IETF A. Cooper
Internet-Draft Center for Democracy &
Intended status: Informational Technology
Expires: January 6, 2011 July 5, 2010
IETF Privacy Policy
draft-cooper-privacy-policy-01
Abstract
This document proposes to serve as the IETF's privacy policy. This
policy applies to data collected in conjunction with IETF activities
and on public IETF-related web sites.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 6, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Cooper Expires January 6, 2011 [Page 1]
�
Internet-Draft IETF Privacy Policy July 2010
1. Introduction
In keeping with the goals and objectives of this standards body, the
IETF is committed to the highest degree of respect for the privacy of
IETF participants and site visitors. This policy applies to data
collected in conjunction with IETF activities, whether online or in
person, and on public web sites hosted on ietf.org, iab.org, rfc-
editor.org, and irtf.org (known hereafter as "IETF-related web
sites"). This policy explains how the IETF applies the Fair
Information Practices -- a widely accepted set of privacy principles
[1] -- to the data we obtain. The Fair Information Practices may be
briefly summarized as follows:
o Collection Limitation: There should be limits to the collection of
data about people.
o Data Quality: Personal data should be accurate, complete, up-to-
date, and relevant to the purposes for which it was collected.
o Purpose Specification: The purpose of collecting personal data
should be specified in advance of collection.
o Use Limitation: Personal data should only be used for the purposes
for which it was collected.
o Security: Personal data should be protected by reasonable security
safeguards against unauthorised access, use, and disclosure.
o Openness: Practices and policies with respect to personal data
should be open and transparent.
o Individual Participation: Individuals should have choice, access,
correction, and redress rights with respect to their data.
o Accountability: Those that collect and use data should be
accountable for complying with the above principles.
[Note 1: This document is meant to be a strawman proposal for a
public-facing privacy policy that any visitor to IETF-related web
sites can read and understand. Issues specific to WG chairs and I*
members are therefore left out. This also means that the document is
not written as a compliance document for the chair/I* audience -- it
does not prescribe what they should or should not do with IETF
participants' data, but rather informs participants about what the
IETF does with their data.]
[Note 2: It is unlikely that the RFC model is the best model for
maintaining and updating a document like this. It is more likely to
Cooper Expires January 6, 2011 [Page 2]
�
Internet-Draft IETF Privacy Policy July 2010
fall within the scope of the IAOC and/or the Trust. While this is
being sorted out, the term "we" as used in this document should be
understood to encompass all IETF bodies/persons that handle
participants' and site visitors' data, including the secretariat, the
IAD, the IAOC, and the management of the IETF Tools. An explanation
of who "we" are should be added once the document has a proper home
within the IETF organizational structure.]
2. Information you can choose to share with the IETF
You can choose to share information with the IETF in a number of
ways, as explained below. All of this information is stored within
the United States unless otherwise noted.
Searching on IETF-related web sites:
The search terms you enter on IETF-related web sites are used only to
provide you with search results.
Making an IETF Contribution:
As defined in [2], an "IETF Contribution" is any submission to the
IETF intended by the contributor for publication as all or part of an
Internet-Draft or RFC (with limited exceptions) and any statement
made within the context of an IETF activity. Such statements include
oral statements in IETF sessions, as well as written and electronic
communications made at any time or place which are addressed to the
IETF. All IETF Contributions are public information that may be
indefinitely retained and posted publicly.
Signing up for a mailing list:
When you sign up for an IETF mailing list, you must provide an email
address, and you may optionally provide your name and a password. We
use this information only to deliver list mail to you and to
administer the mailing lists. The membership list of most IETF
mailing lists is available to members of those lists -- in other
words, if you are subscribed to a list, you can determine who else is
subscribed as well (although this is not possible for certain lists,
such as ietf@ietf.org).
Sending email to a mailing list:
Emails sent to IETF mailing lists are considered to be IETF
Contributions, as described above. Email messages that you send may
contain information about your computer, including your IP address
and the type of email program that you use. This and all email
message information is public information that may be archived or
replicated by anyone.
Registering to attend a meeting or social event:
Cooper Expires January 6, 2011 [Page 3]
�
Internet-Draft IETF Privacy Policy July 2010
When you register to attend an IETF meeting or social event, we ask
you for certain information about yourself, commonly including your
name, affiliation, address, email address, phone number, t-shirt
size, dietary restrictions, profile URL, and credit card information.
We use this information to register you and to process your payment.
