like this is not my real password, etc. or: On 7/9/2010 10:24 AM, Fred Baker wrote: Randy, we have had at least one researcher sniffing passwords in plenary WiFi traffic and posting them, to embarrass people into using more secure technology. I believe he was an Ops AD at the time:-) While my own note was responding to: On 7/14/2010 2:53 PM, John C Klensin wrote: My recollection is that the short-lived password sniffing and posting experiment was fairly well publicized in advance and that people with weak systems were warned to either upgrade or stay off the wireless network. That constituted a fairly clear opt-out by doing something else possibility (not very unlike the upcoming network access authentication issues), not a secret experiment. -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Since your goal in an exchange like this is to keep things unproductive, to distract from the original goal you have no concept of what my goal is and have no prerogative to say so. it is mostly to try and cut through the bs, hyperbole, innuendo about network experiments which have never happened, and emotionally loaded crap about experiments on human subjects. I'll leave you on your own for any further creative misinterpretations. Heck, you might even find then sitting on a petard. cool! you go back in my procmailrc. bummer that i will miss your well known wide-ranging contributions to the internet. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/15/2010 12:51 AM, Randy Bush wrote: what my goal is ... mostly to try and cut through the bs, hyperbole, innuendo ... you go back in my procmailrc. bummer that i will miss your well known wide-ranging contributions to the internet. If that's what it take to get you to refrain from contributing distracting misrepresentations, it will be an effective way to reduce one source of bs, hyperbole and innuendo. Thanks. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Hi Bob, Thanks for your comments. Responses inline. On Jul 8, 2010, at 11:05 PM, Bob Hinden wrote: Alissa, No hats on, these are my personal views. I have now read the draft. My overall comment is that I am not convinced if this is needed and am sympathetic to the views expressed on the mailing list that this is solving a problem the IETF doesn't have. Comments below. Bob General comments: If the IETF is to have a privacy policy, I would prefer it to be much simpler and of the form where it first starts with a general statement that the IETF does it's work in public and almost all information information supplied to the IETF is made public and will be available on the IETF (and other related) web sites. A simpler intro with a focus on the public-ness of the IETF is definitely doable. I would then list the exceptions. For example, credit card information for meeting registration and social tickets, and information for letters of invitation. Note: As I read the draft, there is very little that actually falls into the private category. This leads to to wonder about the scope of the problem this draft is solving. I tend to think that privacy risk isn't so much about the percentage of sensitive data collected as about the sensitivity of any data collected. The IETF interacts with credit card numbers, passport numbers, authentication credentials, and other kinds of data that are widely perceived to be sensitive. I think those deserve documentation (as do less sensitive data elements like web logs, but I can understand why others may disagree on that point). The IETF goes to great length to tell people about how we do our work and what is considered a public contribution, via the Note Well. I would be surprised if anyone thought otherwise. Doing our work in public is essential to how the IETF works. Detailed Comments: I have issues with the Introduction. The first sentence says: In keeping with the goals and objectives of this standards body, the IETF is committed to the highest degree of respect for the privacy of IETF participants and site visitors. This makes it sound like the highest priority of the IETF is Privacy. I don't think this is true as I described above. The vast majority of what the IETF does in Public. There is very little that is Private. The IETF is careful about what needs to be kept private and does not disclose it. That sentence was cribbed straight from ISOC's policy and could easily be removed. The Introduction says: This policy explains how the IETF applies the Fair Information Practices -- a widely accepted set of privacy principles [1] -- to the data we obtain. I don't know if it is appropriate that the IETF apply these practices. Or if there are other practices that would be more appropriate. I know that the IETF is different from many other organizations, but the Fair Information Practices form the basis of more or less every information privacy law, regime, policy, best practices, self- regulatory framework, and guidance document around the world. The IETF doesn't have to reference them, but I think the reference makes the document better rather than worse -- at least we're basing it on some well-accepted framework. The IETF is different from other organizations in that much of our data is public and not private. It might make sense to remove the parts of the document that discuss public data so that it only focuses on private data. The rest of the Introduction appears to be a summary of the first reference: One suggestion I got on the -00 was to summarize the Fair Information Practices up front since they may not be familiar to many people. So the summary was by design. [1] Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/document/18/ 0,3343,en_2649_34255_1815186_1_1_1_1,00.html, 1980. I don't know anything about this web page, who produced it, how stable it is, etc, etc. On who produced it, I think it's fairly obviously produced by the OECD. It is fairly long, around 21 pages. I don't know if this is appropriate for the IETF. I think it would better to not include this information as it is hard to judge how appropriate it is. Also, some of the practices seem to be at odds with normal IETF practices. For example, it implies that individuals have complete control of the data the IETF makes public. This isn't true in most cases. Removing the public data parts of the policy might help here. Section 2 and 3 A lot these section is a summary of what is defined in other places (References 2, 3, 4, 5, 7, 8). Other parts of the text are fairly generic, such as the information that a web server can learn about a web client. Not thing very IETF specific here. I
Re: Comments on draft-cooper-privacy-policy-01.txt
