Re: Future Handling of Blue Sheets
Some SDOs have gone to great lengths to specify this in detail. I am hoping that we can avoid that path. Instead, as Ed already pointed out, each person already provides an organizational affiliation when they register. Consistency would be helpful. Russ On Jun 15, 2012, at 5:37 PM, Eric Burger wrote: > Do we have guidelines as to what is an "organization affiliation"? > > On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: > >> Two things have occurred since the message below as sent to the IETF mail >> list. First, we got a lawyer in Europe to do some investigation, and the >> inclusion of the email address on the blue sheet will lead to trouble with >> the European privacy laws. Second, Ted Hardie suggested that we could >> require a password to access the scanned blue sheet. >> >> Based on the European privacy law information, the use of email will result >> in a major burden. If the email address is used, then we must provide a way >> for people to ask for their email address to be remove at any time in the >> future, even if we got prior approval to include it. Therefore, I suggest >> that we collect organization affiliation to discriminate between multiple >> people with the same name instead of email address. >> >> Based on Ted's suggestion, I checked with the Secretariat about using a >> datatracker login to download the scanned blue sheet. This is fairly easy >> to do, once the community tracking tools are deployed. However, with the >> removal of the email addresses from the blue sheets, it is unclear that >> there is any further need for password protection of these images. >> Therefore, I suggest that we proceed without password protection for the >> blue sheet images. >> >> Here is a summary of the suggested way forward: >> >> - Stop collecting email addresses on blue sheets; >> >> - Collect organization affiliation to discriminate between multiple people >> with the same name; >> >> - Scan the blue sheets and include the images in the proceedings for the WG >> session; >> >> - Add indication to top of the blue sheet so people know it will be part of >> the proceedings; and >> >> - Discard paper blue sheets after scanning. >> >> Russ >> >> >> On May 6, 2012, at 12:46 PM, IETF Chair wrote: >> >>> We have heard from many community participants, and consensus is quite >>> rough on this topic. The IESG discussed this thread and reached two >>> conclusions: >>> >>> (1) Rough consensus: an open and transparent standards process is more >>> important to the IETF than privacy of blue sheet information. >>> >>> (2) Rough consensus: inclusion of email addresses is a good way to >>> distinguish participants with the same or similar names. >>> >>> >>> Based on these conclusions, the plan is to handle blue sheets as follows: >>> >>> - Continue to collect email addresses on blue sheets; >>> >>> - Scan the blue sheet and include the image in the proceedings for the WG >>> session; >>> >>> - Add indication to top of the blue sheet so people know it will be part of >>> the proceedings; and >>> >>> - Discard paper blue sheets after scanning. >>> >>> >>> On behalf of the IESG, >>> Russ >>> >> >
Re: Future Handling of Blue Sheets
The registration number links to a registration that includes an email address, should that need to be looked up for some reason later. Holding minimal information for the purpose, and keeping that information as non-identifiable to the holder as possible, would be nice properties? Tim On 17 Jun 2012, at 08:36, Yoav Nir wrote: > This creates a distinguished identity, so if two "Fei Zhang"s attended in > Paris (only case I found in the attendee list), this would distinguish which > of them attended a particular meeting. It would not, however, tie them to an > identity on the mailing list, or to the "Fei Zhang" who attends the Vancouver > meeting, so I'm not sure what purpose it serves. > > Yoav > > -Original Message- > From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Tim > Chown > Sent: 16 June 2012 13:54 > To: Joel jaeggli > Cc: IETF Chair; IETF; ietf-boun...@ietf.org > Subject: Re: Future Handling of Blue Sheets > > If the purpose is simply differentiation of people with the same names, could > we not ask people to enter the last four digits of their IETF registration > number, which would presumably be unique, while being easy to remember? The > number could even be on your badge to always be easy to look up. > > Unless there's some reason to keep registration numbers private? > > That would also allow poorly handwritten names to more readily be > checked/corrected by OCR when the sheets are scanned. > > Tim > > On 16 Jun 2012, at 04:50, Joel jaeggli wrote: > >> On 6/15/12 14:42 , edj@gmail.com wrote: >>> I presume it is the same data that people input into the "Organization" >>> field when they register for the meeting. >> >> I do change mine based on what capacity I'm attending a particular >> meeting in. That goes for email address on existing blue sheets as well... >> >> The nice people who send me a check every two weeks don't generally >> fund my attendance. >> >>> Regards, >>> >>> Ed J. >>> >>> -Original Message- >>> From: Eric Burger >>> Sender: ietf-boun...@ietf.org >>> Date: Fri, 15 Jun 2012 17:37:50 >>> To: IETF Chair >>> Cc: IETF >>> Subject: Re: Future Handling of Blue Sheets >>> >>> Do we have guidelines as to what is an "organization affiliation"? >>> >>> On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: >>> >>>> Two things have occurred since the message below as sent to the IETF mail >>>> list. First, we got a lawyer in Europe to do some investigation, and the >>>> inclusion of the email address on the blue sheet will lead to trouble with >>>> the European privacy laws. Second, Ted Hardie suggested that we could >>>> require a password to access the scanned blue sheet. >>>> >>>> Based on the European privacy law information, the use of email will >>>> result in a major burden. If the email address is used, then we must >>>> provide a way for people to ask for their email address to be remove at >>>> any time in the future, even if we got prior approval to include it. >>>> Therefore, I suggest that we collect organization affiliation to >>>> discriminate between multiple people with the same name instead of email >>>> address. >>>> >>>> Based on Ted's suggestion, I checked with the Secretariat about using a >>>> datatracker login to download the scanned blue sheet. This is fairly easy >>>> to do, once the community tracking tools are deployed. However, with the >>>> removal of the email addresses from the blue sheets, it is unclear that >>>> there is any further need for password protection of these images. >>>> Therefore, I suggest that we proceed without password protection for the >>>> blue sheet images. >>>> >>>> Here is a summary of the suggested way forward: >>>> >>>> - Stop collecting email addresses on blue sheets; >>>> >>>> - Collect organization affiliation to discriminate between multiple >>>> people with the same name; >>>> >>>> - Scan the blue sheets and include the images in the proceedings for >>>> the WG session; >>>> >>>> - Add indication to top of the blue sheet so people know it will be >>>> part of the proceedings; and >>>> >>>> - Discard paper blue sheets after scanning.
RE: Future Handling of Blue Sheets
This creates a distinguished identity, so if two "Fei Zhang"s attended in Paris (only case I found in the attendee list), this would distinguish which of them attended a particular meeting. It would not, however, tie them to an identity on the mailing list, or to the "Fei Zhang" who attends the Vancouver meeting, so I'm not sure what purpose it serves. Yoav -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Tim Chown Sent: 16 June 2012 13:54 To: Joel jaeggli Cc: IETF Chair; IETF; ietf-boun...@ietf.org Subject: Re: Future Handling of Blue Sheets If the purpose is simply differentiation of people with the same names, could we not ask people to enter the last four digits of their IETF registration number, which would presumably be unique, while being easy to remember? The number could even be on your badge to always be easy to look up. Unless there's some reason to keep registration numbers private? That would also allow poorly handwritten names to more readily be checked/corrected by OCR when the sheets are scanned. Tim On 16 Jun 2012, at 04:50, Joel jaeggli wrote: > On 6/15/12 14:42 , edj@gmail.com wrote: >> I presume it is the same data that people input into the "Organization" >> field when they register for the meeting. > > I do change mine based on what capacity I'm attending a particular > meeting in. That goes for email address on existing blue sheets as well... > > The nice people who send me a check every two weeks don't generally > fund my attendance. > >> Regards, >> >> Ed J. >> >> -Original Message- >> From: Eric Burger >> Sender: ietf-boun...@ietf.org >> Date: Fri, 15 Jun 2012 17:37:50 >> To: IETF Chair >> Cc: IETF >> Subject: Re: Future Handling of Blue Sheets >> >> Do we have guidelines as to what is an "organization affiliation"? >> >> On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: >> >>> Two things have occurred since the message below as sent to the IETF mail >>> list. First, we got a lawyer in Europe to do some investigation, and the >>> inclusion of the email address on the blue sheet will lead to trouble with >>> the European privacy laws. Second, Ted Hardie suggested that we could >>> require a password to access the scanned blue sheet. >>> >>> Based on the European privacy law information, the use of email will result >>> in a major burden. If the email address is used, then we must provide a >>> way for people to ask for their email address to be remove at any time in >>> the future, even if we got prior approval to include it. Therefore, I >>> suggest that we collect organization affiliation to discriminate between >>> multiple people with the same name instead of email address. >>> >>> Based on Ted's suggestion, I checked with the Secretariat about using a >>> datatracker login to download the scanned blue sheet. This is fairly easy >>> to do, once the community tracking tools are deployed. However, with the >>> removal of the email addresses from the blue sheets, it is unclear that >>> there is any further need for password protection of these images. >>> Therefore, I suggest that we proceed without password protection for the >>> blue sheet images. >>> >>> Here is a summary of the suggested way forward: >>> >>> - Stop collecting email addresses on blue sheets; >>> >>> - Collect organization affiliation to discriminate between multiple >>> people with the same name; >>> >>> - Scan the blue sheets and include the images in the proceedings for >>> the WG session; >>> >>> - Add indication to top of the blue sheet so people know it will be >>> part of the proceedings; and >>> >>> - Discard paper blue sheets after scanning. >>> >>> Russ >>> >>> >>> On May 6, 2012, at 12:46 PM, IETF Chair wrote: >>> >>>> We have heard from many community participants, and consensus is quite >>>> rough on this topic. The IESG discussed this thread and reached two >>>> conclusions: >>>> >>>> (1) Rough consensus: an open and transparent standards process is more >>>> important to the IETF than privacy of blue sheet information. >>>> >>>> (2) Rough consensus: inclusion of email addresses is a good way to >>>> distinguish participants with the same or similar names. >>>> >>>> >>>> Based on these conclusions, the plan is to handle blue sheets as follows: >>>> >>>> - Continue to collect email addresses on blue sheets; >>>> >>>> - Scan the blue sheet and include the image in the proceedings for >>>> the WG session; >>>> >>>> - Add indication to top of the blue sheet so people know it will be >>>> part of the proceedings; and >>>> >>>> - Discard paper blue sheets after scanning. >>>> >>>> >>>> On behalf of the IESG, >>>> Russ >>>> >>> >> >> > > Scanned by Check Point Total Security Gateway.
Re: Future Handling of Blue Sheets
If the purpose is simply differentiation of people with the same names, could we not ask people to enter the last four digits of their IETF registration number, which would presumably be unique, while being easy to remember? The number could even be on your badge to always be easy to look up. Unless there's some reason to keep registration numbers private? That would also allow poorly handwritten names to more readily be checked/corrected by OCR when the sheets are scanned. Tim On 16 Jun 2012, at 04:50, Joel jaeggli wrote: > On 6/15/12 14:42 , edj@gmail.com wrote: >> I presume it is the same data that people input into the "Organization" >> field when they register for the meeting. > > I do change mine based on what capacity I'm attending a particular > meeting in. That goes for email address on existing blue sheets as well... > > The nice people who send me a check every two weeks don't generally fund > my attendance. > >> Regards, >> >> Ed J. >> >> -Original Message- >> From: Eric Burger >> Sender: ietf-boun...@ietf.org >> Date: Fri, 15 Jun 2012 17:37:50 >> To: IETF Chair >> Cc: IETF >> Subject: Re: Future Handling of Blue Sheets >> >> Do we have guidelines as to what is an "organization affiliation"? >> >> On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: >> >>> Two things have occurred since the message below as sent to the IETF mail >>> list. First, we got a lawyer in Europe to do some investigation, and the >>> inclusion of the email address on the blue sheet will lead to trouble with >>> the European privacy laws. Second, Ted Hardie suggested that we could >>> require a password to access the scanned blue sheet. >>> >>> Based on the European privacy law information, the use of email will result >>> in a major burden. If the email address is used, then we must provide a >>> way for people to ask for their email address to be remove at any time in >>> the future, even if we got prior approval to include it. Therefore, I >>> suggest that we collect organization affiliation to discriminate between >>> multiple people with the same name instead of email address. >>> >>> Based on Ted's suggestion, I checked with the Secretariat about using a >>> datatracker login to download the scanned blue sheet. This is fairly easy >>> to do, once the community tracking tools are deployed. However, with the >>> removal of the email addresses from the blue sheets, it is unclear that >>> there is any further need for password protection of these images. >>> Therefore, I suggest that we proceed without password protection for the >>> blue sheet images. >>> >>> Here is a summary of the suggested way forward: >>> >>> - Stop collecting email addresses on blue sheets; >>> >>> - Collect organization affiliation to discriminate between multiple people >>> with the same name; >>> >>> - Scan the blue sheets and include the images in the proceedings for the WG >>> session; >>> >>> - Add indication to top of the blue sheet so people know it will be part of >>> the proceedings; and >>> >>> - Discard paper blue sheets after scanning. >>> >>> Russ >>> >>> >>> On May 6, 2012, at 12:46 PM, IETF Chair wrote: >>> >>>> We have heard from many community participants, and consensus is quite >>>> rough on this topic. The IESG discussed this thread and reached two >>>> conclusions: >>>> >>>> (1) Rough consensus: an open and transparent standards process is more >>>> important to the IETF than privacy of blue sheet information. >>>> >>>> (2) Rough consensus: inclusion of email addresses is a good way to >>>> distinguish participants with the same or similar names. >>>> >>>> >>>> Based on these conclusions, the plan is to handle blue sheets as follows: >>>> >>>> - Continue to collect email addresses on blue sheets; >>>> >>>> - Scan the blue sheet and include the image in the proceedings for the WG >>>> session; >>>> >>>> - Add indication to top of the blue sheet so people know it will be part >>>> of the proceedings; and >>>> >>>> - Discard paper blue sheets after scanning. >>>> >>>> >>>> On behalf of the IESG, >>>> Russ >>>> >>> >> >> > >
Re: Future Handling of Blue Sheets
On 6/15/12 14:42 , edj@gmail.com wrote: > I presume it is the same data that people input into the "Organization" field > when they register for the meeting. I do change mine based on what capacity I'm attending a particular meeting in. That goes for email address on existing blue sheets as well... The nice people who send me a check every two weeks don't generally fund my attendance. > Regards, > > Ed J. > > -Original Message- > From: Eric Burger > Sender: ietf-boun...@ietf.org > Date: Fri, 15 Jun 2012 17:37:50 > To: IETF Chair > Cc: IETF > Subject: Re: Future Handling of Blue Sheets > > Do we have guidelines as to what is an "organization affiliation"? > > On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: > >> Two things have occurred since the message below as sent to the IETF mail >> list. First, we got a lawyer in Europe to do some investigation, and the >> inclusion of the email address on the blue sheet will lead to trouble with >> the European privacy laws. Second, Ted Hardie suggested that we could >> require a password to access the scanned blue sheet. >> >> Based on the European privacy law information, the use of email will result >> in a major burden. If the email address is used, then we must provide a way >> for people to ask for their email address to be remove at any time in the >> future, even if we got prior approval to include it. Therefore, I suggest >> that we collect organization affiliation to discriminate between multiple >> people with the same name instead of email address. >> >> Based on Ted's suggestion, I checked with the Secretariat about using a >> datatracker login to download the scanned blue sheet. This is fairly easy >> to do, once the community tracking tools are deployed. However, with the >> removal of the email addresses from the blue sheets, it is unclear that >> there is any further need for password protection of these images. >> Therefore, I suggest that we proceed without password protection for the >> blue sheet images. >> >> Here is a summary of the suggested way forward: >> >> - Stop collecting email addresses on blue sheets; >> >> - Collect organization affiliation to discriminate between multiple people >> with the same name; >> >> - Scan the blue sheets and include the images in the proceedings for the WG >> session; >> >> - Add indication to top of the blue sheet so people know it will be part of >> the proceedings; and >> >> - Discard paper blue sheets after scanning. >> >> Russ >> >> >> On May 6, 2012, at 12:46 PM, IETF Chair wrote: >> >>> We have heard from many community participants, and consensus is quite >>> rough on this topic. The IESG discussed this thread and reached two >>> conclusions: >>> >>> (1) Rough consensus: an open and transparent standards process is more >>> important to the IETF than privacy of blue sheet information. >>> >>> (2) Rough consensus: inclusion of email addresses is a good way to >>> distinguish participants with the same or similar names. >>> >>> >>> Based on these conclusions, the plan is to handle blue sheets as follows: >>> >>> - Continue to collect email addresses on blue sheets; >>> >>> - Scan the blue sheet and include the image in the proceedings for the WG >>> session; >>> >>> - Add indication to top of the blue sheet so people know it will be part of >>> the proceedings; and >>> >>> - Discard paper blue sheets after scanning. >>> >>> >>> On behalf of the IESG, >>> Russ >>> >> > >
RE: Future Handling of Blue Sheets
I've always found that term in that context highly presumptuous and slightly offensive. Adrian > -Original Message- > From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of > edj@gmail.com > Sent: 15 June 2012 22:43 > To: Eric Burger; ietf-boun...@ietf.org; IETF Chair > Cc: IETF > Subject: Re: Future Handling of Blue Sheets > > I presume it is the same data that people input into the "Organization" field when > they register for the meeting. > > Regards, > > Ed J. > > -Original Message- > From: Eric Burger > Sender: ietf-boun...@ietf.org > Date: Fri, 15 Jun 2012 17:37:50 > To: IETF Chair > Cc: IETF > Subject: Re: Future Handling of Blue Sheets > > Do we have guidelines as to what is an "organization affiliation"? > > On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: > > > Two things have occurred since the message below as sent to the IETF mail list. > First, we got a lawyer in Europe to do some investigation, and the inclusion of the > email address on the blue sheet will lead to trouble with the European privacy > laws. Second, Ted Hardie suggested that we could require a password to access > the scanned blue sheet. > > > > Based on the European privacy law information, the use of email will result in a > major burden. If the email address is used, then we must provide a way for > people to ask for their email address to be remove at any time in the future, > even if we got prior approval to include it. Therefore, I suggest that we collect > organization affiliation to discriminate between multiple people with the same > name instead of email address. > > > > Based on Ted's suggestion, I checked with the Secretariat about using a > datatracker login to download the scanned blue sheet. This is fairly easy to do, > once the community tracking tools are deployed. However, with the removal of > the email addresses from the blue sheets, it is unclear that there is any further > need for password protection of these images. Therefore, I suggest that we > proceed without password protection for the blue sheet images. > > > > Here is a summary of the suggested way forward: > > > > - Stop collecting email addresses on blue sheets; > > > > - Collect organization affiliation to discriminate between multiple people with > the same name; > > > > - Scan the blue sheets and include the images in the proceedings for the WG > session; > > > > - Add indication to top of the blue sheet so people know it will be part of the > proceedings; and > > > > - Discard paper blue sheets after scanning. > > > > Russ > > > > > > On May 6, 2012, at 12:46 PM, IETF Chair wrote: > > > >> We have heard from many community participants, and consensus is quite > rough on this topic. The IESG discussed this thread and reached two conclusions: > >> > >> (1) Rough consensus: an open and transparent standards process is more > important to the IETF than privacy of blue sheet information. > >> > >> (2) Rough consensus: inclusion of email addresses is a good way to distinguish > participants with the same or similar names. > >> > >> > >> Based on these conclusions, the plan is to handle blue sheets as follows: > >> > >> - Continue to collect email addresses on blue sheets; > >> > >> - Scan the blue sheet and include the image in the proceedings for the WG > session; > >> > >> - Add indication to top of the blue sheet so people know it will be part of the > proceedings; and > >> > >> - Discard paper blue sheets after scanning. > >> > >> > >> On behalf of the IESG, > >> Russ > >> > >
Re: Future Handling of Blue Sheets