We disclose your payment information to our payment processor,
Authorize.net. Otherwise, registration information is only disclosed
in the aggregate, to the meeting host or social event coordinator,
for example. Some registration information may be transferred to the
location of the meeting or event to which you registered (to provide
you with a name badge, for example).
Requesting a letter of invitation:
If you require a letter of invitation in order to obtain a visa or
other travel document to attend an IETF meeting, you can apply for a
letter through the IETF web site. To apply you must provide your
name, address, email, phone number, nationality, date of birth, and
passport number and expiration date. This information is used to
generate a letter of invitation that is personalized to you.
Attending a meeting:
When you attend a working group session at an IETF meeting, you are
required to provide your name and email address on a form known as a
"blue sheet" (which often but not always is blue). The blue sheets
serve as the official attendance record for working group sessions,
and such records are required by the IETF Working Group Guidelines
and Procedures [3] in support of an open Internet standards process.
To the extent that [3] is revised to require practices in conflict
with this privacy policy, this policy must be revised at the same
time as [3].
Participating in meeting experiments:
We may from time to time experiment with new ways of collecting
attendance information (such as the RFID experiment conducted at IETF
76 [4]). The policies surrounding the data collection and use
involved in these experiments will always be announced well in
advance and linked from this policy.
Submitting or updating an Intellectual Property Rights (IPR)
disclosure:
When you submit or update an IPR disclosure (per [2]), we ask you for
certain information about yourself, including your name, address,
telephone number, and email address. We use this information only as
described in [2] to handle IPR issues.
Using IETF tools:
The IETF hosts a number of tools [5] on its Tools site. The wiki and
tracker tools allow you to upload content and tracker tickets to
Cooper Expires January 6, 2011 [Page 4]
�
Internet-Draft IETF Privacy Policy July 2010
individual working group pages. These tools require you to create a
user account by providing your email address and a password. Other
tools, including rfcdiff, idnits, and idspell, take Internet-Drafts
or potential Internet-Drafts as input. We use these inputs only for
the purpose of providing the tools.
Working group chairs and members of the IESG, IAB, IAOC and other
leadership bodies have many additional opportunities to share
information with the IETF which are not covered by this policy.
3. Information that is automatically shared when you visit IETF-related
web sites
Several different kinds of information are automatically shared with
the IETF when you visit IETF-related web sites:
o URLs of the web pages within our sites that you visit
o Internet Protocol (IP) address: The address of your computer on
the Internet. Your IP address gets transmitted whenever you
communicate online or visit web sites so that the content you are
accessing can be delivered to you.
o Browser type and operating system: The name and version number of
your web browser (for example, Internet Explorer 7 or Firefox
3.5.3) and operating system (for example, Windows XP or Mac OS X).
o Cookie: A piece of information that your browser can record after
visiting a web site. We use cookies on the IETF home page
(www.ietf.org) and on the IETF Tools wiki pages.
o URL of the page that directed you to our site: If you arrive at an
IETF-related web site through a link on another web site -- a
search engine or a blog, for example -- our web servers will
record the address of the web page that referred you to our site.
If you arrive at our web site by clicking on a search result
returned by a search engine, our servers may (depending on the
search engine) record the search terms that you used.
o Time and date of your site visit
This individualized, non-aggregated data is stored in the United
States in log files. These log files are retained for 1-3 months on
average (the exact retention period depends on the size of each log
file, which will vary with each IETF web site). We may occasionally
examine these individualized log files for troubleshooting and
security purposes.
Cooper Expires January 6, 2011 [Page 5]
�
Internet-Draft IETF Privacy Policy July 2010
We use persistent cookies on www.ietf.org to record your preference
about how you like to view the web site. These cookies are set to
expire in the year 2036. We use session cookies on tools.ietf.org to
manage users who log in to wiki pages.
We do not retain logs of any information collected when you access
IETF materials via means other than the web (FTP or rsync, for
example).
4. Data disclosure
The IETF does not sell, rent, or exchange any information that we
collect about our participants or site visitors. However, we will
disclose information under the following circumstances:
All IETF Contributions are public information and are usually
disclosed at the time the Contributions are made.
We may disclose to our payment processor (Authorize.net) the payment
information you provide to us when you register to attend an IETF
meeting in order to process your payment.
For all of the information we retain, we will comply with lawful
requests from law enforcement and civil litigants that follow
appropriate legal standards and procedures. We will object to
disclosure requests that we believe are improper.
[Note: I have removed the language below about notification to
participants affected by lawful process, but I think it is worth
considering adopting it as IETF policy.