--On Wednesday, July 14, 2010 15:55 -0700 Dave CROCKER dcroc...@bbiw.net wrote: ... If no one had suggested either that someone might be capturing private data or tracking the contents of IETF network traffic for either evil purposes or unauthorized/ undocumented research on human subjects, we presumably wouldn't be having this discussion, relevant or not. Between your use of the or and the presumably, your response does not seem a very definitive. The fact of the matter is that a privacy policy draft was put forward. Whatever prompted it, it's not that remarkable to have such an effort. Stray assurances that there's never been a problem so far might or might not be valid. That doesn't really matter. What matters is that privacy is a serious topic that should be taken seriously. ... Dave, In principle, I'm in favor of having a published privacy policy. If you recall, I said so at the very beginning of this thread. I am concerned about processes for getting from here to there. Those concerns include: (1) Being sure that whatever is written actually reflects IETF consensus, IETF assumptions about participation and contributions being open and attributable except in very special cases. I am concerned that we not end up with some collection of boilerplate or platitudes drawn from other sources that doesn't really reflect our needs or situation. (2) Recognizing that, despite the desirability of a written policy, the IETF often does better when we rely on oral tradition, trusting that people we have trusted with leadership roles are responsible and will make good decisions if required to think about them rather than trying to blindly interpret poorly-written rules, and so on. Part of that recognition is that, when we have tried to reduce practices to rules that can be applied mechanically, we have regularly done a very poor job of it, ending up with nasty edge cases, undesired side effects, etc. I believe you have made essentially that point even more often over the years than I have although we tend to couch it differently. The concerns of Paul Hoffman and others that such a statement might make promises that cannot be kept and/or might cost us time or money long-term, are very much part of this concern, at least from my point of view. (3) Wondering whether the amount of energy required to get to a satisfactory policy document is worth it relative to other things the community could be doing with its collective time and energy. But differently, I wonder whether the probably-inevitable extended debate on this subject is blocking or impeding critical-path pre-IETF work for those who are actually trying to get such work done. (4) Wondering whether there is any justification for the sense of urgency that some seem to associate with this work. We have a long history of not doing well when we put get it done fast ahead of get it done at least reasonably well in our priorities, especially where policy matters and documents that will be read carefully by people outside the community are concerned. Again, I think that, over the years, you have made that point at least as often as I have. If it is not urgent, then I wonder if this topic would not be better discussed during the usual lull in, say, mid-August through late September rather than in the three weeks prior to IETF 78. (5) Wanting to be sure that this particular issue doesn't become a context in which the IAOC makes policy and essentially dictates it to the community via short notice, lack of documentation of IAOC thinking, and/or a you can advise us if you like but we will decide according to our best judgment model. If this is going to be an IETF Policy, then decisions about it ought to be made according to our usual mechanisms for determining such policies. Despite seeing the current mechanisms as somewhat problematic, the ones we have clearly require an IESG determination of community consensus, not an IAOC vote. I think that process should necessarily (i) start with the IESG determining that there is community consensus for _having_ a written policy or at least that they are willing to seriously entertain such a proposal, followed by (ii) a proposal for how that policy should be evaluated (such proposals are normally called BOFs or proposed WG charters, but I favor letting the IESG be creative if they conclude that is appropriate)), (iii) followed by a
Re: Comments on draft-cooper-privacy-policy-01.txt
--On Thursday, July 15, 2010 16:37 +0100 Alissa Cooper acoo...@cdt.org wrote: ... I tend to think that privacy risk isn't so much about the percentage of sensitive data collected as about the sensitivity of any data collected. The IETF interacts with credit card numbers, passport numbers, authentication credentials, and other kinds of data that are widely perceived to be sensitive. I think those deserve documentation (as do less sensitive data elements like web logs, but I can understand why others may disagree on that point). Alissa, Perhaps the above suggests that we need to parse this discussion into two separate privacy policies. The IETF went to a great deal of effort a few years ago to reorganize its administrative functions and clearly separate them from IETF-as-Standards-Developer. Remembering that neither the IETF nor the IASA have an actual corporate existence, the IETF actually does _not_ interact[s] with credit card numbers [or] passport numbers. The IASA does. There is some IETF interaction with authentication credentials (such as email addresses), but that is fairly lightweight and rather public. Would it be useful to redefine the question into (a) Privacy policy for the IASA and the data it handles in furtherance of its administrative role. (b) Privacy policy for the IETF in its standards-making and related capacities. While there may be some gray areas at the margins (e.g., I don't know whether a meeting attendance list would fall most naturally under an IASA or IETF policy statement even though I'm pretty such I know what should be said above it), it seems to me that the IASA one is far more important and much more easily accomplished, in part because most IASA operations should already be covered by ISOC's policies and in part because the issues are much more straightforward than ones involving the tradeoff between privacy and the requirements for openness of the standards process. And, of course, that split would permit deferring the second topic until the community was a lot more convinced that the benefits were worth the costs and risks than I see being the case right now. john ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/15/2010 9:42 AM, John C Klensin wrote: In principle, I'm in favor of having a published privacy policy. ... extended repetition of based goals elided ... ... IMO, those are the types of issues we should be discussing and that several people on the list have been discussing. Hyperbole, wild extrapolations, assumptions that network research (even if it were occurring) was actually research on human subjects, unfounded accusations about bad behavior or hidden conspiracies, etc., don't further that discussion. Anyone who has dealt with a human subjects review panels would wish to be as dismissive of them as you are. But it's a serious topic and I offered it seriously. Perhaps the scope of the IETF's privacy work does not need to include it. But perhaps it does. The discussion was raising areas of concern. I offered one more. That you might believe it doesn't fall within scope is fine, although I'll suggest that such an opinion is always strengthened when accompanied by considered reasons, rather than being facilely to lump them in with red-flag labels like hyperbole. (If you wish to address thread activity involving those red-flag behaviors, please direct your mail to your buddy.) That anyone would be so mechanically dismissive of this issue underscores the challenges of discussing privacy in this community. I explained why I thought the issue was worth considering along with the rest of the concerns about privacy. I didn't generate the reference to doing research and I didn't generate the reference to unauthorized disclosure of personal data. So please do feel free to respond with relevant substance rather than a quick hand wave. It is also relevant that what was disclosed, if I recall, were passwords. Not password-user pairs or anything else that would constitute what is normally considered personally identifiable information. OK. And none of those passwords were sufficient to identify their owner, right? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Has the IETF been authorizing people to conduct human subjects research without the informed consent of the subjects? yes, we drag them into black helicopter and mess with their genitals. you can be the first in maastricht. Thanks for demonstrating the type of knowledge and professionalism that makes clear why the IETF needs to pay more careful attention to this. oh wow! you were talking about networking, not human subject research. fooled me. well, i guess one hyperbole deserves another. sorry you did not like being hoist on your own petard. as to the network, how many people and times need to tell you that the ops team is unaware of anyone doing anything untoward with people's packets or other data? aside from the authentication which has been pretty well discussed, no one is doing any experiments, either with your packets or with any of your network data, of which the net ops are aware. i guess it serves some layer nine purpose to play demogogue on this. may your first born suffer the micro-management of being an unpaid volunteer net op :) randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/14/2010 2:10 AM, Randy Bush wrote: as to the network, how many people and times need to tell you that the ops team is unaware of anyone doing anything untoward with people's packets or other data? How is that relevant? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/14/2010 2:53 PM, John C Klensin wrote: --On Wednesday, 14 July, 2010 05:39 -0700 Dave CROCKER d...@dcrocker.net wrote: On 7/14/2010 2:10 AM, Randy Bush wrote: as to the network, how many people and times need to tell you that the ops team is unaware of anyone doing anything untoward with people's packets or other data? How is that relevant? If no one had suggested either that someone might be capturing private data or tracking the contents of IETF network traffic for either evil purposes or unauthorized/ undocumented research on human subjects, we presumably wouldn't be having this discussion, relevant or not. Between your use of the or and the presumably, your response does not seem a very definitive. The fact of the matter is that a privacy policy draft was put forward. Whatever prompted it, it's not that remarkable to have such an effort. Stray assurances that there's never been a problem so far might or might not be valid. That doesn't really matter. What matters is that privacy is a serious topic that should be taken seriously. Given that the effort effort was initiated, a variety of implications follow. I was merely citing one, based on references that were made to using the data for research. The assumption that simply posting a notice constitutes sufficient permission to disclose data is one more example of the challenges we face in producing reasonable policies and following them. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/11/10 11:24 AM, Dave CROCKER wrote: Has the IETF been authorizing people to conduct human subjects research without the informed consent of the subjects? I'm going to insert the root trust anchor into our recursive nameservers for this meeting. For obvious reasons this will be the first time that this have every been done at an IETF meeting. Do I require the informed consent of the ietf participants to do that or should I just chalk it up to tinkering? joel d/ ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
That started when Jeff Schiller was security AD. Though I can't remember who actually did the code. Though at the time the issue was no so much the carelessness of the users as the fact that the IETF password protocols were broken. On Fri, Jul 9, 2010 at 4:39 PM, Randy Bush ra...@psg.com wrote: Randy, we have had at least one researcher sniffing passwords in plenary WiFi traffic and posting them, to embarrass people into using more secure technology. I believe he was an Ops AD at the time :-) o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. and if you are remembering that i did so, my admittedly mediocre memory tells me it was not i. though i may have help get stage time for it, not sure. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf -- Website: http://hallambaker.com/ ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/12/2010 7:53 AM, Joel Jaeggli wrote: On 7/11/10 11:24 AM, Dave CROCKER wrote: Has the IETF been authorizing people to conduct human subjects research without the informed consent of the subjects? I'm going to insert the root trust anchor into our recursive nameservers for this meeting. For obvious reasons this will be the first time that this have every been done at an IETF meeting. Do I require the informed consent of the ietf participants to do that or should I just chalk it up to tinkering? One view that is expressed in this thread is that folks will generally know to make reasonable choices. The nature of your question suggests that, indeed, we need to be quite a bit more clear about what it is that requires consent and what doesn't. I would have thought that the difference between human subjects research versus network management functionality changes would be pretty obvious. But what's obvious is that it isn't. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Has the IETF been authorizing people to conduct human subjects research without the informed consent of the subjects? yes, we drag them into black helicopter and mess with their genitals. you can be the first in maastricht. sheesh! ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/12/2010 9:18 AM, Randy Bush wrote: Has the IETF been authorizing people to conduct human subjects research without the informed consent of the subjects? yes, we drag them into black helicopter and mess with their genitals. you can be the first in maastricht. sheesh! Thanks for demonstrating the type of knowledge and professionalism that makes clear why the IETF needs to pay more careful attention to this. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