I presume it is the same data that people input into the "Organization" field when they register for the meeting. Regards, Ed J. -Original Message- From: Eric Burger Sender: ietf-boun...@ietf.org Date: Fri, 15 Jun 2012 17:37:50 To: IETF Chair Cc: IETF Subject: Re: Future Handling of Blue Sheets Do we have guidelines as to what is an "organization affiliation"? On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: > Two things have occurred since the message below as sent to the IETF mail > list. First, we got a lawyer in Europe to do some investigation, and the > inclusion of the email address on the blue sheet will lead to trouble with > the European privacy laws. Second, Ted Hardie suggested that we could > require a password to access the scanned blue sheet. > > Based on the European privacy law information, the use of email will result > in a major burden. If the email address is used, then we must provide a way > for people to ask for their email address to be remove at any time in the > future, even if we got prior approval to include it. Therefore, I suggest > that we collect organization affiliation to discriminate between multiple > people with the same name instead of email address. > > Based on Ted's suggestion, I checked with the Secretariat about using a > datatracker login to download the scanned blue sheet. This is fairly easy to > do, once the community tracking tools are deployed. However, with the > removal of the email addresses from the blue sheets, it is unclear that there > is any further need for password protection of these images. Therefore, I > suggest that we proceed without password protection for the blue sheet images. > > Here is a summary of the suggested way forward: > > - Stop collecting email addresses on blue sheets; > > - Collect organization affiliation to discriminate between multiple people > with the same name; > > - Scan the blue sheets and include the images in the proceedings for the WG > session; > > - Add indication to top of the blue sheet so people know it will be part of > the proceedings; and > > - Discard paper blue sheets after scanning. > > Russ > > > On May 6, 2012, at 12:46 PM, IETF Chair wrote: > >> We have heard from many community participants, and consensus is quite rough >> on this topic. The IESG discussed this thread and reached two conclusions: >> >> (1) Rough consensus: an open and transparent standards process is more >> important to the IETF than privacy of blue sheet information. >> >> (2) Rough consensus: inclusion of email addresses is a good way to >> distinguish participants with the same or similar names. >> >> >> Based on these conclusions, the plan is to handle blue sheets as follows: >> >> - Continue to collect email addresses on blue sheets; >> >> - Scan the blue sheet and include the image in the proceedings for the WG >> session; >> >> - Add indication to top of the blue sheet so people know it will be part of >> the proceedings; and >> >> - Discard paper blue sheets after scanning. >> >> >> On behalf of the IESG, >> Russ >> >
Re: Future Handling of Blue Sheets
Do we have guidelines as to what is an "organization affiliation"? On Jun 14, 2012, at 5:26 PM, IETF Chair wrote: > Two things have occurred since the message below as sent to the IETF mail > list. First, we got a lawyer in Europe to do some investigation, and the > inclusion of the email address on the blue sheet will lead to trouble with > the European privacy laws. Second, Ted Hardie suggested that we could > require a password to access the scanned blue sheet. > > Based on the European privacy law information, the use of email will result > in a major burden. If the email address is used, then we must provide a way > for people to ask for their email address to be remove at any time in the > future, even if we got prior approval to include it. Therefore, I suggest > that we collect organization affiliation to discriminate between multiple > people with the same name instead of email address. > > Based on Ted's suggestion, I checked with the Secretariat about using a > datatracker login to download the scanned blue sheet. This is fairly easy to > do, once the community tracking tools are deployed. However, with the > removal of the email addresses from the blue sheets, it is unclear that there > is any further need for password protection of these images. Therefore, I > suggest that we proceed without password protection for the blue sheet images. > > Here is a summary of the suggested way forward: > > - Stop collecting email addresses on blue sheets; > > - Collect organization affiliation to discriminate between multiple people > with the same name; > > - Scan the blue sheets and include the images in the proceedings for the WG > session; > > - Add indication to top of the blue sheet so people know it will be part of > the proceedings; and > > - Discard paper blue sheets after scanning. > > Russ > > > On May 6, 2012, at 12:46 PM, IETF Chair wrote: > >> We have heard from many community participants, and consensus is quite rough >> on this topic. The IESG discussed this thread and reached two conclusions: >> >> (1) Rough consensus: an open and transparent standards process is more >> important to the IETF than privacy of blue sheet information. >> >> (2) Rough consensus: inclusion of email addresses is a good way to >> distinguish participants with the same or similar names. >> >> >> Based on these conclusions, the plan is to handle blue sheets as follows: >> >> - Continue to collect email addresses on blue sheets; >> >> - Scan the blue sheet and include the image in the proceedings for the WG >> session; >> >> - Add indication to top of the blue sheet so people know it will be part of >> the proceedings; and >> >> - Discard paper blue sheets after scanning. >> >> >> On behalf of the IESG, >> Russ >> >
Re: Future Handling of Blue Sheets
Two things have occurred since the message below as sent to the IETF mail list. First, we got a lawyer in Europe to do some investigation, and the inclusion of the email address on the blue sheet will lead to trouble with the European privacy laws. Second, Ted Hardie suggested that we could require a password to access the scanned blue sheet. Based on the European privacy law information, the use of email will result in a major burden. If the email address is used, then we must provide a way for people to ask for their email address to be remove at any time in the future, even if we got prior approval to include it. Therefore, I suggest that we collect organization affiliation to discriminate between multiple people with the same name instead of email address. Based on Ted's suggestion, I checked with the Secretariat about using a datatracker login to download the scanned blue sheet. This is fairly easy to do, once the community tracking tools are deployed. However, with the removal of the email addresses from the blue sheets, it is unclear that there is any further need for password protection of these images. Therefore, I suggest that we proceed without password protection for the blue sheet images. Here is a summary of the suggested way forward: - Stop collecting email addresses on blue sheets; - Collect organization affiliation to discriminate between multiple people with the same name; - Scan the blue sheets and include the images in the proceedings for the WG session; - Add indication to top of the blue sheet so people know it will be part of the proceedings; and - Discard paper blue sheets after scanning. Russ On May 6, 2012, at 12:46 PM, IETF Chair wrote: > We have heard from many community participants, and consensus is quite rough > on this topic. The IESG discussed this thread and reached two conclusions: > > (1) Rough consensus: an open and transparent standards process is more > important to the IETF than privacy of blue sheet information. > > (2) Rough consensus: inclusion of email addresses is a good way to > distinguish participants with the same or similar names. > > > Based on these conclusions, the plan is to handle blue sheets as follows: > > - Continue to collect email addresses on blue sheets; > > - Scan the blue sheet and include the image in the proceedings for the WG > session; > > - Add indication to top of the blue sheet so people know it will be part of > the proceedings; and > > - Discard paper blue sheets after scanning. > > > On behalf of the IESG, > Russ >
Re: Future Handling of Blue Sheets
> For what it is worth, here is my opinion on this subject (which I was > asked to post here). > > I see possible privacy law problems with posting the blue sheets, so > I would not. > > I see a good reason to scan and have images of new blue sheets, make > it easier to respond to subpoenas. > > I do see a historical benefit to keeping the blue sheets (as blue > sheets, not just scans), and the expense > of doing so is minimal, so I would urge that their archiving be continued. During the IESG off-site meeting, this topic received quite a bit of discussion. The IESG recognized that blue sheet information is valuable for peer pressure to abide by the IPR rules. In contrast, I understand the concerns that have been raised on this thread. As a result, I am looking into a mechanism where a datatracker password is needed to get the blue sheet images. This would be the same password that an IETF community participant will to use with the soon-to-be-released Internet-Draft Tracking features (see RFC 6293). These accounts are available to anyone; however, the need for an account to access blue sheet images raises the bar for access. Additionally, the need for an account will keep the blue sheet images hidden from web crawlers. Thanks to Ted hardie for the question that lead to this potential solution. Russ
Re: Future Handling of Blue Sheets
On May 24, 2012, at 16:12, Marshall Eubanks wrote: > For what it is worth, here is my opinion on this subject (which I was > asked to post here). > > I see possible privacy law problems with posting the blue sheets, so > I would not. > > I see a good reason to scan and have images of new blue sheets, make > it easier to respond to subpoenas. > > I do see a historical benefit to keeping the blue sheets (as blue > sheets, not just scans), and the expense > of doing so is minimal, so I would urge that their archiving be continued. To me this seems to be the compelling, non-surprising result of this discussion. We don't need another 100 messages to finally arrive at the same result. So it would help if the responsible I* would make a decision, please. Grüße, Carsten
Re: Future Handling of Blue Sheets
For what it is worth, here is my opinion on this subject (which I was asked to post here). I see possible privacy law problems with posting the blue sheets, so I would not. I see a good reason to scan and have images of new blue sheets, make it easier to respond to subpoenas. I do see a historical benefit to keeping the blue sheets (as blue sheets, not just scans), and the expense of doing so is minimal, so I would urge that their archiving be continued. Regards Marshall On Thu, May 10, 2012 at 6:11 PM, SM wrote: > Hi John, > > At 11:31 10-05-2012, John C Klensin wrote: >> >> participate in any way in an affected WG. I hate the idea of >> the community getting embroiled in accusations and >> counter-accusations but one advantage to a working IPR policy >> (as well as general openness) of publishing the blue sheets is > > > I am fine either way with the handling of the blue sheets. I am also fine > with whatever the IESG decides (on this topic only :-)). This topic has > been sold as a matter of openness. The question can be traced back to > newspaperization. In those days, propagation of information was localized. > Nowadays, it can be globalized. That can be good; it can also be bad. > > The scrawls from the blue sheets will be accessible after around a month. > Should the world be able to find out that: > > (i) you were in Paris > > (ii) you attended the EAI session > > Now let's assume that the work is covered by one of your inventions. > Although you were in that session according to the blue sheets, you did not > participate in the discussion according to the minutes (the analogy is that > you are subscribed to the mailing list but you have not posted any > messages). Do you have to file an IPR disclosure? > > Coming back to being open and transparent, the IETF tends to have a variable > stance on that. Exposing information allows other people to evaluate > fairness, whether there is conflict of interest, etc. It does not always > work out well; some people may be unhappy, offended or uncomfortable. If > you look at the list of WGs being tracked, you will notice that some people > provided the information, some didn't. I didn't ask why. As a quick > thought, I guess that people are uneasy with the idea of the information > being publicized to the world or they used the default, this information is > not relevant to any random person. > > Let's ignore the IPR argument. What question(s) should one ask in setting > the boundaries for open and transparent? > > Regards, > -sm
Re: [IETF] Re: Future Handling of Blue Sheets
On 05/10/2012 09:49 PM, Martin Rex wrote: Warren Kumari wrote: -- if you are active in the IETF (or even if you aren't), you email address is already known to the spammers. Our lists, and list archives are all public If the blue sheets would _only_ contain PII that is _already_available_ in other places, then we should stop creating them in the first place. The arguments of the folks that want to see it published is that these sheet contain PII that is _not_yet_published_. Which means we're talking past each other. -Martin Not even that: the information which is on a blue sheet is not the same as the information that the former is on the blue sheet. The arguments to publish them, even to keep them secret as today, begin to sound close to (or stink like) those used to justify to store travel information, mobile phone tracking, etc etc. The number of participants in a meeting can be counted to get an idea for meeting planning, and then the blue sheets should be distroyed. Or, no blue sheets at all, the chairman makes a rough count and this number, announces it at the end, and it is put into the minutes. could the persons who are in favor of publishing confirm that they don't work for spam companies, secret services ... :-) Anyway, adding an X and an unreadable address on a blue sheet remains always an option. It serves the purpose of meeting preparation. I did not had the impression that there was "rough consensus" for any change. it's weekend :-)
Re: Future Handling of Blue Sheets
Hi John, At 11:31 10-05-2012, John C Klensin wrote: participate in any way in an affected WG. I hate the idea of the community getting embroiled in accusations and counter-accusations but one advantage to a working IPR policy (as well as general openness) of publishing the blue sheets is I am fine either way with the handling of the blue sheets. I am also fine with whatever the IESG decides (on this topic only :-)). This topic has been sold as a matter of openness. The question can be traced back to newspaperization. In those days, propagation of information was localized. Nowadays, it can be globalized. That can be good; it can also be bad. The scrawls from the blue sheets will be accessible after around a month. Should the world be able to find out that: (i) you were in Paris (ii) you attended the EAI session Now let's assume that the work is covered by one of your inventions. Although you were in that session according to the blue sheets, you did not participate in the discussion according to the minutes (the analogy is that you are subscribed to the mailing list but you have not posted any messages). Do you have to file an IPR disclosure? Coming back to being open and transparent, the IETF tends to have a variable stance on that. Exposing information allows other people to evaluate fairness, whether there is conflict of interest, etc. It does not always work out well; some people may be unhappy, offended or uncomfortable. If you look at the list of WGs being tracked, you will notice that some people provided the information, some didn't. I didn't ask why. As a quick thought, I guess that people are uneasy with the idea of the information being publicized to the world or they used the default, this information is not relevant to any random person. Let's ignore the IPR argument. What question(s) should one ask in setting the boundaries for open and transparent? Regards, -sm
Re: [IETF] Re: Future Handling of Blue Sheets
Warren Kumari wrote: > > -- if you are active in the IETF (or even if you aren't), you email > address is already known to the spammers. Our lists, and list archives > are all public If the blue sheets would _only_ contain PII that is _already_available_ in other places, then we should stop creating them in the first place. The arguments of the folks that want to see it published is that these sheet contain PII that is _not_yet_published_. Which means we're talking past each other. -Martin
Re: [IETF] Re: Future Handling of Blue Sheets
On May 10, 2012, at 1:42 PM, Melinda Shore wrote: > On 5/10/12 9:32 AM, Martin Rex wrote: >> There has never been a need to actively broadcast these massive amounts >> of personally identifiable information (PII), and I haven't seen any >> convincing rationale for doing it now. > > To be honest, "I don't want to receive more spam" and "My boss might > find out I skipped a session" are not reasons not to be open about > who's participating in sessions, particularly as we drift towards a > meetings/voting model. I understand sensitivity about broadcasting > travel plans but in general some of the arguments being offered for > being a less open organization with a less open process are drifting > into "The FBI implanted a radio transmitter in my teeth" territory, > and it seems to me that making blue sheets available after meetings > does not reveal much PII beyond what's already available on the mailing > lists. Oh dear, oh dear oh dear…. I've been trying hard to stay out of this discussion, but finally cannot anymore… I fully agree with Melinda here -- if you are active in the IETF (or even if you aren't), you email address is already known to the spammers. Our lists, and list archives are all public -- if you think that you are important enough that spammers would download and OCR blue sheets to get your address, you are A: out of touch with the current spam model and / or b: believe that you are much more important than you really are... If you are concerned that your bossman might figure out that you skipped a session -- well, here's an idea, actually two: 1: work somewhere where you manager trusts you enough to do what's in the best interests of the organization (and then do so) and / or 2: attend the friggin' sessions. Presumably you flew half way round the world to participate, not to drink espressos in some new and exotic city. For the record: 1: My email addresses are war...@kumari.net, wkum...@google.com, wkum...@gmail.com, war...@snozzages.com and ... 2: I was sitting in seat 3A in room 243 at 15:25 on TUESDAY, March 27, 2012. I cannot remember what I was wearing, but it probably involved a t-shirt, sandals and some kind of hat. When you invent a time machines and travel back, you should be able to find me there.. 3: I didn't attend a single session on Afternoon Session I, WEDNESDAY, March 28, 2012 (I feel that I have gotten much much rantier than intended, but, oh well…) W [0]: and mailman's super secure s/war...@kumari.net/warren at kumari.net/ was figured out a long time ago! > > There's a serious question here about tradeoffs between privacy and > openness. Openness is not just a core institutional value (although > it is one - do not forget that), but it's also a defense against > charges of collusion, which, unfortunately, we've been seeing. > > Melinda >
Re: Future Handling of Blue Sheets
John C Klensin wrote: > > I hate the idea of the community getting embroiled in accusations and > counter-accusations but one advantage to a working IPR policy > (as well as general openness) of publishing the blue sheets is > the ability to notice and send reminder notes of the form of > "hey, I think I say you in WG FooBar and you've mentioned that > your company is doing work in the area, did you accidentally > forget to sign the blue sheet". Of course, that means there is > one missing part of the current IESG picture and that is the > ability of people to add their names (perhaps as errata) to the > published blue sheets if an omission was unintentional. I think this blowing the issue out of proportion. Do you want to require anyone listening to the audio stream from the IETF Meeting (realtime or from the archive) to sign up with name first and append it to the blue sheet? I attended a few IETF meetings in person during 1995-1998 plus one in 2000 and since then I've only been remotely participating if at all. While I did go to the meetings of WGs I actively participated & signed the blue sheets there, I attended several other WG meetings. In case I attended primarily out of curiosity, I sometimes came late, sometimes left early, and rarely signed blue sheets. The idea behind this is "cross-pollination", something that the ADs of the security area had been actively advocating for. If the IESG decides it wants to publish the blue sheets, that may result in attendees to deliberately not sign it or sign with fake data, which may impair the usefulness of the blue sheets. -Martin
Re: Future Handling of Blue Sheets
--On Thursday, May 10, 2012 09:42 -0800 Melinda Shore wrote: > On 5/10/12 9:32 AM, Martin Rex wrote: >> There has never been a need to actively broadcast these >> massive amounts of personally identifiable information (PII), >> and I haven't seen any convincing rationale for doing it now. > > To be honest, "I don't want to receive more spam" and "My boss > might > find out I skipped a session" are not reasons not to be open > about > who's participating in sessions, particularly as we drift > towards a > meetings/voting model. I understand sensitivity about > broadcasting > travel plans but in general some of the arguments being > offered for > being a less open organization with a less open process are > drifting > into "The FBI implanted a radio transmitter in my teeth" > territory, > and it seems to me that making blue sheets available after > meetings > does not reveal much PII beyond what's already available on > the mailing > lists. > > There's a serious question here about tradeoffs between > privacy and > openness. Openness is not just a core institutional value > (although > it is one - do not forget that), but it's also a defense > against > charges of collusion, which, unfortunately, we've been seeing. +1 Also, please note that there is an interaction between this and draft-farrresnickel-ipr-sanctions (now in Last Call). Regardless of the other issues with that particular proposal, the only real way to escape the IETF's IPR disclosure requirements about something of which one is aware is to not participate in any way in an affected WG. I hate the idea of the community getting embroiled in accusations and counter-accusations but one advantage to a working IPR policy (as well as general openness) of publishing the blue sheets is the ability to notice and send reminder notes of the form of "hey, I think I say you in WG FooBar and you've mentioned that your company is doing work in the area, did you accidentally forget to sign the blue sheet". Of course, that means there is one missing part of the current IESG picture and that is the ability of people to add their names (perhaps as errata) to the published blue sheets if an omission was unintentional. john