"If the law or a lawful order requires us to disclose information
about your activities, we will (unless prohibited by law from doing
so) attempt to contact you prior to such disclosure, and attempt to
disclose to you the fact that we have submitted information to legal
authorities or civil litigants (including disclosing which
information we have submitted)."]
5. Data retention
All log files of automatically collected data about our site visitors
are deleted every 1-3 months on average. Aggregated data about
visitors to our web site which cannot be linked back to individual
visitors may be retained permanently. Some of this data is viewable
at [6].
Cooper Expires January 6, 2011 [Page 6]
�
Internet-Draft IETF Privacy Policy July 2010
Meeting registration information other than credit card information
is permanently retained (including cancelled registrations). Credit
card processing records are retained for 18 months.
Letter of invitation information, including passport and date of
birth information, is permanently retained.
Blue sheets and IPR Disclosures are permanently retained.
IETF Tools inputs are retained for 1 month on average (the exact
retention period depends on the size of the log file for each tools
site).
More information about IETF data retention policies can be found in
the IETF Trust Records Retention Policy [7].
6. Security Considerations
We use a variety of security technologies and procedures to help
protect your personal information from unauthorized access, use, or
disclosure. When we transmit sensitive information (such as credit
card numbers), we protect it through the use of the encrypted Secure
Socket Layer (SSL) protocol, and you may access all IETF websites
using SSL whenever desired.
When signing up for an IETF mailing list, you may optionally provide
a password. You will receive monthly reminders about your mailing
list subscriptions, and these reminders may contain your list
passwords. Because these emails are sent unencrypted, there is a
risk that your passwords may be intercepted by third parties.
Because of this, you should not use the same password for an IETF
mailing list that you use for any other secure transactions (such as
for your banking web site or email login).
[Note: This section still needs more information about access control
and encryption practices for data that gets stored.]
7. Changes to the privacy policy
If we make substantial changes to this privacy policy, we will post a
prominent notification on www.ietf.org and we will send a notice to
the IETF-Announce mailing list about the changes. You can sign up
for that mailing list and view its archives at [8].
Cooper Expires January 6, 2011 [Page 7]
�
Internet-Draft IETF Privacy Policy July 2010
8. Your privacy questions
Feel free to contact us at [insert appropriate email address] to ask
us to disclose to you any information we have about you. You have
the right to correct, update, or delete information that we may have
about you, except to the extent that such alteration or deletion
would be contrary to the purpose and terms of [2] or [3].
If you have any concerns about this policy, please contact [insert
appropriate email address].
[Note 3: This is derived from CDT's privacy policy and is offered as
an example of a policy that the IETF could have.]
9. IANA Considerations
This document makes no request of IANA.
10. Acknowledgements
I would like to thank Fred Baker, John Morris, Martin Thomson, Henk
Uljerwaal, Tim Polk, Rich Kulawiec and the IAOC for their reviews of
this document. Glen Barney also provided invaluable insights.
11. Informative References
[1] Organization for Economic Cooperation and Development, "OECD
Guidelines on the Protection of Privacy and Transborder Flows of
Personal Data", http://www.oecd.org/document/18/
0,3343,en_2649_34255_1815186_1_1_1_1,00.html, 1980.
[2] Bradner, S., "Intellectual Property Rights in IETF Technology",
BCP 79, RFC 3979, March 2005.
[3] Bradner, S., "IETF Working Group Guidelines and Procedures",
BCP 25, RFC 2418, September 1998.
[4] Internet Engineering Task Force, "RFID Tagging Experiment at
IETF 76", http://www.ietf.org/EbluesheetInformation.html, 2009.
[5] Internet Engineering Task Force, "IETF Tools",
http://tools.ietf.org/tools/, 2009.
[6] Internet Engineering Task Force, "Usage Statistics for
www6.ietf.org", http://www.ietf.org/usagedata/, 2010.
Cooper Expires January 6, 2011 [Page 8]
�
Internet-Draft IETF Privacy Policy July 2010
[7] IETF Trust, "IETF Trust Records Retention and Management
Policy", http://trustee.ietf.org/docs/
IETF_Trust_Records_Retention_Policy_(Complete_Final).pdf, 2007.
[8] Internet Engineering Task Force, "IETF-Announce Info Page",
https://www.ietf.org/mailman/listinfo/IETF-Announce.
Author's Address
Alissa Cooper
Center for Democracy & Technology
1634 I Street NW, Suite 1100
Washington, DC
USA
Email: acooper@cdt.org
Cooper Expires January 6, 2011 [Page 9]