I would suggest you discuss it the with IAOC. That said, assuming it doesn't create problems, I can't imagine them having an issue with it. On Jul 12, 2010, at 7:53 AM, Joel Jaeggli wrote: On 7/11/10 11:24 AM, Dave CROCKER wrote: Has the IETF been authorizing people to conduct human subjects research without the informed consent of the subjects? I'm going to insert the root trust anchor into our recursive nameservers for this meeting. For obvious reasons this will be the first time that this have every been done at an IETF meeting. Do I require the informed consent of the ietf participants to do that or should I just chalk it up to tinkering? joel d/ ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf http://www.ipinc.net/IPv4.GIF ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Dave CROCKER wrote: On 7/9/2010 4:32 AM, Hannes Tschofenig wrote: The Fair Information Practices are a set of principles most of us are quite likely to believe in, such as (copied from the Alissa's draft): Likely, yes. But do any of us know how to translate those principles into particular behaviors? Is it likely that any two of us will make the same translation? What about enough of us to constitute rough consensus? Exactly. As I previously mentioned, acceptable means different things to different people. Some people seem to hope that creation of a privacy policy is going to improve things. Personally, I don't think so. Likely it will get worse, and it may get *much* worse. While a privacy policy may look nice, it adds A LOT of wiggle room for lawyers. Most companies privacy policies are created for the cover your ass (CYA) purpose by lawyers. Going back to the Google example (because they made news several times here): Excerpts from what they've posted: http://www.google.com/intl/en/privacy.html We have 5 privacy principles that describe how we approach privacy and user information across all of our products: 1. Use information to provide our users with valuable products and services. 2. Develop products that reflect strong privacy standards and practices. 3. Make the collection of personal information transparent. 4. Give users meaningful choices to protect their privacy. 5. Be a responsible steward of the information we hold. http://www.google.com/intl/en/privacypolicy.html At Google we recognize that privacy is important. This Privacy Policy applies to all of the products, services and websites offered by Google Inc. or its subsidiaries or affiliated companies except DoubleClick (DoubleClick Privacy Policy) and Postini (Postini Privacy Policy); collectively, Googles services. But the reality actually looks like this: http://www.spiegel.de/international/zeitgeist/0,1518,626075,00.html http://www.spiegel.de/international/germany/0,1518,631149,00.html http://www.spiegel.de/international/business/0,1518,695718,00.html http://www.spiegel.de/international/germany/0,1518,645581,00.html i.e. the government must step in to stop them from committing large scale illegal privacy violations, because their own focus is much more on their business model than on respect for the privacy of the people about which they collect data. I would be OK with consenting to very specific and explicit PII usage scenarios within the IETF. But many privacy policies I've come across are simple inacceptable to _me_. Probably every social networking site out there, or businesses with ridiculous policies, such as e.g. PayPal. -Martin ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/12/2010 1:37 PM, Martin Rex wrote: Dave CROCKER wrote: On 7/9/2010 4:32 AM, Hannes Tschofenig wrote: The Fair Information Practices are a set of principles most of us are quite likely to believe in, such as (copied from the Alissa's draft): Likely, yes. But do any of us know how to translate those principles into particular behaviors? Is it likely that any two of us will make the same translation? What about enough of us to constitute rough consensus? Exactly. As I previously mentioned, acceptable means different things to different people. Some people seem to hope that creation of a privacy policy is going to improve things. Personally, I don't think so. You mean that you think change that will protect the disclosure of identities and proper notice as to who people represent is a bad thing? Likely it will get worse, and it may get *much* worse. While a privacy policy may look nice, it adds A LOT of wiggle room for lawyers. It can't possibly have any more wiggle room that the IETF's current processes and that also is something worth looking at since it says the people writing those policies either have the intent to create that wiggle room - which is the case from my perspective or that they are so stupid that they are dangerous to themselves and everyone around them. Personally I think most of the people here are pretty smart - not all ethical but damn smart. Meaning that the inclusion of the wiggle room is intentional. That unfortunately has ethical constraints which are also important and is a key reason why public disclosure of who you represent is so critical here in the IETF. That being so that they can be held accountable in a court of law for your actions here. Todd Most companies privacy policies are created for the cover your ass (CYA) purpose by lawyers. Going back to the Google example (because they made news several times here): Excerpts from what they've posted: http://www.google.com/intl/en/privacy.html We have 5 privacy principles that describe how we approach privacy and user information across all of our products: 1. Use information to provide our users with valuable products and services. 2. Develop products that reflect strong privacy standards and practices. 3. Make the collection of personal information transparent. 4. Give users meaningful choices to protect their privacy. 5. Be a responsible steward of the information we hold. http://www.google.com/intl/en/privacypolicy.html At Google we recognize that privacy is important. This Privacy Policy applies to all of the products, services and websites offered by Google Inc. or its subsidiaries or affiliated companies except DoubleClick (DoubleClick Privacy Policy) and Postini (Postini Privacy Policy); collectively, Googles services. But the reality actually looks like this: http://www.spiegel.de/international/zeitgeist/0,1518,626075,00.html http://www.spiegel.de/international/germany/0,1518,631149,00.html http://www.spiegel.de/international/business/0,1518,695718,00.html http://www.spiegel.de/international/germany/0,1518,645581,00.html i.e. the government must step in to stop them from committing large scale illegal privacy violations, because their own focus is much more on their business model than on respect for the privacy of the people about which they collect data. I would be OK with consenting to very specific and explicit PII usage scenarios within the IETF. But many privacy policies I've come across are simple inacceptable to _me_. Probably every social networking site out there, or businesses with ridiculous policies, such as e.g. PayPal. -Martin ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
todd glassey wrote: Martin Rex wrote: As I previously mentioned, acceptable means different things to different people. Some people seem to hope that creation of a privacy policy is going to improve things. Personally, I don't think so. You mean that you think change that will protect the disclosure of identities and proper notice as to who people represent is a bad thing? If there is no written privacy policy, then one has to make assumption about the consent on the use of PII. And if the assumption is conservative (as I think it has been in the IETF), then it is going to be in the interest of the data subject, and if unclear, one should resort to ask the data subject (= opt-in). Likely it will get worse, and it may get *much* worse. While a privacy policy may look nice, it adds A LOT of wiggle room for lawyers. Once you have a written privacy policy, a conservative assumption about consent is no longer necessary and will likely no longer be used, instead an interpretation of that written policy is going to be used. And if that written policy is interpreted based on the underlying (lack of) data protection laws, then it could get awful for the data subject (=opt-out). -Martin ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/12/10 2:34 PM, Martin Rex wrote: todd glassey wrote: Martin Rex wrote: Some people seem to hope that creation of a privacy policy is going to improve things. Personally, I don't think so. You mean that you think change that will protect the disclosure of identities and proper notice as to who people represent is a bad thing? If there is no written privacy policy, then one has to make assumption about the consent on the use of PII. And if the assumption is conservative (as I think it has been in the IETF), then it is going to be in the interest of the data subject, and if unclear, one should resort to ask the data subject (= opt-in). have we all read the note well? http://www.ietf.org/about/note-well.html Your ietf contribution will be made public. It was accepted by everyone who registered for the meeting. All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879). etc. While it is technically possible to attend an IETF meeting without making a contribution what exactly is the point in doing so? you can save a few thousand dollars by staying home and listening to the recordings. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/12/2010 2:52 PM, Joel Jaeggli wrote: On 7/12/10 2:34 PM, Martin Rex wrote: todd glassey wrote: Martin Rex wrote: Some people seem to hope that creation of a privacy policy is going to improve things. Personally, I don't think so. You mean that you think change that will protect the disclosure of identities and proper notice as to who people represent is a bad thing? If there is no written privacy policy, then one has to make assumption about the consent on the use of PII. And if the assumption is conservative (as I think it has been in the IETF), then it is going to be in the interest of the data subject, and if unclear, one should resort to ask the data subject (= opt-in). have we all read the note well? http://www.ietf.org/about/note-well.html Your ietf contribution will be made public. It was accepted by everyone who registered for the meeting. Only if a NOTEWELL commentary was publicly posted at the meeting and notice was given at the time the person registered. All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879). etc. While it is technically possible to attend an IETF meeting without making a contribution what exactly is the point in doing so? you can save a few thousand dollars by staying home and listening to the recordings. That brings up another issue of whether the requirements to attend prevent those without the wherewithall to travel to be member's of the IETF right? ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
That started when Jeff Schiller was security AD. Though I can't remember who actually did the code. Though at the time the issue was no so much the carelessness of the users as the fact that the IETF password protocols were broken. i am not confident of either of those statements randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Hannes, On 7/9/2010 4:32 AM, Hannes Tschofenig wrote: The Fair Information Practices are a set of principles most of us are quite likely to believe in, such as (copied from the Alissa's draft): Likely, yes. But do any of us know how to translate those principles into particular behaviors? Is it likely that any two of us will make the same translation? What about enough of us to constitute rough consensus? Note, for example, my earlier comment that the draft's use of the IETF treats it as an entity when in fact it has little legal standing and even less cohesiveness in its behaviors. Who does the term refer to? Principles need to be accompanied with very concrete behavioral prescriptions and proscriptions, for the principles to have real meaning. That's what the remaining sections of the draft seek to do. The draft currently gives too little introduction to IETF-specific precepts, concepts and motivation. All presented more simply, as Bob Hinden suggests. As an example, imagine some researchers doing some interesting network testing and collect data that travels over the IETF network then these principles say that you should be transparent in what you do, you should tell people what you collect and why, etc. I think that this is something we want people to do. And yes we have researchers looking into the traffic, people storing all sorts of data, etc. This issue of measuring the network for research raises a deeper and more serious problem: informed consent. Telling people about the work after the fact violates this requirement. As soon as the word privacy becomes relevant, an implication for research is that we are in the realm of human subjects ethics, and the research world has produced some fairly strict rules concerning this. For example: http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.htm especially section 46.116 Has the IETF been authorizing people to conduct human subjects research without the informed consent of the subjects? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
The sniffed passwords were sometimes displayed in real time on a monitor facing the audience from the front of the room. This activity was never called research that I can recall. I think the majority reaction was that this was a fine thing to motivate improvements in security practice. Only one person was upset, that I remember. And several people, seeing that this was going on, wrote little network apps to give the appearance to sniffers that plaintext passwords were being sent so use they could display messages on said monitor, like this is not my real password, etc. Thanks, Donald On Fri, Jul 9, 2010 at 1:24 PM, Fred Baker f...@cisco.com wrote: Randy, we have had at least one researcher sniffing passwords in plenary WiFi traffic and posting them, to embarrass people into using more secure technology. I believe he was an Ops AD at the time :-) Agreed that personal net hygiene is the solution there. On Jul 9, 2010, at 5:04 AM, Randy Bush wrote: [ fwiw, i am not bothered if some folk well-versed in such things develop and put forth a policy about how the ietf treats data about members, attendees, network, ... ] And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other than the _ephemeral_ data the noc ops use to manage the network? as far as i know o data collection has been done very rarely. and when it has been, it has been widely announced. o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. given the latter, i focus more on prudent personal net hygene and less on prose. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf http://www.ipinc.net/IPv4.GIF ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Hi Bob, just a very quick reaction to your mail: ~snip~ I have issues with the Introduction. The first sentence says: In keeping with the goals and objectives of this standards body, the IETF is committed to the highest degree of respect for the privacy of IETF participants and site visitors. This makes it sound like the highest priority of the IETF is Privacy. I don't think this is true as I described above. The vast majority of what the IETF does in Public. There is very little that is Private. The IETF is careful about what needs to be kept private and does not disclose it. The Fair Information Practices are a set of principles most of us are quite likely to believe in, such as (copied from the Alissa's draft): o Collection Limitation: There should be limits to the collection of data about people. o Data Quality: Personal data should be accurate, complete, up-to- date, and relevant to the purposes for which it was collected. o Purpose Specification: The purpose of collecting personal data should be specified in advance of collection. o Use Limitation: Personal data should only be used for the purposes for which it was collected. o Security: Personal data should be protected by reasonable security safeguards against unauthorised access, use, and disclosure. o Openness: Practices and policies with respect to personal data should be open and transparent. o Individual Participation: Individuals should have choice, access, correction, and redress rights with respect to their data. o Accountability: Those that collect and use data should be accountable for complying with the above principles. When you read privacy then replace it with these principles and everything makes much more sense to you. As an example, imagine some researchers doing some interesting network testing and collect data that travels over the IETF network then these principles say that you should be transparent in what you do, you should tell people what you collect and why, etc. I think that this is something we want people to do. And yes we have researchers looking into the traffic, people storing all sorts of data, etc. I don't think we have anything to hide. It would be a bad sign to say that the IETF is so special that we don't need to follow privacy principles (even if we try to consider privacy in the development of our protocols and tell other SDOs that it is really important to do so). Ciao Hannes PS: If you do not know about the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data then maybe some other folks have not heard about these privacy principles either. Maybe we should add privacy to our Sunday education program. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
[ fwiw, i am not bothered if some folk well-versed in such things develop and put forth a policy about how the ietf treats data about members, attendees, network, ... ] And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other than the _ephemeral_ data the noc ops use to manage the network? as far as i know o data collection has been done very rarely. and when it has been, it has been widely announced. o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. given the latter, i focus more on prudent personal net hygene and less on prose. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Hi Randy, [ fwiw, i am not bothered if some folk well-versed in such things develop and put forth a policy about how the ietf treats data about members, attendees, network, ... ] And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other than the _ephemeral_ data the noc ops use to manage the network? Yes, the IETF meeting network. as far as i know o data collection has been done very rarely. and when it has been, it has been widely announced. Openness and transparency is one of the privacy principles. (but there are others...) o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. I don't know. There is no central place where I could lookup any of this info. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view Maybe boring for you. Some consider it a very large WLAN network, some others test their favorite tunneling technology with it, etc. o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. You have to see all privacy principles in combination in order for them to make sense. given the latter, i focus more on prudent personal net hygene and less on prose. That's fine. Ciao Hannes randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other than the _ephemeral_ data the noc ops use to manage the network? Yes, the IETF meeting network. cites, please. o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. I don't know. There is no central place where I could lookup any of this info. but you suspect the worst? i am on the noc ops team. you can trust my statement or not. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view Maybe boring for you. Some consider it a very large WLAN network, some others test their favorite tunneling technology with it, etc. that is not gathering data on others' use of the network. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/9/2010 5:15 AM, Hannes Tschenig wrote: WHAT specifically does Openness and Transparency mean - not in nebulous namby pamby terms but specific sets of use rules and their oversight - what exactly does this mean? as far as i know o data collection has been done very rarely. and when it has been, it has been widely announced. Openness and transparency is one of the privacy principles. (but there are others...) o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. I don't know. There is no central place where I could lookup any of this info. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view Maybe boring for you. Some consider it a very large WLAN network, some others test their favorite tunneling technology with it, etc. o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. You have to see all privacy principles in combination in order for them to make sense. given the latter, i focus more on prudent personal net hygene and less on prose. That's fine. Ciao Hannes randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
On 7/9/2010 4:32 AM, Hannes Tschofenig wrote: Hi Bob, just a very quick reaction to your mail: ~snip~ I have issues with the Introduction. The first sentence says: In keeping with the goals and objectives of this standards body, the IETF is committed to the highest degree of respect for the privacy of IETF participants and site visitors. This makes it sound like the highest priority of the IETF is Privacy. I don't think this is true as I described above. The vast majority of what the IETF does in Public. There is very little that is Private. The IETF is careful about what needs to be kept private and does not disclose it Everything you have said is true but in this case the specific use of the privacy policy is in this case to provide people who are slammed with SPAM from people illegally harvesting contact information from IETF postings and mailing list activity to create their own personal commercial email lists and NOT to protect their identity or who they represent... You cannot take that away from them no matter what - and since the IETF in its raging toothless manner fails to protect that data itself, it is up to the IETF to enable everyone else to protect themselves from damage which occurs to them by being in the IETF. Also on the other side of the privacy coin, you will find that EVERYONE here has a formal legal right to know who everyone else is representing in the IETF meaning that there is no direct privacy control possible. Todd Glassey ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Randy, this privacy policy effort is not a means to put someone in the spotlight because a mistake has been made. I think it is good that we do all sorts of experiments with the IETF network and use it for research purposes. Still, if someone wants to do their tests then they should do it in an open and transparent fashion and tell people what they do. The writeup should then contain information like * what data is collected * what is the purpose * how long is it stored * how is responsible * how does the opt-in procedure work It would also be nice to hear the results of the effort afterwards as well. Without listing other persons efforts I would like to mention the location server experiment a few of us did from the GEOPRIV working group. I don't recall anymore how we announced it and what we said in our announcement (it was a few years ago already) but a document like the one written by Alissa would have helped us. Richard Barnes might remember the details. Ciao Hannes Original-Nachricht Datum: Fri, 09 Jul 2010 21:28:43 +0900 Von: Randy Bush ra...