Re: Future Handling of Blue Sheets
On May 10, 2012, at 8:42 PM, Melinda Shore wrote: > On 5/10/12 9:32 AM, Martin Rex wrote: >> There has never been a need to actively broadcast these massive amounts >> of personally identifiable information (PII), and I haven't seen any >> convincing rationale for doing it now. > > To be honest, "I don't want to receive more spam" and "My boss might > find out I skipped a session" are not reasons not to be open about > who's participating in sessions, particularly as we drift towards a > meetings/voting model. Participating is one thing. Presence is another. Reporting that I spoke up against the hard-fail requirement at Websec is part of the openness. Reporting that I was at SCIM, where I never once approached the microphone is not. > I understand sensitivity about broadcasting > travel plans but in general some of the arguments being offered for > being a less open organization with a less open process are drifting > into "The FBI implanted a radio transmitter in my teeth" territory, > and it seems to me that making blue sheets available after meetings > does not reveal much PII beyond what's already available on the mailing > lists. The FBI needn't bother. They can just read the blue sheets :-) > There's a serious question here about tradeoffs between privacy and > openness. Openness is not just a core institutional value (although > it is one - do not forget that), but it's also a defense against > charges of collusion, which, unfortunately, we've been seeing. And how does the existence of such a lame attempt to list attendees help in this? Yoav
Re: Future Handling of Blue Sheets
On 5/10/12 9:32 AM, Martin Rex wrote: There has never been a need to actively broadcast these massive amounts of personally identifiable information (PII), and I haven't seen any convincing rationale for doing it now. To be honest, "I don't want to receive more spam" and "My boss might find out I skipped a session" are not reasons not to be open about who's participating in sessions, particularly as we drift towards a meetings/voting model. I understand sensitivity about broadcasting travel plans but in general some of the arguments being offered for being a less open organization with a less open process are drifting into "The FBI implanted a radio transmitter in my teeth" territory, and it seems to me that making blue sheets available after meetings does not reveal much PII beyond what's already available on the mailing lists. There's a serious question here about tradeoffs between privacy and openness. Openness is not just a core institutional value (although it is one - do not forget that), but it's also a defense against charges of collusion, which, unfortunately, we've been seeing. Melinda
Re: Future Handling of Blue Sheets
Melinda Shore wrote: > > On 5/10/12 5:04 AM, Martin Rex wrote: > > Peter Sylvester wrote: > >> On 05/10/2012 11:17 AM, David Morris wrote: > >>> I object to the quantum change in ease of access and persistence of the > >>> information. I see way too much aggregation of personal information and > >>> don't think open-ness is justification for increasing that potential. > >> +1 > > +1 > > I disagree rather strongly. This is an open standards body with an open > process, and I think if we're going to change that it needs to be as a > result of a more general discussion rather than simply chipping away > around the edges. There has never been a need to actively broadcast these massive amounts of personally identifiable information (PII), and I haven't seen any convincing rationale for doing it now. Whenever dealing with PII the most responsible action is to distribute it only when a real need has been demonstrated. When publishing information on the internet, it is not possible to undo it, so it is better to err on the safe side for PII. -Martin
Re: Future Handling of Blue Sheets
On Thu, May 10, 2012 at 2:17 AM, David Morris wrote: > One of the ways we deal with SPAM and DOS attacks is to intentionally slow > the process. Ted's proposal would be vastly improved with the provision > that access, once authenticated, was delayed approximately the same > amount of time as the current manual process. Propably with some > form of the failed login approach ... maximum requests per week or > other similar unit of time. > Just as a point of clarification, I did not actually make a proposal; I asked whether the IESG had considered using making them available outside the proceedings and other a different set of terms of use. I would be happy to make an actual proposal if the IESG decides it is willing to consider that approach, but I'm not going to bother drafting such a thing if they are firmly convinced that the proceedings are the right way to go. regards, Ted
Re: Future Handling of Blue Sheets
On 5/10/12 5:04 AM, Martin Rex wrote: Peter Sylvester wrote: On 05/10/2012 11:17 AM, David Morris wrote: I object to the quantum change in ease of access and persistence of the information. I see way too much aggregation of personal information and don't think open-ness is justification for increasing that potential. +1 +1 I disagree rather strongly. This is an open standards body with an open process, and I think if we're going to change that it needs to be as a result of a more general discussion rather than simply chipping away around the edges. Melinda
Re: Future Handling of Blue Sheets
(top post) Tobias, Constructing and then attacking strawmen is not helpful. As far as I know, no one has proposed making blue sheet information --and hence precise location information for identified individuals-- available to the public in real time during the meetings. As one of, I assume, many members of this community who will not broadcast my travel plans to social networks, etc., until after I return home, I would strenuously object to any such thing but, again, as far as I know, no one proposed it. john --On Thursday, May 10, 2012 14:23 +0800 Tobias Gondrom wrote: > Dear Russ, > > please forgive me for adding one more comment on that after > you judged on rough consensus. > > As you said this rough consensus is quite rough (if we may > call it "rough consensus"). > I would like to point out two things: > 1. the statement "(1) Rough consensus: an open and transparent > standards process is more important to the IETF than privacy > of blue sheet information." puts transparent process in > competition with privacy. This is misleading, because there is > no contradiction between an open and transparent process and > privacy of personal information on this one. For example the > availability of blue sheet information on request by an > authenticated person does allow full transparency without > broadcasting the personal location information. (e.g. see also > Ted's proposal from yesterday) > (Furthermore, if I would be devil's advocate, I would question > this comparison even further, because it could be misread as > stating that the current standards process as it is today > (with blue sheets on request) is not open or transparent...) > > 2. if consensus is so rough, we should also consider that the > subject of the email discussion was maybe not clear enough > about its impact to inform the audience of the consequences of > the discussion and the consensus to be measured. We could > equally have used a subject like this: "IETF wants to publish > your specific locations / whereabouts (within 10m) on an > 2-hourly basis during the day for each meeting and keep this > information available published on the website indefinitely." > It might have resulted in a different rough consensus.
Re: Future Handling of Blue Sheets
Peter Sylvester wrote: > > On 05/10/2012 11:17 AM, David Morris wrote: > > I object to the quantum change in ease of access and persistence of the > > information. I see way too much aggregation of personal information and > > don't think open-ness is justification for increasing that potential. > > > +1 +1
Re: Future Handling of Blue Sheets
On 05/10/2012 11:17 AM, David Morris wrote: I object to the quantum change in ease of access and persistence of the information. I see way too much aggregation of personal information and don't think open-ness is justification for increasing that potential. +1
Re: Future Handling of Blue Sheets
+1 Agree with Yoav. BR, Tobias On 10/05/12 17:35, Yoav Nir wrote: On May 10, 2012, at 12:10 PM, Doug Barton wrote: On 5/10/2012 1:48 AM, Tobias Gondrom wrote: What I dispute is that "make available to those who are interested" necessarily leads to the need to broadcast the data (i.e. publish in the proceedings). What is the harm you are trying to guard against by requiring the request? Well, there's the obvious issue of spam, although this post that I'm making right now provides my email address to the spammers in a much more convenient form. It's also convenient for headhunters. It also allows my employer to check whether I really went to sessions instead of just touring Paris. Is it the business of the IETF to help in these activities? I still don't get why you would want this published. My name on a blue sheet could mean that I was presenting for half the session, or that I was at the mike telling people they were wrong, or just sitting quietly in the back minding my own business and reading email. Blue sheets (unlike minutes and jabber logs) don't make such a distinction. Or, to take a completely different tack, given that there are a non-zero number of people who think the data should be published, how do you intend to deal with someone who makes the request, and then puts it up on their own website? I think this would be a copyright violation, unless the IETF specifically authorized them to do so (which it shouldn't). I don't think the IETF should prosecute, but it's still a violation. I don't hesitate to criticize when I think that the IESG gets it wrong, but in this case I think they threaded the needle about as well as it could be threaded. I think that needle should not be threaded at all. A list of participants should maybe be kept (scanned or not) but never published without subpoena, just as it is now. I don't see any reason why publishing it (as opposed to recording actual participation) is a requirement for an open process. Yoav
Re: Future Handling of Blue Sheets
Doug, you are right in the end I can not prevent someone else from publishing this. Even today a party that subpoena'ed them might publish the data. (Or a person might just take a photo of the blue sheet in the room and publish that...) Of course we can not control other people's actions, however the question remains whether we (as the IETF) do publish that data and how easy/fast we make it for others to publish that data. Just to be clear, I agree basically with most of the proposal from the IESG.* But when it comes to privacy I think we must be extremely careful and conservative with information, only releasing information where it really adds benefit to transparency. Because once released, it's impossible to get it back. Thinking about how to thread the needle (as you put it), I don't agree that the current proposal is optimal, and I would reiterate my proposal to not publish the bluesheets in the proceedings but to make them available to an individual upon email request to the IETF secretariat, providing name and email of the requesting person (and with a disclaimer in the IETF answer that this information is not meant to be re-published to the public (note I intentionally say "public", i.e. sharing among groups would still be ok.)). If we are worried about high volumes of requests, I would like to ask for more information on current volumes of subpoenas and why we get high volumes in the future. And if it's really too cumbersome for a person to answer the requests, we could then still discuss to use an email account based request system (IETF tools login) as proposed by Ted yesterday. Best regards, Tobias Ps.: *just as a disclaimer regarding the scanning part of the IESG proposal: I like it, but IMHO I would be slightly more cautious than the IETF counsel with the admissibility of scanned documents in court compared to paper originals. I've experienced quite some cases and legal discussions around value of proof of scanned documents - what I basically learned there was: scanning is ok in most IP jurisdictions, but handling the scanned data must use well documented procedures and access controls to keep the same level of non-repudiation of integrity and authenticity later in court. On 10/05/12 17:10, Doug Barton wrote: On 5/10/2012 1:48 AM, Tobias Gondrom wrote: What I dispute is that "make available to those who are interested" necessarily leads to the need to broadcast the data (i.e. publish in the proceedings). What is the harm you are trying to guard against by requiring the request? Or, to take a completely different tack, given that there are a non-zero number of people who think the data should be published, how do you intend to deal with someone who makes the request, and then puts it up on their own website? I don't hesitate to criticize when I think that the IESG gets it wrong, but in this case I think they threaded the needle about as well as it could be threaded. Doug
Re: Future Handling of Blue Sheets
On May 10, 2012, at 12:10 PM, Doug Barton wrote: > On 5/10/2012 1:48 AM, Tobias Gondrom wrote: >> What I dispute is that "make available to those who are interested" >> necessarily leads to the need to broadcast the data (i.e. publish in the >> proceedings). > > What is the harm you are trying to guard against by requiring the request? Well, there's the obvious issue of spam, although this post that I'm making right now provides my email address to the spammers in a much more convenient form. It's also convenient for headhunters. It also allows my employer to check whether I really went to sessions instead of just touring Paris. Is it the business of the IETF to help in these activities? I still don't get why you would want this published. My name on a blue sheet could mean that I was presenting for half the session, or that I was at the mike telling people they were wrong, or just sitting quietly in the back minding my own business and reading email. Blue sheets (unlike minutes and jabber logs) don't make such a distinction. > Or, to take a completely different tack, given that there are a non-zero > number of people who think the data should be published, how do you > intend to deal with someone who makes the request, and then puts it up > on their own website? I think this would be a copyright violation, unless the IETF specifically authorized them to do so (which it shouldn't). I don't think the IETF should prosecute, but it's still a violation. > I don't hesitate to criticize when I think that the IESG gets it wrong, > but in this case I think they threaded the needle about as well as it > could be threaded. I think that needle should not be threaded at all. A list of participants should maybe be kept (scanned or not) but never published without subpoena, just as it is now. I don't see any reason why publishing it (as opposed to recording actual participation) is a requirement for an open process. Yoav
Re: Future Handling of Blue Sheets
On Thu, 10 May 2012, Tobias Gondrom wrote: > On 10/05/12 16:35, John C Klensin wrote: > > But it seems to me that takes us back to Russ's summary in that > > it is normal, and arguably necessary, for a standards body to > > record --and make available to those who are interested-- the > > identities of those participating in meetings. > > I do not dispute that. > What I dispute is that "make available to those who are interested" > necessarily leads to the need to broadcast the data (i.e. publish in the > proceedings). > As we did in the past, we can equally achieve this openness by requiring that > an interested person requests this data (including then providing his own > identify) as we do at the moment. I object to the quantum change in ease of access and persistence of the information. I see way too much aggregation of personal information and don't think open-ness is justification for increasing that potential. One of the ways we deal with SPAM and DOS attacks is to intentionally slow the process. Ted's proposal would be vastly improved with the provision that access, once authenticated, was delayed approximately the same amount of time as the current manual process. Propably with some form of the failed login approach ... maximum requests per week or other similar unit of time. David Morris
Re: Future Handling of Blue Sheets
On 5/10/2012 1:48 AM, Tobias Gondrom wrote: > What I dispute is that "make available to those who are interested" > necessarily leads to the need to broadcast the data (i.e. publish in the > proceedings). What is the harm you are trying to guard against by requiring the request? Or, to take a completely different tack, given that there are a non-zero number of people who think the data should be published, how do you intend to deal with someone who makes the request, and then puts it up on their own website? I don't hesitate to criticize when I think that the IESG gets it wrong, but in this case I think they threaded the needle about as well as it could be threaded. Doug -- If you're never wrong, you're not trying hard enough
Re: Future Handling of Blue Sheets
On 10/05/12 16:35, John C Klensin wrote: --On Thursday, May 10, 2012 15:59 +0800 Tobias Gondrom wrote: John, sorry, maybe I did not articulate myself precisely enough. I did not intend to say it would be published in real-time. What I wanted to communicate is that we would collect that data only during daytime and only with 2hours-granularity as it's only meeting attendance in which room you are (and publish it at any point in time later). However, we would keep it public indefinitely (in the proceedings). Good. My apologies for misunderstanding your intent. Like you, I am very cautious about broadcasting my travel plans. Plus, I am not only concerned about in advance and real-time, but also about broadcasting to the public places I've been in the past (or for that matter any personal information). But it seems to me that takes us back to Russ's summary in that it is normal, and arguably necessary, for a standards body to record --and make available to those who are interested-- the identities of those participating in meetings. I do not dispute that. What I dispute is that "make available to those who are interested" necessarily leads to the need to broadcast the data (i.e. publish in the proceedings). As we did in the past, we can equally achieve this openness by requiring that an interested person requests this data (including then providing his own identify) as we do at the moment. Best regards, Tobias best regards, john
Re: Future Handling of Blue Sheets
--On Thursday, May 10, 2012 15:59 +0800 Tobias Gondrom wrote: > John, > > sorry, maybe I did not articulate myself precisely enough. I > did not intend to say it would be published in real-time. What > I wanted to communicate is that we would collect that data > only during daytime and only with 2hours-granularity as it's > only meeting attendance in which room you are (and publish it > at any point in time later). However, we would keep it public > indefinitely (in the proceedings). Good. My apologies for misunderstanding your intent. > Like you, I am very cautious about broadcasting my travel > plans. Plus, I am not only concerned about in advance and > real-time, but also about broadcasting to the public places > I've been in the past (or for that matter any personal > information). But it seems to me that takes us back to Russ's summary in that it is normal, and arguably necessary, for a standards body to record --and make available to those who are interested-- the identities of those participating in meetings. best regards, john
Re: Future Handling of Blue Sheets
John, sorry, maybe I did not articulate myself precisely enough. I did not intend to say it would be published in real-time. What I wanted to communicate is that we would collect that data only during daytime and only with 2hours-granularity as it's only meeting attendance in which room you are (and publish it at any point in time later). However, we would keep it public indefinitely (in the proceedings). Like you, I am very cautious about broadcasting my travel plans. Plus, I am not only concerned about in advance and real-time, but also about broadcasting to the public places I've been in the past (or for that matter any personal information). Best regards, Tobias On 10/05/12 15:09, John C Klensin wrote: (top post) Tobias, Constructing and then attacking strawmen is not helpful. As far as I know, no one has proposed making blue sheet information --and hence precise location information for identified individuals-- available to the public in real time during the meetings. As one of, I assume, many members of this community who will not broadcast my travel plans to social networks, etc., until after I return home, I would strenuously object to any such thing but, again, as far as I know, no one proposed it. john --On Thursday, May 10, 2012 14:23 +0800 Tobias Gondrom wrote: Dear Russ, please forgive me for adding one more comment on that after you judged on rough consensus. As you said this rough consensus is quite rough (if we may call it "rough consensus"). I would like to point out two things: 1. the statement "(1) Rough consensus: an open and transparent standards process is more important to the IETF than privacy of blue sheet information." puts transparent process in competition with privacy. This is misleading, because there is no contradiction between an open and transparent process and privacy of personal information on this one. For example the availability of blue sheet information on request by an authenticated person does allow full transparency without broadcasting the personal location information. (e.g. see also Ted's proposal from yesterday) (Furthermore, if I would be devil's advocate, I would question this comparison even further, because it could be misread as stating that the current standards process as it is today (with blue sheets on request) is not open or transparent...) 2. if consensus is so rough, we should also consider that the subject of the email discussion was maybe not clear enough about its impact to inform the audience of the consequences of the discussion and the consensus to be measured. We could equally have used a subject like this: "IETF wants to publish your specific locations / whereabouts (within 10m) on an 2-hourly basis during the day for each meeting and keep this information available published on the website indefinitely." It might have resulted in a different rough consensus.
