Professor, Your comments at the mike were out of line, so: I challenge you and your 3 best kiss ass grad students to a debate on reality
I do respect you. Cheers, Martin ----- Original Message ----- From: [email protected] <[email protected]> To: Alissa Cooper <[email protected]> Cc: 'GEOPRIV' <[email protected]>; John Morris <[email protected]> Sent: Sat Mar 28 14:20:54 2009 Subject: Re: [Geopriv] Geo URI and privacy URI But the IETF is an engineering organization, not a political lobbying organization, so practicality matters. As I've pointed out, a strict interpretation of the retention policy means that only no logging at all is possible, since you can't reasonably purge logs at different time intervals. It's a bit much to expect a company to completely re- architect their web server, if the alternative is to ignore GEOPRIV. I'd be really surprised if any company in the location space thinks about GEOPRIV at all... It's pretty clear that, after 6 years, we've had minimal impact in the pieces that require location privacy, so it might be time to ask why. I'm all for the goals of ensuring privacy, but relying on "everybody should be doing it the way we want to" is not a road to success. There is nothing magic about the policy primitives that we cooked up in the early GEOPRIV days; given their lack of impact, it might be useful to consider ideas that achieve privacy goals, but more closely reflect how real network services work, as opposed to expecting everyone to change. As defined currently, logging has to be seen as retention, so we either need to specify that it somehow doesn't apply as long as the site has a logging policy stated (or some other reasonable definition), or expect to be ignored. Henning On Mar 28, 2009, at 1:22 PM, Alissa Cooper wrote: > I might be about to get too philosophical here, but... > > In some sense the entire Geopriv privacy architecture could be > considered a "non-starter" for the same reason you suggest below: > it's meant to encourage location recipients to change their current > behavior. If it didn't require behavior change, it wouldn't have any > utility. > > Again, I think retention-expires has value even if all that results > from it is that a recipient thinks twice about its logging policy, > or clarifies its disclosures about its logging policy, or realizes > that people care about its logging policy. IMO, defining a strict > semantic that results in this kind of reaction is preferable to > creating a loophole in the semantic that could potentially swallow > all of its value. > > On Mar 26, 2009, at 6:12 PM, Henning Schulzrinne wrote: > >> I'm sorry, but after 6 years we're no closer to this happening. >> However, anything that requires running non-standard web setups >> seems like a non-starter. No wonder that W3C doesn't take GEOPRIV >> seriously... >> >> Henning >> >> On Mar 26, 2009, at 6:05 PM, John Morris wrote: >> >>> +1 to Alissa (perhaps not a surprise)... but for historical >>> interest, I have pasted below excerpts from three 2003 e-mails in >>> which Henning and I discussed this same topic.... John >>> >>> At 11:01 AM -0500 11/11/03, Henning Schulzrinne wrote: >>>> Date: Tue, 11 Nov 2003 11:01:13 -0500 >>>> From: Henning Schulzrinne <[email protected]> >>>> To: "'[email protected]'" <[email protected]> >>>> Subject: [Geopriv] Questions on pidf-lo >>>> >>>> After another reading and some hallway discussions, a few >>>> questions on PIDF-LO: >>>> <snip> >>>> 3) Retention >>>> >>>> Normal operating procedure is that databases are backed up. Am I >>>> liable if a location object accidentally makes it onto the backup >>>> tape? (Example: retention is 24 hours; LO arrives at 8 pm; backup >>>> is run at midnight. I can't tell the backup routine to not backup >>>> that entry.) >>>> >>>> Worded in its current vagueness, I'm afraid that any large entity >>>> who has any exposure at all would be foolish to accept any object >>>> that in any way restricts retention and distribution. >>>> >>>> Henning >>> >>> At 12:34 PM -0600 11/11/03, John Morris wrote: >>>> Date: Tue, 11 Nov 2003 12:34:32 -0600 >>>> To: Henning Schulzrinne <[email protected]> >>>> From: John Morris <[email protected]> >>>> Subject: Re: [Geopriv] Questions on pidf-lo >>>> Cc: "'[email protected]'" <[email protected]> >>>> >>>> Henning, you won't be happy with how I would answer these >>>> questions. See inline. John >>> <snip> >>>>> 3) Retention >>>>> >>>>> Normal operating procedure is that databases are backed up. Am I >>>>> liable if a location object accidentally makes it onto the >>>>> backup tape? (Example: retention is 24 hours; LO arrives at 8 >>>>> pm; backup is run at midnight. I can't tell the backup routine >>>>> to not backup that entry.) >>>>> >>>>> Worded in its current vagueness, I'm afraid that any large >>>>> entity who has any exposure at all would be foolish to accept >>>>> any object that in any way restricts retention and distribution. >>>> >>>> My answer is that big entities will have to cope. In the U.S. at >>>> least, we have not yet resolved the train wreck that occurs >>>> between privacy and routine backup tapes. If the info is in a >>>> backup tape, it can be obtained through subpoena, law enforcement >>>> request, etc. >>>> >>>> And yes, I do think that companies are moving toward a more >>>> considered backup strategy that takes privacy and other legal >>>> obligations into account. It will be a slow transistion, but I >>>> think it will happen. >>>> >>>> So any entity concerned about this type of exposure should decide >>>> that certain information should simply not be retained in >>>> databases that are routinely backed up. I strongly do not think >>>> we should allow geopriv to say "do not retain the info longer >>>> than the rule permits (except routine backups don't count)." >>>> >>>>> Henning >>>> >>>> John >>> >>> At 2:56 PM -0500 11/11/03, Henning Schulzrinne wrote: >>>> Date: Tue, 11 Nov 2003 14:56:58 -0500 >>>> From: Henning Schulzrinne <[email protected]> >>>> To: John Morris <[email protected]> >>>> Cc: "'[email protected]'" <[email protected]> >>>> Subject: Re: [Geopriv] Questions on pidf-lo >>>> >>>> John Morris wrote: >>>> >>>>> Henning, you won't be happy with how I would answer these >>>>> questions. See inline. John >>>> >>>> I'm actually happy with *any* consistent and implementable >>>> answer. I'm mostly concerned that implementors are given >>>> insufficient guidance in the spec. >>>> >>> <snip> >>>>> My answer is that big entities will have to cope. In the U.S. >>>>> at least, we have not yet resolved the train wreck that occurs >>>>> between privacy and routine backup tapes. If the info is in a >>>>> backup tape, it can be obtained through subpoena, law >>>>> enforcement request, etc. >>>>> >>>>> And yes, I do think that companies are moving toward a more >>>>> considered backup strategy that takes privacy and other legal >>>>> obligations into account. It will be a slow transistion, but I >>>>> think it will happen. >>>>> >>>>> So any entity concerned about this type of exposure should >>>>> decide that certain information should simply not be retained in >>>>> databases that are routinely backed up. I strongly do not think >>>>> we should allow geopriv to say "do not retain the info longer >>>>> than the rule permits (except routine backups don't count)." >>>> >>>> As long as we say "this includes backup media", I'm fine - I'm >>>> just for clarity. We can't remove every ambiguity, but that's no >>>> excuse not to be precise where we can. >>> _______________________________________________ >>> Geopriv mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/geopriv >>> >> >> _______________________________________________ >> Geopriv mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/geopriv > > -- > ---------------------------------------------------- > Alissa Cooper > Chief Computer Scientist > Center for Democracy and Technology > 202 637 9800 x110 > [email protected] > http://www.cdt.org/ > > > > > > > _______________________________________________ Geopriv mailing list [email protected] https://www.ietf.org/mailman/listinfo/geopriv _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