@psg.com An: Hannes Tschofenig hannes.tschofe...@gmx.net CC: ietf@ietf.org Betreff: Re: Comments on draft-cooper-privacy-policy-01.txt And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other than the _ephemeral_ data the noc ops use to manage the network? Yes, the IETF meeting network. cites, please. Remember the discussion about the RFID experiment, the location server experiment, o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. I don't know. There is no central place where I could lookup any of this info. but you suspect the worst? i am on the noc ops team. you can trust my statement or not. I don't suspect anything. I believe it is good if people use the network for all sorts of tests, if they tell us what they do. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view Maybe boring for you. Some consider it a very large WLAN network, some others test their favorite tunneling technology with it, etc. that is not gathering data on others' use of the network. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
this privacy policy effort is not a means to put someone in the spotlight because a mistake has been made. what an amazing turn of argument. there are communists in the state department, i have their names on this sheet of paper which i will not reveal. -- joe mcarthy as a researcher, a net op, and one involved in the ietf network, i took it very seriously when you said ietf *network traffic* was measured and stored for research. And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other the _ephemeral_ data the noc ops use to manage the network? Yes, the IETF meeting network. cites, please. Remember the discussion about the RFID experiment, the location server experiment those are not network traffic i am specifically concerned about the allegation that network traffic was captured and stored. either cite or retract. randy, who thinks it is time to get back off this list ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Very good question, Todd. Nowadays everyone claims to be open and transparent. As an example, here is what the Madrid Resolution http://www.gov.im/lib/docs/odps//madridresolutionnov09.pdf has to say about the openness principle: 1. Every responsible person shall have transparent policies with regard to the processing of personal data. 2. The responsible person shall provide to the data subjects, as a minimum, information about the responsible person’s identity, the intended purpose of processing, the recipients to whom their personal data will be disclosed and how data subjects may exercise the rights provided in this Document, as well as any further information necessary to guarantee fair processing of such personal data. 3. When personal data have been collected directly from the data subject, the information must be provided at the time of collection, unless it has already been provided. 4. When personal data have not been collected directly from the data subject, the responsible person must also inform him/her about the source of personal data. This information must be given within a reasonable period of time, but may be replaced by alternative measures if compliance is impossible or would involve a disproportionate effort by the responsible person. 5. Any information to be furnished to the data subject must be provided in an intelligible form, using a clear and plain language, in particular for any processing addressed specifically to minors. 6. Where personal data are collected on line by means of electronic communications networks, the obligations set out in the first and second paragraphs of this section may be satisfied by posting privacy policies that are easy to access and identify and include all the information mentioned above. Ciao Hannes Original-Nachricht Datum: Fri, 09 Jul 2010 07:36:36 -0700 Von: todd glassey tglas...@earthlink.net An: ietf@ietf.org Betreff: Re: Comments on draft-cooper-privacy-policy-01.txt On 7/9/2010 5:15 AM, Hannes Tschenig wrote: WHAT specifically does Openness and Transparency mean - not in nebulous namby pamby terms but specific sets of use rules and their oversight - what exactly does this mean? as far as i know o data collection has been done very rarely. and when it has been, it has been widely announced. Openness and transparency is one of the privacy principles. (but there are others...) o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. I don't know. There is no central place where I could lookup any of this info. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view Maybe boring for you. Some consider it a very large WLAN network, some others test their favorite tunneling technology with it, etc. o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. You have to see all privacy principles in combination in order for them to make sense. given the latter, i focus more on prudent personal net hygene and less on prose. That's fine. Ciao Hannes randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
I understand that you don't like process. Who does? The good thing is that there is very little process (or even no process) for you. The additional effort is for those who run the experiment and maybe they come to the conclusion that there is no risk for others. Ciao Hannes Original-Nachricht Datum: Fri, 9 Jul 2010 08:16:36 -0700 Von: Joel Jaeggli joe...@bogus.com An: Hannes Tschofenig hannes.tschofe...@gmx.net CC: ietf@ietf.org ietf@ietf.org Betreff: Re: Comments on draft-cooper-privacy-policy-01.txt With all due respect the geopriv held experiment at ietf71 could have been done anywhere, and had no impact on participants who were not involved in them. I have zero interest in building process that might impede the activity of people conducting protocol experiments that occur effectively in isolation. Joel's iPad On Jul 9, 2010, at 7:39 AM, Hannes Tschofenig hannes.tschofe...@gmx.net wrote: Randy, this privacy policy effort is not a means to put someone in the spotlight because a mistake has been made. I think it is good that we do all sorts of experiments with the IETF network and use it for research purposes. Still, if someone wants to do their tests then they should do it in an open and transparent fashion and tell people what they do. The writeup should then contain information like * what data is collected * what is the purpose * how long is it stored * how is responsible * how does the opt-in procedure work It would also be nice to hear the results of the effort afterwards as well. Without listing other persons efforts I would like to mention the location server experiment a few of us did from the GEOPRIV working group. I don't recall anymore how we announced it and what we said in our announcement (it was a few years ago already) but a document like the one written by Alissa would have helped us. Richard Barnes might remember the details. Ciao Hannes Original-Nachricht Datum: Fri, 09 Jul 2010 21:28:43 +0900 Von: Randy Bush ra...@psg.com An: Hannes Tschofenig hannes.tschofe...