Re: Future Handling of Blue Sheets
Dear Russ, please forgive me for adding one more comment on that after you judged on rough consensus. As you said this rough consensus is quite rough (if we may call it "rough consensus"). I would like to point out two things: 1. the statement "(1) Rough consensus: an open and transparent standards process is more important to the IETF than privacy of blue sheet information." puts transparent process in competition with privacy. This is misleading, because there is no contradiction between an open and transparent process and privacy of personal information on this one. For example the availability of blue sheet information on request by an authenticated person does allow full transparency without broadcasting the personal location information. (e.g. see also Ted's proposal from yesterday) (Furthermore, if I would be devil's advocate, I would question this comparison even further, because it could be misread as stating that the current standards process as it is today (with blue sheets on request) is not open or transparent...) 2. if consensus is so rough, we should also consider that the subject of the email discussion was maybe not clear enough about its impact to inform the audience of the consequences of the discussion and the consensus to be measured. We could equally have used a subject like this: "IETF wants to publish your specific locations / whereabouts (within 10m) on an 2-hourly basis during the day for each meeting and keep this information available published on the website indefinitely." It might have resulted in a different rough consensus. Just my 5cents. Best regards, Tobias On 07/05/12 23:02, IETF Chair wrote: During the IESG discussion of this thread, we recognized the quality of the information on the blue sheets. This point was made very clearly at the open mic discussion at the plenary and on the mail list. Some people voiced agreement with your position, and others supported the posting of this information. As I said in my earlier message, the consensus is quite rough. By my review of the thread, which was made more difficult by the many off-topic postings, there is rough consensus for the inclusion of blue sheet information in the proceedings. Russ On May 6, 2012, at 10:04 PM, David Morris wrote: I consider that there is a significant difference between the information provided in the registered attendee list and the individual blue sheets: a) to the extent that the information on the blue sheet is valid, it provides an hour by hour log of location, the overall list of attendees at most indicates an individual was present to pick up their badge at some point during the meeting. b) the validity of the list of registered attendees has a higher degree of probable validity because of the requirement for a significant payment and the processes required to process that payment. c) Individual blue sheets can suffer from any number of unintentional and intentional issues which limit their factual validity but not the mischief which can be caused by their easy online access. d) Scanning and publication imports a validity to the data which is not widely accepted by the community. David Morris On Sun, 6 May 2012, IETF Chair wrote: David: The list of participants and their addresses are already part of the proceedings. The incremental difference shows which participants signed in at each session. Russ On May 6, 2012, at 7:03 PM, David Morris wrote: From my following of the topic, that concensus was really rough, in particular the part about publishing the scans on-line. That represents a significant difference in ease access which I think required more than the very very rough concensus you seem to think you found. On Sun, 6 May 2012, IETF Chair wrote: We have heard from many community participants, and consensus is quite rough on this topic. The IESG discussed this thread and reached two conclusions: (1) Rough consensus: an open and transparent standards process is more important to the IETF than privacy of blue sheet information. (2) Rough consensus: inclusion of email addresses is a good way to distinguish participants with the same or similar names. Based on these conclusions, the plan is to handle blue sheets as follows: - Continue to collect email addresses on blue sheets; - Scan the blue sheet and include the image in the proceedings for the WG session; - Add indication to top of the blue sheet so people know it will be part of the proceedings; and - Discard paper blue sheets after scanning. On behalf of the IESG, Russ
Re: Future Handling of Blue Sheets
On 05/06/2012 03:54 PM, Russ Housley wrote: > Doug: > >>> - Discard paper blue sheets after scanning. >> >> Everything else seems fine, but I'm concerned about this one. Have you >> run this idea past some sort of legal counsel who is knowledgeable about >> intellectual property litigation? If so, no worries. > > The IETF Counsel has been consulted, and he sees no trouble in this regard. Excellent! Thanks for clarifying. Doug
Re: Future Handling of Blue Sheets
Ted: I will raise this with the IESG. Of the many variants that were discussed, this was not one of them. Russ On May 7, 2012, at 11:50 AM, Ted Hardie wrote: > As a clarifying question, did the IESG discuss whether the image of > the blue sheets might be made available online under other terms of > use, rather than within the proceedings? For example, making these > available to anyone with a tools login, so that anyone willing to > register as a user has access, but they are not broadcast? > > regards, > > Ted Hardie > > On Sun, May 6, 2012 at 9:46 AM, IETF Chair wrote: >> We have heard from many community participants, and consensus is quite rough >> on this topic. The IESG discussed this thread and reached two conclusions: >> >> (1) Rough consensus: an open and transparent standards process is more >> important to the IETF than privacy of blue sheet information. >> >> (2) Rough consensus: inclusion of email addresses is a good way to >> distinguish participants with the same or similar names. >> >> >> Based on these conclusions, the plan is to handle blue sheets as follows: >> >> - Continue to collect email addresses on blue sheets; >> >> - Scan the blue sheet and include the image in the proceedings for the WG >> session; >> >> - Add indication to top of the blue sheet so people know it will be part of >> the proceedings; and >> >> - Discard paper blue sheets after scanning. >> >> >> On behalf of the IESG, >> Russ >> >
Re: Future Handling of Blue Sheets
As a clarifying question, did the IESG discuss whether the image of the blue sheets might be made available online under other terms of use, rather than within the proceedings? For example, making these available to anyone with a tools login, so that anyone willing to register as a user has access, but they are not broadcast? regards, Ted Hardie On Sun, May 6, 2012 at 9:46 AM, IETF Chair wrote: > We have heard from many community participants, and consensus is quite rough > on this topic. The IESG discussed this thread and reached two conclusions: > > (1) Rough consensus: an open and transparent standards process is more > important to the IETF than privacy of blue sheet information. > > (2) Rough consensus: inclusion of email addresses is a good way to > distinguish participants with the same or similar names. > > > Based on these conclusions, the plan is to handle blue sheets as follows: > > - Continue to collect email addresses on blue sheets; > > - Scan the blue sheet and include the image in the proceedings for the WG > session; > > - Add indication to top of the blue sheet so people know it will be part of > the proceedings; and > > - Discard paper blue sheets after scanning. > > > On behalf of the IESG, > Russ >
Re: Future Handling of Blue Sheets
During the IESG discussion of this thread, we recognized the quality of the information on the blue sheets. This point was made very clearly at the open mic discussion at the plenary and on the mail list. Some people voiced agreement with your position, and others supported the posting of this information. As I said in my earlier message, the consensus is quite rough. By my review of the thread, which was made more difficult by the many off-topic postings, there is rough consensus for the inclusion of blue sheet information in the proceedings. Russ On May 6, 2012, at 10:04 PM, David Morris wrote: > > I consider that there is a significant difference between the information > provided in the registered attendee list and the individual blue sheets: > > a) to the extent that the information on the blue sheet is valid, it > provides an hour by hour log of location, the overall list of attendees at > most indicates an individual was present to pick up their badge at some > point during the meeting. > b) the validity of the list of registered attendees has a higher degree > of probable validity because of the requirement for a significant payment > and the processes required to process that payment. > c) Individual blue sheets can suffer from any number of unintentional and > intentional issues which limit their factual validity but not the mischief > which can be caused by their easy online access. > d) Scanning and publication imports a validity to the data which is not > widely accepted by the community. > > David Morris > > On Sun, 6 May 2012, IETF Chair wrote: > >> David: >> >> The list of participants and their addresses are already part of the >> proceedings. The incremental difference shows which participants signed in >> at each session. >> >> Russ >> >> >> >> On May 6, 2012, at 7:03 PM, David Morris wrote: >> >>> >>> From my following of the topic, that concensus was really rough, in >>> particular the part about publishing the scans on-line. That represents >>> a significant difference in ease access which I think required more than >>> the very very rough concensus you seem to think you found. >>> >>> On Sun, 6 May 2012, IETF Chair wrote: >>> We have heard from many community participants, and consensus is quite rough on this topic. The IESG discussed this thread and reached two conclusions: (1) Rough consensus: an open and transparent standards process is more important to the IETF than privacy of blue sheet information. (2) Rough consensus: inclusion of email addresses is a good way to distinguish participants with the same or similar names. Based on these conclusions, the plan is to handle blue sheets as follows: - Continue to collect email addresses on blue sheets; - Scan the blue sheet and include the image in the proceedings for the WG session; - Add indication to top of the blue sheet so people know it will be part of the proceedings; and - Discard paper blue sheets after scanning. On behalf of the IESG, Russ >>> >> >> >
Re: Future Handling of Blue Sheets
I consider that there is a significant difference between the information provided in the registered attendee list and the individual blue sheets: a) to the extent that the information on the blue sheet is valid, it provides an hour by hour log of location, the overall list of attendees at most indicates an individual was present to pick up their badge at some point during the meeting. b) the validity of the list of registered attendees has a higher degree of probable validity because of the requirement for a significant payment and the processes required to process that payment. c) Individual blue sheets can suffer from any number of unintentional and intentional issues which limit their factual validity but not the mischief which can be caused by their easy online access. d) Scanning and publication imports a validity to the data which is not widely accepted by the community. David Morris On Sun, 6 May 2012, IETF Chair wrote: > David: > > The list of participants and their addresses are already part of the > proceedings. The incremental difference shows which participants signed in > at each session. > > Russ > > > > On May 6, 2012, at 7:03 PM, David Morris wrote: > > > > > From my following of the topic, that concensus was really rough, in > > particular the part about publishing the scans on-line. That represents > > a significant difference in ease access which I think required more than > > the very very rough concensus you seem to think you found. > > > > On Sun, 6 May 2012, IETF Chair wrote: > > > >> We have heard from many community participants, and consensus is quite > >> rough on this topic. The IESG discussed this thread and reached two > >> conclusions: > >> > >> (1) Rough consensus: an open and transparent standards process is more > >> important to the IETF than privacy of blue sheet information. > >> > >> (2) Rough consensus: inclusion of email addresses is a good way to > >> distinguish participants with the same or similar names. > >> > >> > >> Based on these conclusions, the plan is to handle blue sheets as follows: > >> > >> - Continue to collect email addresses on blue sheets; > >> > >> - Scan the blue sheet and include the image in the proceedings for the WG > >> session; > >> > >> - Add indication to top of the blue sheet so people know it will be part > >> of the proceedings; and > >> > >> - Discard paper blue sheets after scanning. > >> > >> > >> On behalf of the IESG, > >> Russ > >> > >> > > > >
Re: Future Handling of Blue Sheets
David: The list of participants and their addresses are already part of the proceedings. The incremental difference shows which participants signed in at each session. Russ On May 6, 2012, at 7:03 PM, David Morris wrote: > > From my following of the topic, that concensus was really rough, in > particular the part about publishing the scans on-line. That represents > a significant difference in ease access which I think required more than > the very very rough concensus you seem to think you found. > > On Sun, 6 May 2012, IETF Chair wrote: > >> We have heard from many community participants, and consensus is quite rough >> on this topic. The IESG discussed this thread and reached two conclusions: >> >> (1) Rough consensus: an open and transparent standards process is more >> important to the IETF than privacy of blue sheet information. >> >> (2) Rough consensus: inclusion of email addresses is a good way to >> distinguish participants with the same or similar names. >> >> >> Based on these conclusions, the plan is to handle blue sheets as follows: >> >> - Continue to collect email addresses on blue sheets; >> >> - Scan the blue sheet and include the image in the proceedings for the WG >> session; >> >> - Add indication to top of the blue sheet so people know it will be part of >> the proceedings; and >> >> - Discard paper blue sheets after scanning. >> >> >> On behalf of the IESG, >> Russ >> >> >
Re: Future Handling of Blue Sheets
>From my following of the topic, that concensus was really rough, in particular the part about publishing the scans on-line. That represents a significant difference in ease access which I think required more than the very very rough concensus you seem to think you found. On Sun, 6 May 2012, IETF Chair wrote: > We have heard from many community participants, and consensus is quite rough > on this topic. The IESG discussed this thread and reached two conclusions: > > (1) Rough consensus: an open and transparent standards process is more > important to the IETF than privacy of blue sheet information. > > (2) Rough consensus: inclusion of email addresses is a good way to > distinguish participants with the same or similar names. > > > Based on these conclusions, the plan is to handle blue sheets as follows: > > - Continue to collect email addresses on blue sheets; > > - Scan the blue sheet and include the image in the proceedings for the WG > session; > > - Add indication to top of the blue sheet so people know it will be part of > the proceedings; and > > - Discard paper blue sheets after scanning. > > > On behalf of the IESG, > Russ > >
Re: Future Handling of Blue Sheets
Doug: >> - Discard paper blue sheets after scanning. > > Everything else seems fine, but I'm concerned about this one. Have you > run this idea past some sort of legal counsel who is knowledgeable about > intellectual property litigation? If so, no worries. The IETF Counsel has been consulted, and he sees no trouble in this regard. Russ
Re: Future Handling of Blue Sheets
On 05/06/2012 09:46, IETF Chair wrote: > - Discard paper blue sheets after scanning. Everything else seems fine, but I'm concerned about this one. Have you run this idea past some sort of legal counsel who is knowledgeable about intellectual property litigation? If so, no worries. Doug -- If you're never wrong, you're not trying hard enough
Re: Future Handling of Blue Sheets
We have heard from many community participants, and consensus is quite rough on this topic. The IESG discussed this thread and reached two conclusions: (1) Rough consensus: an open and transparent standards process is more important to the IETF than privacy of blue sheet information. (2) Rough consensus: inclusion of email addresses is a good way to distinguish participants with the same or similar names. Based on these conclusions, the plan is to handle blue sheets as follows: - Continue to collect email addresses on blue sheets; - Scan the blue sheet and include the image in the proceedings for the WG session; - Add indication to top of the blue sheet so people know it will be part of the proceedings; and - Discard paper blue sheets after scanning. On behalf of the IESG, Russ
Re: Future Handling of Blue Sheets
Lots of business records are never cryptographically signed (presumably, most of them, actually), and they are just as valid as evidence in court, scanned or on paper. Unless somebody can make a plausible argument that the IETF just made them up, this seems a rather unlikely problem. If somebody wanted to truly contest the evidence, they'd be more likely to claim that their evil competitor signed them in. Henning (not a lawyer, but just having been deposed in a patent suit…) On Apr 30, 2012, at 9:33 PM, Richard L. Barnes wrote: > So can we just wrap the scans in CMS under an IETF cert and call it a day? > > > On Apr 30, 2012, at 8:28 PM, John C Klensin wrote: > >> >> >> --On Wednesday, April 25, 2012 18:06 -0400 Eric Burger >> wrote: >> >>> I would strongly support what Wes is talking about here. I >>> see two (other) reasons for keeping blue sheets. The first is >>> it is a recognized method of showing we have an open standards >>> process. The second is to support those who are trying to >>> defend themselves in patent suits. Frankly, I hope the IETF >>> makes it hard for those who want to abuse the IETF process to >>> get patents or ignore prior art and then come after the >>> industry for undeserved royalties. >>> >>> For the former purpose, just having a list is sufficient. >>> However, for the latter purpose, one needs records that would >>> be admissible in court. Without eating our dog food and having >>> some sort of audited digital signature technology, a simple >>> scan will not do. >> >> +1. And I suggest that, especially if we are removing email >> addresses, we should ask for organizational affiliation as well. >> If someone wants to say "none" that is fine. If they want to >> lie about it, they can lie about their names too. But, for most >> patent-related purposes (given standard employment agreements) >> and antitrust ones, the affiliations are likely to be pretty >> important. FWIW, there was a time when one of the reasons for >> asking for email addresses was that they provided a crude >> surrogate for organizational affiliations. They don't do that >> any longer, which is a reason to not worry about dropping them. >> >> john >> >> >> >> >> > >
Re: Future Handling of Blue Sheets
So can we just wrap the scans in CMS under an IETF cert and call it a day? On Apr 30, 2012, at 8:28 PM, John C Klensin wrote: > > > --On Wednesday, April 25, 2012 18:06 -0400 Eric Burger > wrote: > >> I would strongly support what Wes is talking about here. I >> see two (other) reasons for keeping blue sheets. The first is >> it is a recognized method of showing we have an open standards >> process. The second is to support those who are trying to >> defend themselves in patent suits. Frankly, I hope the IETF >> makes it hard for those who want to abuse the IETF process to >> get patents or ignore prior art and then come after the >> industry for undeserved royalties. >> >> For the former purpose, just having a list is sufficient. >> However, for the latter purpose, one needs records that would >> be admissible in court. Without eating our dog food and having >> some sort of audited digital signature technology, a simple >> scan will not do. > > +1. And I suggest that, especially if we are removing email > addresses, we should ask for organizational affiliation as well. > If someone wants to say "none" that is fine. If they want to > lie about it, they can lie about their names too. But, for most > patent-related purposes (given standard employment agreements) > and antitrust ones, the affiliations are likely to be pretty > important. FWIW, there was a time when one of the reasons for > asking for email addresses was that they provided a crude > surrogate for organizational affiliations. They don't do that > any longer, which is a reason to not worry about dropping them. > > john > > > > >
Re: Future Handling of Blue Sheets
--On Wednesday, April 25, 2012 18:06 -0400 Eric Burger wrote: > I would strongly support what Wes is talking about here. I > see two (other) reasons for keeping blue sheets. The first is > it is a recognized method of showing we have an open standards > process. The second is to support those who are trying to > defend themselves in patent suits. Frankly, I hope the IETF > makes it hard for those who want to abuse the IETF process to > get patents or ignore prior art and then come after the > industry for undeserved royalties. > > For the former purpose, just having a list is sufficient. > However, for the latter purpose, one needs records that would > be admissible in court. Without eating our dog food and having > some sort of audited digital signature technology, a simple > scan will not do. +1. And I suggest that, especially if we are removing email addresses, we should ask for organizational affiliation as well. If someone wants to say "none" that is fine. If they want to lie about it, they can lie about their names too. But, for most patent-related purposes (given standard employment agreements) and antitrust ones, the affiliations are likely to be pretty important. FWIW, there was a time when one of the reasons for asking for email addresses was that they provided a crude surrogate for organizational affiliations. They don't do that any longer, which is a reason to not worry about dropping them. john
Re: Future Handling of Blue Sheets
+1 We could have a bonfire of the blue sheets as a Friday-afternoon social event. On Apr 22, 2012, at 10:31 AM, IETF Chair wrote: > At IETF 83, we had a discussion about the future of blue sheets, many spoke > at the mic in support of the proposal. There has been very little discussion > on the mail list. However, all of the discussion that I have see has been > very supportive. > > The suggestion is three blue sheet changes: > 1. No longer ask for email address; > 2. Scan the blue sheet and include the image in the proceedings for the WG > session; and > 3. Discard paper blue sheets after scanning. > > Please speak up if you think this is the wrong thing to do. > > Thanks, > Russ
Re: Future Handling of Blue Sheets
Hi Eric, At 15:06 25-04-2012, Eric Burger wrote: For the former purpose, just having a list is sufficient. However, for the latter purpose, one needs records that would be admissible in court. Without eating our dog food and having some sort of audited digital signature technology, a simple scan will not do. I assumed that the IAOC considered the legal implications of discarding the blue sheets before the IETF was asked for feedback. The IAOC is supposed to be working on a statement of privacy since mid-2011. There is a document about retention policy. I haven't seen any of the above mentioned in this long thread. Regards, -sm
Re: Future Handling of Blue Sheets
I would strongly support what Wes is talking about here. I see two (other) reasons for keeping blue sheets. The first is it is a recognized method of showing we have an open standards process. The second is to support those who are trying to defend themselves in patent suits. Frankly, I hope the IETF makes it hard for those who want to abuse the IETF process to get patents or ignore prior art and then come after the industry for undeserved royalties. For the former purpose, just having a list is sufficient. However, for the latter purpose, one needs records that would be admissible in court. Without eating our dog food and having some sort of audited digital signature technology, a simple scan will not do. On Apr 23, 2012, at 10:04 AM, George, Wes wrote: >> From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of IETF >> Chair >> Sent: Sunday, April 22, 2012 10:31 AM >> To: IETF >> Subject: Future Handling of Blue Sheets >> >> 2. Scan the blue sheet and include the image in the proceedings for the WG >> session; and >> 3. Discard paper blue sheets after scanning. > > [WEG] Based on some other messages in this thread, there seems to be a lack > of clarity as to the full, official purpose of the blue sheets. Are they > simply to track generic participation levels for room sizing, or are they > also meant as a historical record of attendees to a given WG? It seems that > if they are being subpoenaed, and they are archived today, I tend to think > that they're meant to officially track attendees. I'd appreciate someone > correcting me if I'm wrong. > > If blue sheets are meant to be an official record, then technically we should > document handling/scanning/storage procedures for WG chairs and the > secretariat such that this scan will be admissible in lieu of a paper copy > for any subpoena or other court proceeding. But if we're honest, I'm not sure > that they're of much use as an official record either way. Do we have > procedures today that would prevent tampering before the paper copy ends up > in an archive box? And even then, blue sheets and jabber logs (for remote > participants) are still ultimately a best-effort honor system, and therefore > there is no guarantee of their validity. I can remotely participate without > registering for the meeting, and can sign into Jabber as "Mickey Mouse" just > as easily as I can sign the blue sheet that way. I can also sign as "Randy > Bush" or sign my own name completely illegibly. > > Could we simply do a headcount for room sizing, and treat the matter of > official attendee record for WG meetings as a separate problem? IMO, it's not > currently solved by the blue sheets, and I don't see that changing just > because we dispense with the paper copies in a box in a warehouse. > > Thanks > Wes George > > This E-mail and any of its attachments may contain Time Warner Cable > proprietary information, which is privileged, confidential, or subject to > copyright belonging to Time Warner Cable. This E-mail is intended solely for > the use of the individual or entity to which it is addressed. If you are not > the intended recipient of this E-mail, you are hereby notified that any > dissemination, distribution, copying, or action taken in relation to the > contents of and attachments to this E-mail is strictly prohibited and may be > unlawful. If you have received this E-mail in error, please notify the sender > immediately and permanently delete the original and any copy of this E-mail > and any printout.
Re: Future Handling of Blue Sheets
On Tue, 24 Apr 2012, David Morris wrote: The IETF meetings are actually not totally public. You must purchase a 'ticket' to attend. We would not allow someone to walk in off the street and photograph the functions, or even sit in a meeting and take notes. Without commenting specifically about photographs, as MSJ pointed out, this is not true. It may not be socially acceptable to crash working group meetings, but we do not use force to prevent it. And as Scott Bradner pointed out on this list some time ago: Back when the IETF decided to charge for meetings ($100/meeting sometime in the early 1990s) Steve Coya said that the IETF would never check badges to block people from meetings. The Beijing meeting was a notable exception. There were guards looking for badges and at least one attendee's partner was restrained by the guards when she attempted to enter the meeting space to find her partner. Even then, it the IETF was not the party doing the checking. As the IAOC chair later explained: The IAOC was not aware that badge checking was going to happen prior to this meeting. It was implemented by the meeting host in conjunction with the hotel. I imagine we would respond differently to something truly disruptive. Happily, we tend to be a civilized enough crowd that we don't need bouncers. -- Sam
Re: [IAOC] IAOC and permissions [Re: Future Handling of Blue Sheets]
Dear Brian; On Wed, Apr 25, 2012 at 3:42 AM, Brian E Carpenter wrote: > Dear IAOC, > > I suggest that your standard dealings with local hosts should > include requiring them to perform a local check on whether the > standard "Note Well" takes account of all local legal requirements, > including for example consent to publication of images. If it doesn't, > the host should provide an augmented "Note Well" for use during > meeting registration. > > From the recent discussion, this needs to be done for sure for > IETF 87. The legal subcommittee (which includes the IETF counsel) is actively researching this issue. Regards Marshall > > Regards > Brian Carpenter > > On 2012-04-25 00:30, John C Klensin wrote: >> >> --On Tuesday, 24 April, 2012 18:19 -0500 "James M. Polk" >> wrote: >> >>> IETF 87 is in Germany (15 months from now), so we'd better >>> solve this issue soon, I should think. >> >> The IESG and IAOC are invited to take my comments on the >> situation as an appeal against the decision to hold that meeting >> unless either the situation can be clarified with counsel to the >> degree that we understand that Martin's concerns are not >> applicable, that appropriate permission language and permissions >> can be clarified with Counsel so that a binding between >> registration and permission is possible and used, or that a >> community consensus call demonstrates that the community >> believes that the "just make lists" plan is preferable to having >> the option to take pictures. >> >> And that is my last comment on the subject unless I have to >> formalize such an appeal. >> >> john >> >> . >>
Re: IAOC and permissions [Re: Future Handling of Blue Sheets]
Christian, On 2012-04-25 08:57, Christian Huitema wrote: > Brian, > >> I suggest that your standard dealings with local hosts should include >> requiring them to perform a local check on >> whether the standard "Note Well" takes account of all local legal >> requirements, including for example >> consent to publication of images. If it doesn't, the host should provide an >> augmented "Note Well" for use >> during meeting registration. > > Rather than going this route, we might consider some better balance between > privacy and standard-settings. Taking and publishing a person's image is a > step above listing their names. Do we really need that for the purpose of > standard making, let alone Internet Engineering? How about answering the > classic privacy checklist: These are excellent questions, and I support them being studied (perhaps initially by a small group), but I think they are orthogonal to my suggestion. Since privacy laws vary widely, I really think this issue needs to be checked on a per-host-country basis, regardless of our general policy. Brian > 1) How much personal information do we collect, and for what purpose? The > rule here should be to collect the strict minimum necessary for the purpose. > Pictures don't appear to meet that bar. > 2) How do we process that information? Who in the IETF has access to it? > 3) Do we make that information available to third parties? Under which > guidelines? Again, there is a big difference between answering a subpoena and > publishing on a web page. > 4) How do we safeguard that information? Is it available to any hacker who > sneaks his way into our database? > 5) How long do we keep the information? Why? > 6) How do we dispose of the expired information? > > These look like the right questions to the IAOC. > > -- Christian Huitema > > >
RE: IAOC and permissions [Re: Future Handling of Blue Sheets]
Brian, > I suggest that your standard dealings with local hosts should include > requiring them to perform a local check on > whether the standard "Note Well" takes account of all local legal > requirements, including for example > consent to publication of images. If it doesn't, the host should provide an > augmented "Note Well" for use > during meeting registration. Rather than going this route, we might consider some better balance between privacy and standard-settings. Taking and publishing a person's image is a step above listing their names. Do we really need that for the purpose of standard making, let alone Internet Engineering? How about answering the classic privacy checklist: 1) How much personal information do we collect, and for what purpose? The rule here should be to collect the strict minimum necessary for the purpose. Pictures don't appear to meet that bar. 2) How do we process that information? Who in the IETF has access to it? 3) Do we make that information available to third parties? Under which guidelines? Again, there is a big difference between answering a subpoena and publishing on a web page. 4) How do we safeguard that information? Is it available to any hacker who sneaks his way into our database? 5) How long do we keep the information? Why? 6) How do we dispose of the expired information? These look like the right questions to the IAOC. -- Christian Huitema
IAOC and permissions [Re: Future Handling of Blue Sheets]
Dear IAOC, I suggest that your standard dealings with local hosts should include requiring them to perform a local check on whether the standard "Note Well" takes account of all local legal requirements, including for example consent to publication of images. If it doesn't, the host should provide an augmented "Note Well" for use during meeting registration. >From the recent discussion, this needs to be done for sure for IETF 87. Regards Brian Carpenter On 2012-04-25 00:30, John C Klensin wrote: > > --On Tuesday, 24 April, 2012 18:19 -0500 "James M. Polk" > wrote: > >> IETF 87 is in Germany (15 months from now), so we'd better >> solve this issue soon, I should think. > > The IESG and IAOC are invited to take my comments on the > situation as an appeal against the decision to hold that meeting > unless either the situation can be clarified with counsel to the > degree that we understand that Martin's concerns are not > applicable, that appropriate permission language and permissions > can be clarified with Counsel so that a binding between > registration and permission is possible and used, or that a > community consensus call demonstrates that the community > believes that the "just make lists" plan is preferable to having > the option to take pictures. > > And that is my last comment on the subject unless I have to > formalize such an appeal. > >john > > . >
Re: Future Handling of Blue Sheets
Is it really so completely out of this world to expect the decency to ask whether it is OK to take a photo for the purpose of _publication_? Leaving it up to the individual subjects whether they prefer to relocate further to the background first or prefer to temporarily leave the room? Especially when you believe that the vast majority is going to provide that consent? The folks I would have least expected to be offended by the concept of "consent" are IETFers. John C Klensin wrote: > > > > > The issue with John's purpose is that he is taking a picture > > of the audience(!), and if you take such a picture from the > > front in a small meeting room, there might a small number of > > folks end up _prominently_ in the foreground of that picture, > > at which point their consent will be required. > > I don't want to argue "prominently" versus "non-prominently". There is nothing to argue about. The exemption you'd have to qualify for is clearly scoped (in the German §23 KunstUrhG/KUG) to "pictures of a _public_events_ depicting (identifiable) persons" and _not_ "pictures of persons at public events", which means that the fewer people are predominantly shown on the picture, the more central those people and the setting will have to be to that event in order for the picture to still fall in scope of the "pictures of a public_event" definition. But this is just a necessary prerequiste for the exemption to be in scope at all. By itself, it is not a sufficient criteria. The procedure how to determine whether an exemption from explicit consent requirement for publication of a persons picture is applicable, has been established by the german constitutional court quite a while ago. The decision BVerfGE 35, 202 from 1973 contains a fairly comprehensive description (paragraphs 50-53 -- sorry, all german): http://www.servat.unibe.ch/dfr/bv035202.html#Rn050 Comments of the European Court of Human Rights (ECHR) on the German Federal court applying that principle to the exceptions in §23 KunstUrhG (KUG) in its decisions. section 23(2) of the KUG gives the courts adequate opportunity to apply the protective provisions of section 2(1) read in conjunction with section 1(1) of the Basic Law ... . (bb) In theory the criteria established by the Federal Court of Justice for interpreting the concept of legitimate interest used in section 23(2) of the KUG are irreproachable from the point of view of constitutional law. [...] 66. In these conditions freedom of expression calls for a narrower interpretation (see Prisma Presse, cited above, and, by converse implication, Krone Verlag, cited above, § 37). 67. In that connection the Court also takes account of the resolution of the Parliamentary Assembly of the Council of Europe on the right to privacy, which stresses the one-sided interpretation of the right to freedom of expression by certain media which attempt to justify an infringement of the rights protected by Article 8 of the Convention by claiming that their readers are entitled to know everything about public figures (see paragraph 42 above, and Prisma Presse, cited above). While that one particular (2005 EHCR) decision was about the 1. exemption (public figure), the evaluation rules established by the german constitutional court rules that a narrow interpretation applies to all exceptions alike. "Dabei kommt es verfassungsrechtlich nicht darauf an, bei welchem Tatbestandselement des § 23 KUG die Abwägung vorgenommen wird" The final criteria established by the german constiutional court is pretty clear, if the intended objective can be sufficiently achieved by other means (not encroaching on a persons privacy rights), then this precludes the exemption from voluntary consent to apply. "zu bewerten und zu prüfen, ob und wieweit dieses Interesse auch ohne eine Beeinträchtigung - oder eine so weitgehende Beeinträchtigung - des Persönlichkeitsschutzes befriedigt werden kann." -Martin
Re: Future Handling of Blue Sheets
John C Klensin wrote: > > Martin Rex wrote: > > > > Identifying contributors or participants and publishing persons > > photos or portaits are two very distinct things, and the former > > does not require the latter at all. > > In principle, I could keep the pictures to myself and put a list > of names of volunteers in the minutes. Now suppose Joe Bloggs > is listed but announces on the mailing list after not doing > anything that he really didn't volunteer. I've now got a choice > among accepting his assertion that he didn't volunteer, letting > him retroactively un-volunteer, or publishing the picture to > prove my case (and you claim the latter is illegal). For a > number of reasons, generating peer pressure among them, I prefer > to just publish the picture. I had assumed there is a difference between "volunteering in an IETF WG" to do some work and "volunteering in Uncle Sam's recruiting buero". When did this change? I would also assume that "volunteering" should be scoped to what the volunteer personally commits by explicit vocal or written communication, rather than a "show of hand" volunteering to an unspecified amount of work on the mind of a WG chair. And any such personal commitment may be vitally dependent on several constraints that are not explicitly communicated along with it, and those may change. I really do not see any need for a "photo proof" in that area, and much less of a _publication_ of a photo. Does this mean that IETF participants, who do not attend IETF meetings in person, can no longer volunteer to contribute to the IETF? -Martin
Re: Future Handling of Blue Sheets
John C Klensin wrote: > > I will accept your interpretation as stated but, if that > interpretation is correct, I believe the IETF should not meet > there while those provisions are in effect unless at least one > of the following conditions arises: The overview that Michael StJohns (thanks!) pointed to on wikimedia seems to be a rough approximation of the situation. The situation described for France (location of the last IETF Meeting) matches the real/effective Situation much better than the brief citation of §22 KunstUrhG did for Germany. > > (i) the IETF can reasonably require that people give permission > --irrevocable for the length of time they are at the meeting -- > as needed to permit the IETF to do things that are considered > convenient of necessary. That would be the end of "openness" in the IETF. Why would you want to "punish" folks who come to IETF meetings and pay the meeting fee, but primarily sit in the back of the room compared to IETF participants that listen to the audio streams (or its archives) or folks that have only subscribed to IETF mailing list or browse the archives. Do you want to require folks to first send photographs of themselves before they can listen to IETF Meeting audio streams, subscribe to IETF mailing lists, or browser the archives? > >That is still voluntary in the sense > that attending the meeting is voluntary and still revocable by > leaving the meeting and not coming back-- one can just decide > that, if one doesn't want to volunteer to permit one's picture > to be taken, one can't attend the meeting. > > If you are saying that it is illegal to impose a condition that > binds the two together, that is fine: unless the other condition > applies, we shouldn't be meeting in Germany. Yup, that is not voluntary, that meets the definition of compulsory. For the IETF as an organization, the EU data protection directive applies, so the situation will be similar _all_over_Europe_. > > I presume, by asserting > that such a binding is not permitted, you are also asserting that > corporate ID badges with pictures on them have disappeared from > Germany or are discretionary on a per-employee basis because a > corporate requirement that, in order to remain employed, one > must wear such a badge wouldn't be voluntary either. You're confusing things. It will be OK to have a picture on the ID badge that the employee is _carrying_. After all that is a low-resolution 1x1.5" 2-D picture. There is a high-res 3-D picture of your face attached to the upper end of the body from which the ID badge is supposed to be dangling, so that faximile on the badge is not really encroaching on your privacy, is it? But the employer is not allowed to retain copies of the photo that was imprinted on the badge beyond production of the badge itself, and neither of duplicate/backup badges with your picture on it _without_ voluntary consent. -Martin
Re: Future Handling of Blue Sheets
At 06:31 PM 4/24/2012, Stephan Wenger wrote: Remember, this whole discussion is about a) taking pictures, and b) publishing them. incorrect, this discussion started with Russ proposing copying each WG meeting's attendees list - from the blue sheet - into the meeting minutes. It has gone on from there. James Avoid either, and we should be completely save. Do both, and it still takes at least one person to take offense to the point where he calls police or runs to a lawyer, proof, a judge finding that the privacy rights of the person have been violated, and so on. People take pictures in meetings all the time, in Germany and elsewhere. Folks exceed the speed limit (yes, even in Germany large stretches of the freeway system and all other roads have a speed limit :-). In either case, many say that the risk is in an acceptable relationship with the benefits. Stephan On 4.24.2012 16:19 , "John C Klensin" wrote: > > >--On Tuesday, 24 April, 2012 11:52 -1000 Robin Uyeshiro > wrote: > >> >> The issue with John's purpose is that he is taking a picture >> of the audience(!), and if you take such a picture from the >> front in a small meeting room, there might a small number of >> folks end up _prominently_ in the foreground of that picture, >> at which point their consent will be required. > >Again, IANAL and I don't think you are either, so I don't want >to argue "prominently" versus "non-prominently". I can assure >that, when pictures were used, the clear intent was the everyone >with his or her hand up was individually identifiable and almost >everyone else was too. > > john > >
Re: Future Handling of Blue Sheets
Hi John, At 14:33 24-04-2012, John C Klensin wrote: The pictures were not, iir, taken in Europe. And I repeat my :-) Working group participants could be prone to amnesia. The hand raising might be viewed as a commitment to perform the reviews. It was clearly stated that photos would be taken, why they were taken and what would be done with them. Nobody objected. Regards, -sm P.S. I read the following some time back: - Insist on doing everything through "channels". Never permit short-cuts to be taken in order to expedite decisions. - When possible, refer all matters to committees, for "further study and consideration". Attempt to make the committees as large as possible never less than five. - Bring up irrelevant issues as frequently as possible. - Haggle over precise wordings. - Refer back to matters decided upon at the last meeting and attempt to reopen the question of the advisability of that decision. - Advocate "caution". Be "reasonable" and urge your fellow participants to be "reasonable" and avoid haste which might result in embarrassments or difficulties later on. - Be worried about the propriety of any decision raise the question of whether such action as is contemplated lies within the jurisdiction of the group or whether it might conflict with the policy of some higher echelon. - Never pass on your skill and experience to a new or less skillful worker.
Re: Future Handling of Blue Sheets
Remember, this whole discussion is about a) taking pictures, and b) publishing them. Avoid either, and we should be completely save. Do both, and it still takes at least one person to take offense to the point where he calls police or runs to a lawyer, proof, a judge finding that the privacy rights of the person have been violated, and so on. People take pictures in meetings all the time, in Germany and elsewhere. Folks exceed the speed limit (yes, even in Germany large stretches of the freeway system and all other roads have a speed limit :-). In either case, many say that the risk is in an acceptable relationship with the benefits. Stephan On 4.24.2012 16:19 , "John C Klensin" wrote: > > >--On Tuesday, 24 April, 2012 11:52 -1000 Robin Uyeshiro > wrote: > >> >> The issue with John's purpose is that he is taking a picture >> of the audience(!), and if you take such a picture from the >> front in a small meeting room, there might a small number of >> folks end up _prominently_ in the foreground of that picture, >> at which point their consent will be required. > >Again, IANAL and I don't think you are either, so I don't want >to argue "prominently" versus "non-prominently". I can assure >that, when pictures were used, the clear intent was the everyone >with his or her hand up was individually identifiable and almost >everyone else was too. > > john > >
Re: Future Handling of Blue Sheets
--On Tuesday, 24 April, 2012 18:19 -0500 "James M. Polk" wrote: > > IETF 87 is in Germany (15 months from now), so we'd better > solve this issue soon, I should think. The IESG and IAOC are invited to take my comments on the situation as an appeal against the decision to hold that meeting unless either the situation can be clarified with counsel to the degree that we understand that Martin's concerns are not applicable, that appropriate permission language and permissions can be clarified with Counsel so that a binding between registration and permission is possible and used, or that a community consensus call demonstrates that the community believes that the "just make lists" plan is preferable to having the option to take pictures. And that is my last comment on the subject unless I have to formalize such an appeal. john
Re: Future Handling of Blue Sheets
On 04/25/2012 12:19 AM, James M. Polk wrote: > IETF 87 is in Germany (15 months from now), so we'd better solve this > issue soon, I should think. Sure, I can do that. Its a non-issue, possibly caused by typing being just that bit easier than it ought be, for almost all of us, some of the time, same as many other issues of similar ilk. There, now we can go to Berlin again:-) S.
Re: Future Handling of Blue Sheets
--On Tuesday, 24 April, 2012 23:48 +0200 Martin Rex wrote: > Identifying contributors or participants and publishing persons > photos or portaits are two very distinct things, and the former > does not require the latter at all. In principle, I could keep the pictures to myself and put a list of names of volunteers in the minutes. Now suppose Joe Bloggs is listed but announces on the mailing list after not doing anything that he really didn't volunteer. I've now got a choice among accepting his assertion that he didn't volunteer, letting him retroactively un-volunteer, or publishing the picture to prove my case (and you claim the latter is illegal). For a number of reasons, generating peer pressure among them, I prefer to just publish the picture. john
RE: Future Handling of Blue Sheets
--On Tuesday, 24 April, 2012 11:52 -1000 Robin Uyeshiro wrote: > > The issue with John's purpose is that he is taking a picture > of the audience(!), and if you take such a picture from the > front in a small meeting room, there might a small number of > folks end up _prominently_ in the foreground of that picture, > at which point their consent will be required. Again, IANAL and I don't think you are either, so I don't want to argue "prominently" versus "non-prominently". I can assure that, when pictures were used, the clear intent was the everyone with his or her hand up was individually identifiable and almost everyone else was too. john
Re: Future Handling of Blue Sheets
At 05:17 PM 4/24/2012, Martin Rex wrote: John C Klensin wrote: > > I strongly encourage the > IASA to avoid ever holding an IETF meeting in Germany again > without first obtaining appropriate legal advice that it is > acceptable given our existing conditions to record the names and > identities of anyone participating in any IETF activity, That does _not_ require a photo. > > whether they are explicitly sign something, > are photographed, are identified by RFID, Keep in mind that if it isn't _voluntary_ consent, it will be legally void, even with a signature on it. IETF 87 is in Germany (15 months from now), so we'd better solve this issue soon, I should think. james > > have their names written down after they say something at a microphone > or on Jabber, raise their hands (presumably in the expectation of being > identified), or can be identified in some other way. What is wrong about simply archiving the information that participants are providing voluntarily, such as it has been the last 20 years? In Germany, an employer is not entitled to have and use a photo or picture of an employee without explicit, voluntary and anytime revocable consent of that employee (with very few and very narrow exceptions carefully scoped by the legislator). Writing something to a different effect into the employment contract will be legally void, because the consent to use the picture MUST be voluntary and anytime revocable. > > Of course, an acceptable alternative to "no meetings in Germany > or any other country with the rules you suggest apply" would be > explicit permission on registration forms as a condition of > attendance. Or, presumably, a Chair could make an announcement > that anyone who continues to sit in a particular room is giving > permission for such identification. Please do not confuse any necessity to identify an originator of a contribution (which is where data protection laws would apply) and the personal privacy rights of individuals about photos&portraits of themselves. -Martin
Re: Future Handling of Blue Sheets
Martin, Let me try to restate this with the understanding that I'm talking about what is convenient and/or necessary for carrying on the work of the IETF and not trying to interpret German law. I will accept your interpretation as stated but, if that interpretation is correct, I believe the IETF should not meet there while those provisions are in effect unless at least one of the following conditions arises: (i) the IETF can reasonably require that people give permission --irrevocable for the length of time they are at the meeting -- as needed to permit the IETF to do things that are considered convenient of necessary. That is still voluntary in the sense that attending the meeting is voluntary and still revocable by leaving the meeting and not coming back-- one can just decide that, if one doesn't want to volunteer to permit one's picture to be taken, one can't attend the meeting. If you are saying that it is illegal to impose a condition that binds the two together, that is fine: unless the other condition applies, we shouldn't be meeting in Germany. I presume, by asserting that such a binding is not permitted, you are also asserting that corporate ID badges with pictures on them have disappeared from Germany or are discretionary on a per-employee basis because a corporate requirement that, in order to remain employed, one must wear such a badge wouldn't be voluntary either. (ii) The IETF concludes that it doesn't need what I think is reasonable and, in particular, that if I need to record who has his or her hands up in a WG poll, it is better for me to take the time to send people through the room asking for and writing down names than to take pictures. Note that an extra checkmark on the blue sheets or an RFID walk-by doesn't work, because part of my goal is to have everyone in attendance at the WG meeting able to see who (else) has her hand up. I have almost no preference between the two. I do care that, as WG Chair, I'm not expected to manage things in an environment in which I can ask for volunteers or commitments without being able to establish who made them. And, if the second choice above is the choice of the community, I believe I have the reasonable right to expect that I can ask for WG slots a half-hour longer than I would otherwise need and expect to get it, even if that means an extra half-day or day of meetings. john --On Wednesday, 25 April, 2012 00:17 +0200 Martin Rex wrote: > John C Klensin wrote: >> >> I strongly encourage the >> IASA to avoid ever holding an IETF meeting in Germany again >> without first obtaining appropriate legal advice that it is >> acceptable given our existing conditions to record the names >> and identities of anyone participating in any IETF activity, > > That does _not_ require a photo. > > >> >> whether they are explicitly sign something, >> are photographed, are identified by RFID, > > Keep in mind that if it isn't _voluntary_ consent, it will be > legally void, even with a signature on it. > > >> >> have their names written down after they say something at a >> microphone or on Jabber, raise their hands (presumably in the >> expectation of being identified), or can be identified in >> some other way. > > What is wrong about simply archiving the information that > participants are providing voluntarily, such as it has been > the last 20 years? > > > In Germany, an employer is not entitled to have and use a > photo or picture of an employee without explicit, voluntary > and anytime revocable consent of that employee (with very few > and very narrow exceptions carefully scoped by the > legislator). Writing something to a different effect into the > employment contract will be legally void, because the consent > to use the picture MUST be voluntary and anytime revocable. > > >> >> Of course, an acceptable alternative to "no meetings in >> Germany or any other country with the rules you suggest >> apply" would be explicit permission on registration forms as >> a condition of attendance. Or, presumably, a Chair could >> make an announcement that anyone who continues to sit in a >> particular room is giving permission for such identification. > > Please do not confuse any necessity to identify an originator > of a contribution (which is where data protection laws would > apply) and the personal privacy rights of individuals about > photos&portraits of themselves. > > -Martin
Re: Future Handling of Blue Sheets
John C Klensin wrote: > > I strongly encourage the > IASA to avoid ever holding an IETF meeting in Germany again > without first obtaining appropriate legal advice that it is > acceptable given our existing conditions to record the names and > identities of anyone participating in any IETF activity, That does _not_ require a photo. > > whether they are explicitly sign something, > are photographed, are identified by RFID, Keep in mind that if it isn't _voluntary_ consent, it will be legally void, even with a signature on it. > > have their names written down after they say something at a microphone > or on Jabber, raise their hands (presumably in the expectation of being > identified), or can be identified in some other way. What is wrong about simply archiving the information that participants are providing voluntarily, such as it has been the last 20 years? In Germany, an employer is not entitled to have and use a photo or picture of an employee without explicit, voluntary and anytime revocable consent of that employee (with very few and very narrow exceptions carefully scoped by the legislator). Writing something to a different effect into the employment contract will be legally void, because the consent to use the picture MUST be voluntary and anytime revocable. > > Of course, an acceptable alternative to "no meetings in Germany > or any other country with the rules you suggest apply" would be > explicit permission on registration forms as a condition of > attendance. Or, presumably, a Chair could make an announcement > that anyone who continues to sit in a particular room is giving > permission for such identification. Please do not confuse any necessity to identify an originator of a contribution (which is where data protection laws would apply) and the personal privacy rights of individuals about photos&portraits of themselves. -Martin
Re: Future Handling of Blue Sheets
On Apr 24, 2012, at 2:16 PM, John C Klensin wrote: > I think I completely agree with that. >john + 1 > --On Tuesday, 24 April, 2012 19:55 + Christian Huitema > wrote: > >> We see here a tension between two goals, engineering the >> Internet and making standards for the Internet. In most cases, >> the two goals are easily reconciled , as open standards are an >> essential part of an open Internet. But here we have a >> conflict. On one hand, good engineering would mean, setting >> the best possible example in matters such as security and >> privacy. On the other hand, public standard making seem to >> require a very controlled participation process, in which >> participants have effectively no privacy. Of the two goals, I >> think we would be much better off emphasizing engineering and >> downsizing process. The Internet did not develop because the >> IETF had better processes than the ITU. It developed because >> we cared about making the best possible network! >> >> -- Christian Huitema
RE: Future Handling of Blue Sheets
The issue with John's purpose is that he is taking a picture of the audience(!), and if you take such a picture from the front in a small meeting room, there might a small number of folks end up _prominently_ in the foreground of that picture, at which point their consent will be required. Hopefully, IETF working group meeting participants would be described as more like a jury or legislators than an audience. The purpose of the meeting should be participation and dialog, not presentation.
Re: Future Handling of Blue Sheets
John C Klensin wrote: > > Sam Hartman wrote: > > > > So, from what I know about European law, I'd have significant > > concerns about whether the note-well is sufficient for > > John's purpose. > > The pictures were not, iir, taken in Europe. And I repeat my > belief/ request that we not hold any more meetings in any > country in which such provisions might apply without expanding > the registration notices and provisions sufficiently to require/ > constitute explicitly permission to identify participants and > their participating activities in any way that meets the IETF's > purposes and/or requirements. Identifying contributors or participants and publishing persons photos or portaits are two very distinct things, and the former does not require the latter at all. -Martin
Re: Future Handling of Blue Sheets
--On Tuesday, 24 April, 2012 14:46 -0400 Sam Hartman wrote: > So, from what I know about European law, I'd have significant > concerns about whether the note-well is sufficient for > John's purpose. The pictures were not, iir, taken in Europe. And I repeat my belief/ request that we not hold any more meetings in any country in which such provisions might apply without expanding the registration notices and provisions sufficiently to require/ constitute explicitly permission to identify participants and their participating activities in any way that meets the IETF's purposes and/or requirements. john
Re: Future Handling of Blue Sheets
Martin, I invite you to post a copy of your law degree, license, and credentials for the edification of this group. In the interim and in the event that you are correct, I strongly encourage the IASA to avoid ever holding an IETF meeting in Germany again without first obtaining appropriate legal advice that it is acceptable given our existing conditions to record the names and identities of anyone participating in any IETF activity, whether they are explicitly sign something, are photographed, are identified by RFID, have their names written down after they stay something at a microphone or on Jabber, raise their hands (presumably in the expectation of being identified), or can be identified in some other way. Of course, an acceptable alternative to "no meetings in Germany or any other country with the rules you suggest apply" would be explicit permission on registration forms as a condition of attendance. Or, presumably, a Chair could make an announcement that anyone who continues to sit in a particular room is giving permission for such identification. As Christian suggests, we simply have to be able to identify participants in WG sessions, even silent ones, to have an open standards process. Again, I will strongly defend your right to privacy, absence of identifying photography, etc. Just do not simultaneously claim that right and the right to participate in the IETF. john --On Tuesday, 24 April, 2012 21:34 +0200 Martin Rex wrote: > Michael StJohns wrote: >> >> While Wikipedia is sometimes wrong, it does tend to have >> useful information.= Specifically >> http://commons.wikimedia.org/wiki/Commons:Country_specific_c >> on= sent_requirements#Germany >> >> > Publishing or propagating the image does not normally >> > require consent: If the person is an irrelevant or merely >> > accidental part (Beiwerk) of a landscape or locality shown >> > in the picture. >> > If the person took part in a public meeting or event and is >> > depicted on this occasion. >> > If distribution or exhibition serves a higher artistic >> > interest. >> >> http://www.gesetze-im-internet.de/kunsturhg/__23.html > > That information in an incorrect translation, and it is > quoting only part (1) of the article and missing part (2). > > > §22 (1) 2.+ 3. KunstUrhG are quite related in the intent > > > the translation of (2) captures the original meaning correctly: > > 2. Bilder, auf denen die Personen nur als Beiwerk neben einer > Landschaft oder sonstigen Örtlichkeit erscheinen; > >> > If the person is an irrelevant or merely accidental part >> > (Beiwerk) of a landscape or locality shown in the picture. > > > The translation of (3) is not quite correct: > > 3. Bilder von Versammlungen, Aufzügen und ähnlichen > Vorgängen, an denen die dargestellten Personen > teilgenommen haben; > >> > If the person took part in a public meeting or event and is >> > depicted on this occasion. > > This is about pictures of an (public) assembly, parade or > similar event which the pictured peoples participated, and NOT > the other way round! > > The translation you quoted is flawed logic. > > from the rules: > 1. all men are mortals > 2. socrates was a man > you can infer "socrates was mortal", > > But infering the reverse "all mortals are men", "all men are > socrates" or "all mortals are socrates" amounts to flawed > logic. > > > When making a photo of the audience(!) with a small number of > people prominently in the foreground, then the exclusion no > longer applies and you will need consent of the folks in order > to _publish_ such a photo, similar for taking pictures of the > _spectators_ of a parade. > > For people doing presentations in front, or speaking at the > podium of a public assembly or convention, the exception may > apply to a singular depicted person if it is still a "picture > of the event" (i.e. a picture in context). > > Just because someone participates an assembly, convention or is > the spectator of a parade does NOT result in a general loss of > control over pictures&portraits of that person. > > > -Martin
RE: Future Handling of Blue Sheets
I think I completely agree with that. john --On Tuesday, 24 April, 2012 19:55 + Christian Huitema wrote: > We see here a tension between two goals, engineering the > Internet and making standards for the Internet. In most cases, > the two goals are easily reconciled , as open standards are an > essential part of an open Internet. But here we have a > conflict. On one hand, good engineering would mean, setting > the best possible example in matters such as security and > privacy. On the other hand, public standard making seem to > require a very controlled participation process, in which > participants have effectively no privacy. Of the two goals, I > think we would be much better off emphasizing engineering and > downsizing process. The Internet did not develop because the > IETF had better processes than the ITU. It developed because > we cared about making the best possible network! > > -- Christian Huitema > > >
Re: Future Handling of Blue Sheets
John, I wrote: > > You better don't publish any photos taken in Germany (maybe even > all of Europe) _without_ permission of every single person who is > clearly identifiable on that photo, because it would be illegal. I'm sorry for my blunt, overly broad and unexplained original reply. I did not adequately account of existing exceptions (KunstUrhG) and the situation to which they would apply, and neither did I describe practical remedies for the situations where the exception do not apply, in order to put the real issue into perspective. -Martin https://www.ietf.org/ibin/c5i?mid=6&rid=49&gid=0&k1=933&k2=62976&tid=1335299957 https://www.ietf.org/ibin/c5i?mid=6&rid=49&gid=0&k1=933&k2=62978&tid=1335299957
Re: Future Handling of Blue Sheets
Sam Hartman wrote: > > > "Martin" == Martin Rex writes: > > Martin> Joel jaeggli wrote: > >> > > Michael StJohns wrote: > > > > > > Martin - you and everyone else in the room gave permission by being > >> in > the room. That's what the NOTE WELL is all about. So no, > >> not illegal. > >> > >> Specifically every registered attendee has accepted during the > >> registration process the note-well. > > Martin> You're completely misled. > > Martin> In Germany (and probably all over Europe) that part of note > Martin> well will not apply to the rights about your own > Martin> picture/portrait. > > Martin> To obtain such a right, a seperate explicit and voluntary > Martin> consent is required. That is a privilege guaranteed by law. > > There may be additional legal issues. However, for at least one issue, > the European data Protection law comes into play in significant ways. I > recommend the presentation from last SAAG. In particular I recommend > focusing on the part of that presentation about consent. There are > significant limitations to consent especially when someone must consent > to do their job. > > So, from what I know about European law, I'd have significant concerns > about whether the note-well is sufficient for John's purpose. The issue with John's purpose is that he is taking a picture of the audience(!), and if you take such a picture from the front in a small meeting room, there might a small number of folks end up _prominently_ in the foreground of that picture, at which point their consent will be required. The Solution to John's problem would be, that he asks before taking the picture: "I want to take a picture of the room for the purpose of _publishing_ (e.g. including in the WG minutes) it from where I stand right now, and the folks in the front may end up prominently on that photo. If anyone has a problem with this, please move the the rear or temporarily leave the room." That is vaguely similar to the orca/Shamu and dolphin shows in SeaWorld, where folks are explicitly reminded about the "splash" that is going to soak the frontmost seating row(s). IMHO this is not so much different about the audio "policy" in the Note Well. It does _not_ universally apply to each and every word that is said while participating an IETF Meeting. Private (hallway) conversations are _not_ subject to the Note Well either. -Martin
RE: Future Handling of Blue Sheets
We see here a tension between two goals, engineering the Internet and making standards for the Internet. In most cases, the two goals are easily reconciled , as open standards are an essential part of an open Internet. But here we have a conflict. On one hand, good engineering would mean, setting the best possible example in matters such as security and privacy. On the other hand, public standard making seem to require a very controlled participation process, in which participants have effectively no privacy. Of the two goals, I think we would be much better off emphasizing engineering and downsizing process. The Internet did not develop because the IETF had better processes than the ITU. It developed because we cared about making the best possible network! -- Christian Huitema
Re: Future Handling of Blue Sheets
Michael StJohns wrote: > > While Wikipedia is sometimes wrong, it does tend to have useful information.= > Specifically http://commons.wikimedia.org/wiki/Commons:Country_specific_con= > sent_requirements#Germany > > > Publishing or propagating the image does not normally require consent: > > If the person is an irrelevant or merely accidental part (Beiwerk) > > of a landscape or locality shown in the picture. > > If the person took part in a public meeting or event and is depicted > > on this occasion. > > If distribution or exhibition serves a higher artistic interest. > > http://www.gesetze-im-internet.de/kunsturhg/__23.html That information in an incorrect translation, and it is quoting only part (1) of the article and missing part (2). §22 (1) 2.+ 3. KunstUrhG are quite related in the intent the translation of (2) captures the original meaning correctly: 2. Bilder, auf denen die Personen nur als Beiwerk neben einer Landschaft oder sonstigen Örtlichkeit erscheinen; > > If the person is an irrelevant or merely accidental part (Beiwerk) > > of a landscape or locality shown in the picture. The translation of (3) is not quite correct: 3. Bilder von Versammlungen, Aufzügen und ähnlichen Vorgängen, an denen die dargestellten Personen teilgenommen haben; > > If the person took part in a public meeting or event and is depicted > > on this occasion. This is about pictures of an (public) assembly, parade or similar event which the pictured peoples participated, and NOT the other way round! The translation you quoted is flawed logic. from the rules: 1. all men are mortals 2. socrates was a man you can infer "socrates was mortal", But infering the reverse "all mortals are men", "all men are socrates" or "all mortals are socrates" amounts to flawed logic. When making a photo of the audience(!) with a small number of people prominently in the foreground, then the exclusion no longer applies and you will need consent of the folks in order to _publish_ such a photo, similar for taking pictures of the _spectators_ of a parade. For people doing presentations in front, or speaking at the podium of a public assembly or convention, the exception may apply to a singular depicted person if it is still a "picture of the event" (i.e. a picture in context). Just because someone participates an assembly, convention or is the spectator of a parade does NOT result in a general loss of control over pictures&portraits of that person. -Martin
Re: Future Handling of Blue Sheets
> "Martin" == Martin Rex writes: Martin> Joel jaeggli wrote: >> > Michael StJohns wrote: > > > > Martin - you and everyone else in the room gave permission by being >> in > the room. That's what the NOTE WELL is all about. So no, >> not illegal. >> >> Specifically every registered attendee has accepted during the >> registration process the note-well. Martin> You're completely misled. Martin> In Germany (and probably all over Europe) that part of note Martin> well will not apply to the rights about your own Martin> picture/portrait. Martin> To obtain such a right, a seperate explicit and voluntary Martin> consent is required. That is a privilege guaranteed by law. There may be additional legal issues. However, for at least one issue, the European data Protection law comes into play in significant ways. I recommend the presentation from last SAAG. In particular I recommend focusing on the part of that presentation about consent. There are significant limitations to consent especially when someone must consent to do their job. So, from what I know about European law, I'd have significant concerns about whether the note-well is sufficient for John's purpose.
Re: Future Handling of Blue Sheets
I believe Martin is correct, at least with respect to Germany. OTOH, "wo kein Kläger, da kein Richter" (no plaintiff, no judge). And: where is the damage? In short, I wouldn't worry too much. Stephan On 4.24.2012 11:10 , "Martin Rex" wrote: >Joel jaeggli wrote: >> >> Michael StJohns wrote: >> > >> > Martin - you and everyone else in the room gave permission by being in >> > the room. That's what the NOTE WELL is all about. So no, not >>illegal. >> >> Specifically every registered attendee has accepted during the >> registration process the note-well. > >You're completely misled. > >In Germany (and probably all over Europe) that part of note well >will not apply to the rights about your own picture/portrait. > >To obtain such a right, a seperate explicit and voluntary consent >is required. That is a privilege guaranteed by law. > >-Martin >
Re: Future Handling of Blue Sheets
While Wikipedia is sometimes wrong, it does tend to have useful information. Specifically http://commons.wikimedia.org/wiki/Commons:Country_specific_consent_requirements#Germany > Publishing or propagating the image does not normally require consent: > If the person is an irrelevant or merely accidental part (Beiwerk) of a > landscape or locality shown in the picture. > If the person took part in a public meeting or event and is depicted on this > occasion. > If distribution or exhibition serves a higher artistic interest. http://www.gesetze-im-internet.de/kunsturhg/__23.html So - not misled. Sent from my iPad On Apr 24, 2012, at 14:10, Martin Rex wrote: > Joel jaeggli wrote: >> >> Michael StJohns wrote: >>> >>> Martin - you and everyone else in the room gave permission by being in >>> the room. That's what the NOTE WELL is all about. So no, not illegal. >> >> Specifically every registered attendee has accepted during the >> registration process the note-well. > > You're completely misled. > > In Germany (and probably all over Europe) that part of note well > will not apply to the rights about your own picture/portrait. > > To obtain such a right, a seperate explicit and voluntary consent > is required. That is a privilege guaranteed by law. > > -Martin
Re: Future Handling of Blue Sheets
Joel jaeggli wrote: > > Michael StJohns wrote: > > > > Martin - you and everyone else in the room gave permission by being in > > the room. That's what the NOTE WELL is all about. So no, not illegal. > > Specifically every registered attendee has accepted during the > registration process the note-well. You're completely misled. In Germany (and probably all over Europe) that part of note well will not apply to the rights about your own picture/portrait. To obtain such a right, a seperate explicit and voluntary consent is required. That is a privilege guaranteed by law. -Martin
Re: Future Handling of Blue Sheets
On 4/24/12 09:50 , Michael StJohns wrote: > > Martin - you and everyone else in the room gave permission by being in the > room. That's what the NOTE WELL is all about. So no, not illegal. Specifically every registered attendee has accepted during the registration process the note-well. > "A participant in any IETF activity is deemed to accept all IETF rules of > process, as documented in Best Current Practices RFCs and IESG Statements. > > A participant in any IETF activity acknowledges that written, audio and video > records of meetings may be made and may be available to the public. " > > > >> -Martin > >
Re: Future Handling of Blue Sheets
At 12:21 PM 4/24/2012, Martin Rex wrote: >John C Klensin wrote: >> >> I should also mention that I introduced a micro-innovation into >> a WG meeting a few IETF's back. We had asked who was going to >> read specific documents. Some hands went up, some didn't. In >> order to have a record of both, I took pictures and we put the >> pictures in the minutes. I believe that doing that was >> completely within the boundaries set by the provision Mike cites >> above... and that no one can say "oh, I get to be private, >> please block my face out of the picture even though you can >> retain my raised hand" > >You better don't publish any photos taken in Germany (maybe even >all of Europe) _without_ permission of every single person who is >clearly identifiable on that photo, because it would be illegal. Martin - you and everyone else in the room gave permission by being in the room. That's what the NOTE WELL is all about. So no, not illegal. "A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public. " >-Martin
Re: Future Handling of Blue Sheets
At 10:30 AM 4/24/2012, David Morris wrote: >On Mon, 23 Apr 2012, Dave Crocker wrote: > >> However as much as I appreciate the benefits of privacy and the detriments of >> eroding it, I think there is an odd conceptual confusion taking place here: >> This is an entirely public event. It makes no sense to participate in a >> formal portion of that event and expect privacy. > >The IETF meetings are actually not totally public. You must purchase a >'ticket' to attend. We would not allow someone to walk in off the street >and photograph the functions, or even sit in a meeting and take notes. Actually, with the exception of the Beijing meeting where the hotel - not us - posted guards to keep non-badge holders out (and apparently to check id against badges), we don't actually enforce this much. I can think of a number of recent IETFs where "guests" have sat in for a short while in various conversations and WG meetings without being officially registered. Even if we did enforce the badging requirement - the payment of the registration fee does not make this a non-public meeting. ANYONE can attend.
Re: Future Handling of Blue Sheets
John C Klensin wrote: > > I should also mention that I introduced a micro-innovation into > a WG meeting a few IETF's back. We had asked who was going to > read specific documents. Some hands went up, some didn't. In > order to have a record of both, I took pictures and we put the > pictures in the minutes. I believe that doing that was > completely within the boundaries set by the provision Mike cites > above... and that no one can say "oh, I get to be private, > please block my face out of the picture even though you can > retain my raised hand" You better don't publish any photos taken in Germany (maybe even all of Europe) _without_ permission of every single person who is clearly identifiable on that photo, because it would be illegal. -Martin
Re: Future Handling of Blue Sheets
Hi, In reading this thread several thoughts have come to mind: - for several years I have not been able to attend an IETF mtg in person, yet always join in some of the sessions remotely. Is our remote attendance recorded as well, or its it only in the chat archive? I have noticed that not all of us give our real names when we sign in (I generally do but that is beside the point.) This would also apply to those who are at the physical mtg but who time share between sessions. - when I used to come to the physical meetings, I often noticed people who came to the mtg who did not sign the blue / pink sheets. And does everyone who comes in late actually find the sheet and sign it? - does everyone sign their real name? do we know if anyone has ever signed the name of someone else? How often has Minnie Mouse attended an IETF WG mtg. - I thought the comment about taking pictures to record the identities of those who read documents was interesting. For those who are recognizable this its indeed a good record, but what about for others? Also a statement was made that no one could complain about this because of the note well - but that only references "written, audio and video records of meetings may be made and may be available to the public" - nothing about still photography. Perhaps the video feature of the phone should be used in the future. So it seems that the records are probably partial, and unreliable. They are also not verified. Are they really useful? In thinking about why such records are kept, I sort of understand the various IPR reasons, but wonder, whether given the unreliability of the information, it really would be accepted as evidence. Has ever ever been a case where these blue sheet records were accepted as evidence? If not, are there other good reasons for the blue sheets? I mean they are a quaint historical relic and that has value for any organization, but is there a function they reliably serve? avri Fernando Gont wrote: >On 04/24/2012 03:40 AM, Brian E Carpenter wrote: >>> * What about the case in which the same person must be in two >meetings >>> that overlap? (e.g., I've *presented* at overlapping meeting) What >>> should they do in that that case? Sign all the corresponding blue >>> sheets? Sign none? >> >> I think you should sign both; however, your name will be in the >minutes as >> a presenter, so your presence is part of the public record. > >What about folks that are interested in being present in the discussion >of documents in overlapping meetings? (e.g., one document being >rpesented by some folks at the beginning of one meeting, and some other >doc being presented at the end of some other meeting?). > >Thanks, >-- >Fernando Gont >e-mail: ferna...@gont.com.ar || fg...@si6networks.com >PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Re: Future Handling of Blue Sheets
On Mon, 23 Apr 2012, Dave Crocker wrote: > However as much as I appreciate the benefits of privacy and the detriments of > eroding it, I think there is an odd conceptual confusion taking place here: > This is an entirely public event. It makes no sense to participate in a > formal portion of that event and expect privacy. The IETF meetings are actually not totally public. You must purchase a 'ticket' to attend. We would not allow someone to walk in off the street and photograph the functions, or even sit in a meeting and take notes. The hugh amount of publically available data being presented on-line which becomes significantly less private by creating ease of access. My home phone number is published w/o an address. I consider it a breach of my privacy to have some data mining operation match my address with my phone number just because my name and address are correlated in public property titles. Etc. I don't have an objection to the existance of blue sheets and I think I have long understood the multiple justifications for their use. My objection is to the making of the content more readily available than previous procedures. That changes the level of privacy associated with blue sheets, in my mind significantly. I don't care if scanning and storing the scans is used, if our legal staff has determined that scanning is equivalent to having the original document, but I don't want to see the time to content availablity change (well, perhaps in response to a supoena). That means no public online access. And perhaps an artifical delay matching the time it takes now. Surely there is now a defacto access policy and the admin folks wouldn't dig out the sheets just because I wanted to see them. I suspect that they wouldn't provide access to all sheets for all meetings in a single year. There might also be a copy charge, etc. All of that creates a legitimate expection of more privacy than making the sheets available without restriction on-line. I also don't think we should make assumptions about how well future software will do at recognition of sloppy hand writing on blue paper written with ink of almost the same color. Public and transparent have been implemented in a certain fashion in the past which included a degree of interference with ease of access. I don't see a written policy that states we shall make all records as readily available as future technology allows. The IETF has traditionally been in favor of encouraging on-line privacy. (think cookies) We need to lead by example by not following the lemmings and contributing to less privacy. If scans are legally sufficient, then capture the data to CD/DVD media and stick the data in a warehouse, etc. That solves the bulk storage issue but doesn't make the content much easier to access.
Re: Future Handling of Blue Sheets
On Tue, Apr 24, 2012 at 3:12 AM, Fernando Gont wrote: > On 04/24/2012 03:40 AM, Brian E Carpenter wrote: >>> * What about the case in which the same person must be in two meetings >>> that overlap? (e.g., I've *presented* at overlapping meeting) What >>> should they do in that that case? Sign all the corresponding blue >>> sheets? Sign none? >> >> I think you should sign both; however, your name will be in the minutes as >> a presenter, so your presence is part of the public record. > > What about folks that are interested in being present in the discussion > of documents in overlapping meetings? (e.g., one document being > rpesented by some folks at the beginning of one meeting, and some other > doc being presented at the end of some other meeting?). Your question was already answered. Sign both. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com > Thanks, > -- > Fernando Gont > e-mail: ferna...@gont.com.ar || fg...@si6networks.com > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > >
Re: Future Handling of Blue Sheets
On 2012-04-24 10:06, Ersue, Mehmet (NSN - DE/Munich) wrote: >> I don't have an objection to this data being collected, only >> to it being made public without a good reason. > > +1 IMNSHO, having the IETF process not only open but also clearly *seen* to be open is a very good reason. I assume that's why RFC 2026 recommends publishing the list of attendees in the minutes. As for the problem of people who refuse to sign the blue sheet or who sign with a false name, I think we have to accept that as the price of avoiding draconian measures that nobody would like. The same goes for remote participants who use nicknames. BTW, I don't think that anyone trying to evade IPR rules would sign in as "Minnie Mouse" because there is IPR all over that name. Brian
Re: Future Handling of Blue Sheets
At 00:38 24-04-2012, Bob Hinden wrote: The work we do in the IETF is done in public. It is a basic element of our open standards process. +1 The long threads are at: http://www.ietf.org/mail-archive/web/ietf/current/msg51053.html http://www.ietf.org/mail-archive/web/ietf/current/msg51362.html http://www.ietf.org/mail-archive/web/ietf/current/msg57829.html There is even an I-D: draft-cooper-privacy-policy-01 Adding a name and/or an email address to the blue sheet is a MAY. Given that this will remain optional and it is a mechanical process, the chance of data aggregation is minimal. Regards, -sm
RE: Future Handling of Blue Sheets
> I don't have an objection to this data being collected, only
> to it being made public without a good reason.
+1
Mehmet
> -Original Message-
> From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf
Of ext Yoav Nir
> Sent: Tuesday, April 24, 2012 11:02 AM
> To: Avri Doria
> Cc: ietf@ietf.org
> Subject: Re: Future Handling of Blue Sheets
>
>
> On Apr 24, 2012, at 11:22 AM, Avri Doria wrote:
>
> > Hi,
> >
> > In reading this thread several thoughts have come to mind:
> >
> > - for several years I have not been able to attend an IETF mtg in
person, yet always
> join in some of the sessions remotely. Is our remote attendance
recorded as well, or
> its it only in the chat archive? I have noticed that not all of us
give our real names
> when we sign in (I generally do but that is beside the point.) This
would also apply to
> those who are at the physical mtg but who time share between sessions.
>
> The handles usually map somehow to names, but only people who know
them well
> would know who "PHB", "MCR", "SM", and "fluffy" are. This also extends
to the
> minutes. You often see things like "Paul said this, Phil said that,
Yoav agreed with Paul,
> Peter said to take it to the list". Within the old boys' club of the
working group, most
> people know who these people are. Looking at the attendee list, you
can pretty much
> determine who Yoav is (there's only one), but there's plenty of Pauls,
Phils and Peters.
>
> > - when I used to come to the physical meetings, I often noticed
people who came to
> the mtg who did not sign the blue / pink sheets. And does everyone who
comes in late
> actually find the sheet and sign it?
>
> I would say that usually they don't sign them
>
> > - does everyone sign their real name? do we know if anyone has ever
signed the
> name of someone else? How often has Minnie Mouse attended an IETF WG
mtg.
>
> I've seen at least "PHB" on a blue sheet. I also see a lot of
scribbles, that may or may
> not have been an honest attempt at writing the name legibly.
>
> > - I thought the comment about taking pictures to record the
identities of those who
> read documents was interesting. For those who are recognizable this
its indeed a good
> record, but what about for others? Also a statement was made that no
one could
> complain about this because of the note well - but that only
references "written, audio
> and video records of meetings may be made and may be available to the
public" -
> nothing about still photography. Perhaps the video feature of the
phone should be used
> in the future.
> >
> > So it seems that the records are probably partial, and unreliable.
They are also not
> verified. Are they really useful?
>
> They are not reliable, and they provide as much accountability as
those signatures at
> the end of emails ("the contents are confidential...") provide
confidentiality.
>
> > In thinking about why such records are kept, I sort of understand
the various IPR
> reasons, but wonder, whether given the unreliability of the
information, it really would
> be accepted as evidence. Has ever ever been a case where these blue
sheet records
> were accepted as evidence?
> >
> > If not, are there other good reasons for the blue sheets? I mean
they are a quaint
> historical relic and that has value for any organization, but is there
a function they
> reliably serve?
>
> I think not, but then again, I don't have an objection to this data
being collected, only
> to it being made public without a good reason. Stephan has provided an
example for
> misuse, in "for example verifying statements found in resumes". It is
not the job of
> the IETF to keep its participants honest to future employers.
>
> Yoav
Re: Future Handling of Blue Sheets
On Apr 24, 2012, at 11:22 AM, Avri Doria wrote:
> Hi,
>
> In reading this thread several thoughts have come to mind:
>
> - for several years I have not been able to attend an IETF mtg in person, yet
> always join in some of the sessions remotely. Is our remote attendance
> recorded as well, or its it only in the chat archive? I have noticed that
> not all of us give our real names when we sign in (I generally do but that is
> beside the point.) This would also apply to those who are at the physical mtg
> but who time share between sessions.
The handles usually map somehow to names, but only people who know them well
would know who "PHB", "MCR", "SM", and "fluffy" are. This also extends to the
minutes. You often see things like "Paul said this, Phil said that, Yoav agreed
with Paul, Peter said to take it to the list". Within the old boys' club of the
working group, most people know who these people are. Looking at the attendee
list, you can pretty much determine who Yoav is (there's only one), but there's
plenty of Pauls, Phils and Peters.
> - when I used to come to the physical meetings, I often noticed people who
> came to the mtg who did not sign the blue / pink sheets. And does everyone
> who comes in late actually find the sheet and sign it?
I would say that usually they don't sign them
> - does everyone sign their real name? do we know if anyone has ever signed
> the name of someone else? How often has Minnie Mouse attended an IETF WG mtg.
I've seen at least "PHB" on a blue sheet. I also see a lot of scribbles, that
may or may not have been an honest attempt at writing the name legibly.
> - I thought the comment about taking pictures to record the identities of
> those who read documents was interesting. For those who are recognizable this
> its indeed a good record, but what about for others? Also a statement was
> made that no one could complain about this because of the note well - but
> that only references "written, audio and video records of meetings may be
> made and may be available to the public" - nothing about still photography.
> Perhaps the video feature of the phone should be used in the future.
>
> So it seems that the records are probably partial, and unreliable. They are
> also not verified. Are they really useful?
They are not reliable, and they provide as much accountability as those
signatures at the end of emails ("the contents are confidential…") provide
confidentiality.
> In thinking about why such records are kept, I sort of understand the various
> IPR reasons, but wonder, whether given the unreliability of the information,
> it really would be accepted as evidence. Has ever ever been a case where
> these blue sheet records were accepted as evidence?
>
> If not, are there other good reasons for the blue sheets? I mean they are a
> quaint historical relic and that has value for any organization, but is there
> a function they reliably serve?
I think not, but then again, I don't have an objection to this data being
collected, only to it being made public without a good reason. Stephan has
provided an example for misuse, in "for example verifying statements found in
resumes". It is not the job of the IETF to keep its participants honest to
future employers.
Yoav
Re: Future Handling of Blue Sheets
Hi, In reading this thread several thoughts have come to mind: - for several years I have not been able to attend an IETF mtg in person, yet always join in some of the sessions remotely. Is our remote attendance recorded as well, or its it only in the chat archive? I have noticed that not all of us give our real names when we sign in (I generally do but that is beside the point.) This would also apply to those who are at the physical mtg but who time share between sessions. - when I used to come to the physical meetings, I often noticed people who came to the mtg who did not sign the blue / pink sheets. And does everyone who comes in late actually find the sheet and sign it? - does everyone sign their real name? do we know if anyone has ever signed the name of someone else? How often has Minnie Mouse attended an IETF WG mtg. - I thought the comment about taking pictures to record the identities of those who read documents was interesting. For those who are recognizable this its indeed a good record, but what about for others? Also a statement was made that no one could complain about this because of the note well - but that only references "written, audio and video records of meetings may be made and may be available to the public" - nothing about still photography. Perhaps the video feature of the phone should be used in the future. So it seems that the records are probably partial, and unreliable. They are also not verified. Are they really useful? In thinking about why such records are kept, I sort of understand the various IPR reasons, but wonder, whether given the unreliability of the information, it really would be accepted as evidence. Has ever ever been a case where these blue sheet records were accepted as evidence? If not, are there other good reasons for the blue sheets? I mean they are a quaint historical relic and that has value for any organization, but is there a function they reliably serve? avri Fernando Gont wrote: >On 04/24/2012 03:40 AM, Brian E Carpenter wrote: >>> * What about the case in which the same person must be in two >meetings >>> that overlap? (e.g., I've *presented* at overlapping meeting) What >>> should they do in that that case? Sign all the corresponding blue >>> sheets? Sign none? >> >> I think you should sign both; however, your name will be in the >minutes as >> a presenter, so your presence is part of the public record. > >What about folks that are interested in being present in the discussion >of documents in overlapping meetings? (e.g., one document being >rpesented by some folks at the beginning of one meeting, and some other >doc being presented at the end of some other meeting?). > >Thanks, >-- >Fernando Gont >e-mail: ferna...@gont.com.ar || fg...@si6networks.com >PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Re: Future Handling of Blue Sheets
On Apr 23, 2012, at 9:05 PM, Dave Crocker wrote: > > > On 4/23/2012 1:13 AM, Kireeti Kompella wrote: >> RFCs are not gospel. They can, and, in this instance, should, be changed: >> either remove that last item, or stately explicitly that there is no >> expectation of privacy at IETF meetings. (I have a sinking feeling I know >> which way that will go.) > > Actually, an RFC like this /is/ gospel, for this topic. Gospel can be > changed, as you note, according to IETF consensus. > > However as much as I appreciate the benefits of privacy and the detriments of > eroding it, I think there is an odd conceptual confusion taking place here: > This is an entirely public event. It makes no sense to participate in a > formal portion of that event and expect privacy. +1 The work we do in the IETF is done in public. It is a basic element of our open standards process. Bob > > That said, I've certainly no objection to adding to the bloat of warnings and > declarations that we already have, in the humorous belief that listing this > disclaimer will somehow change people's expectations... > > d/ > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net
Re: Future Handling of Blue Sheets
On 04/24/2012 03:40 AM, Brian E Carpenter wrote: >> * What about the case in which the same person must be in two meetings >> that overlap? (e.g., I've *presented* at overlapping meeting) What >> should they do in that that case? Sign all the corresponding blue >> sheets? Sign none? > > I think you should sign both; however, your name will be in the minutes as > a presenter, so your presence is part of the public record. What about folks that are interested in being present in the discussion of documents in overlapping meetings? (e.g., one document being rpesented by some folks at the beginning of one meeting, and some other doc being presented at the end of some other meeting?). Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Re: Future Handling of Blue Sheets
On 4/23/2012 1:13 AM, Kireeti Kompella wrote: RFCs are not gospel. They can, and, in this instance, should, be changed: either remove that last item, or stately explicitly that there is no expectation of privacy at IETF meetings. (I have a sinking feeling I know which way that will go.) Actually, an RFC like this /is/ gospel, for this topic. Gospel can be changed, as you note, according to IETF consensus. However as much as I appreciate the benefits of privacy and the detriments of eroding it, I think there is an odd conceptual confusion taking place here: This is an entirely public event. It makes no sense to participate in a formal portion of that event and expect privacy. That said, I've certainly no objection to adding to the bloat of warnings and declarations that we already have, in the humorous belief that listing this disclaimer will somehow change people's expectations... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: Future Handling of Blue Sheets
On 2012-04-23 16:51, Fernando Gont wrote: ... > * What about the case in which the same person must be in two meetings > that overlap? (e.g., I've *presented* at overlapping meeting) What > should they do in that that case? Sign all the corresponding blue > sheets? Sign none? I think you should sign both; however, your name will be in the minutes as a presenter, so your presence is part of the public record. Brian
Re: Future Handling of Blue Sheets
On 2012-04-23 22:40, Peter Sylvester wrote: > On 04/23/2012 07:23 PM, Samuel Weiler wrote: >> On Mon, 23 Apr 2012, Randy Bush wrote: >> >>> i see ourselves some years from now having electronic tracking of >>> whether X was in the room during which parts of the discussion. do >>> not like. >> >> +1 >> >> I am very sympathetic to the desire to minimize the work of responding >> to subpoenas. A very effective way to do that is to not have the data. >> >> I would strongly prefer to see the blue sheets disappear entirely. >> Let's quit collecting data that we don't need. The collection of >> attendee lists does not directly support our technical work. To the >> extent that we need a headcount for meeting planning, a count (without >> names) is sufficient. >> >> -- Sam > +1 A headcount is clearly sufficient for room size allocation, but the primary purpose of the blue sheets is not, and never has been, the head count. Brian