@gmx.net CC: ietf@ietf.org Betreff: Re: Comments on draft-cooper-privacy-policy-01.txt And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other than the _ephemeral_ data the noc ops use to manage the network? Yes, the IETF meeting network. cites, please. Remember the discussion about the RFID experiment, the location server experiment, o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. I don't know. There is no central place where I could lookup any of this info. but you suspect the worst? i am on the noc ops team. you can trust my statement or not. I don't suspect anything. I believe it is good if people use the network for all sorts of tests, if they tell us what they do. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view Maybe boring for you. Some consider it a very large WLAN network, some others test their favorite tunneling technology with it, etc. that is not gathering data on others' use of the network. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Randy, we have had at least one researcher sniffing passwords in plenary WiFi traffic and posting them, to embarrass people into using more secure technology. I believe he was an Ops AD at the time :-) Agreed that personal net hygiene is the solution there. On Jul 9, 2010, at 5:04 AM, Randy Bush wrote: [ fwiw, i am not bothered if some folk well-versed in such things develop and put forth a policy about how the ietf treats data about members, attendees, network, ... ] And yes we have researchers looking into the traffic, people storing all sorts of data, etc. we do? about our traffic on the ietf meeting network? stuff other than the _ephemeral_ data the noc ops use to manage the network? as far as i know o data collection has been done very rarely. and when it has been, it has been widely announced. o there is no plan known by the net ops to do so in maastricht or beijing at either of those meetings. o aside from issues in the wireless deployment, the data about net use at ietf meeings seems pretty boring to me from a research view o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. given the latter, i focus more on prudent personal net hygene and less on prose. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf http://www.ipinc.net/IPv4.GIF ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Comments on draft-cooper-privacy-policy-01.txt
Randy, we have had at least one researcher sniffing passwords in plenary WiFi traffic and posting them, to embarrass people into using more secure technology. I believe he was an Ops AD at the time :-) o but i am sure there are wifi spies snooping and playing. and i suspect that they will not be very respectful of any policy put in place. and if you are remembering that i did so, my admittedly mediocre memory tells me it was not i. though i may have help get stage time for it, not sure. randy ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Comments on draft-cooper-privacy-policy-01.txt
Alissa, No hats on, these are my personal views. I have now read the draft. My overall comment is that I am not convinced if this is needed and am sympathetic to the views expressed on the mailing list that this is solving a problem the IETF doesn't have. Comments below. Bob General comments: If the IETF is to have a privacy policy, I would prefer it to be much simpler and of the form where it first starts with a general statement that the IETF does it's work in public and almost all information information supplied to the IETF is made public and will be available on the IETF (and other related) web sites. I would then list the exceptions. For example, credit card information for meeting registration and social tickets, and information for letters of invitation. Note: As I read the draft, there is very little that actually falls into the private category. This leads to to wonder about the scope of the problem this draft is solving. The IETF goes to great length to tell people about how we do our work and what is considered a public contribution, via the Note Well. I would be surprised if anyone thought otherwise. Doing our work in public is essential to how the IETF works. Detailed Comments: I have issues with the Introduction. The first sentence says: In keeping with the goals and objectives of this standards body, the IETF is committed to the highest degree of respect for the privacy of IETF participants and site visitors. This makes it sound like the highest priority of the IETF is Privacy. I don't think this is true as I described above. The vast majority of what the IETF does in Public. There is very little that is Private. The IETF is careful about what needs to be kept private and does not disclose it. The Introduction says: This policy explains how the IETF applies the Fair Information Practices -- a widely accepted set of privacy principles [1] -- to the data we obtain. I don't know if it is appropriate that the IETF apply these practices. Or if there are other practices that would be more appropriate. The IETF is different from other organizations in that much of our data is public and not private. The rest of the Introduction appears to be a summary of the first reference: [1] Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/document/18/ 0,3343,en_2649_34255_1815186_1_1_1_1,00.html, 1980. I don't know anything about this web page, who produced it, how stable it is, etc, etc. It is fairly long, around 21 pages. I don't know if this is appropriate for the IETF. I think it would better to not include this information as it is hard to judge how appropriate it is. Also, some of the practices seem to be at odds with normal IETF practices. For example, it implies that individuals have complete control of the data the IETF makes public. This isn't true in most cases. Section 2 and 3 A lot these section is a summary of what is defined in other places (References 2, 3, 4, 5, 7, 8). Other parts of the text are fairly generic, such as the information that a web server can learn about a web client. Not thing very IETF specific here. I don't see very much value repeating this. Section 4 The first paragraph: The IETF does not sell, rent, or exchange any information that we collect about our participants or site visitors. However, we will disclose information under the following circumstances: The first two sell rent is true, but the exchange is not true as you state later in the section. Much of the data we collect is exchanged. Section 5 I am not really qualified to comment on the specifics here, such as how long credit card or letter of invitation information needs to be retained. I would have thought that all financial data needs to be kept for some number of years. This describes our current operational practices regarding log files. Including specific times for retention will make it hard to change this in the future. Also, if log files are going to be covered, what happens to the backups? Are we required to scrub the backups? This would be difficult and expensive. What about backups of credit card information? Section 10 In the acknowledgment section you cite the IAOC. The IAOC has not done any formal review of this draft. It is better if you cite the people in the IAOC you have discussed this with you and not list the IAOC. Now that I have written this, you can cite me if you choose :-) Section 11 I think most of the references are Normative, not Informative. That is, this draft depends on these documents. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf