IETF A. Cooper Internet-Draft Center for Democracy & Intended status: Informational Technology Expires: January 6, 2011 July 5, 2010 IETF Privacy Policy draft-cooper-privacy-policy-01 Abstract This document proposes to serve as the IETF's privacy policy. This policy applies to data collected in conjunction with IETF activities and on public IETF-related web sites. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 6, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Cooper Expires January 6, 2011 [Page 1] Internet-Draft IETF Privacy Policy July 2010 1. Introduction In keeping with the goals and objectives of this standards body, the IETF is committed to the highest degree of respect for the privacy of IETF participants and site visitors. This policy applies to data collected in conjunction with IETF activities, whether online or in person, and on public web sites hosted on ietf.org, iab.org, rfc- editor.org, and irtf.org (known hereafter as "IETF-related web sites"). This policy explains how the IETF applies the Fair Information Practices -- a widely accepted set of privacy principles [1] -- to the data we obtain. The Fair Information Practices may be briefly summarized as follows: o Collection Limitation: There should be limits to the collection of data about people. o Data Quality: Personal data should be accurate, complete, up-to- date, and relevant to the purposes for which it was collected. o Purpose Specification: The purpose of collecting personal data should be specified in advance of collection. o Use Limitation: Personal data should only be used for the purposes for which it was collected. o Security: Personal data should be protected by reasonable security safeguards against unauthorised access, use, and disclosure. o Openness: Practices and policies with respect to personal data should be open and transparent. o Individual Participation: Individuals should have choice, access, correction, and redress rights with respect to their data. o Accountability: Those that collect and use data should be accountable for complying with the above principles. [Note 1: This document is meant to be a strawman proposal for a public-facing privacy policy that any visitor to IETF-related web sites can read and understand. Issues specific to WG chairs and I* members are therefore left out. This also means that the document is not written as a compliance document for the chair/I* audience -- it does not prescribe what they should or should not do with IETF participants' data, but rather informs participants about what the IETF does with their data.] [Note 2: It is unlikely that the RFC model is the best model for maintaining and updating a document like this. It is more likely to Cooper Expires January 6, 2011 [Page 2] Internet-Draft IETF Privacy Policy July 2010 fall within the scope of the IAOC and/or the Trust. While this is being sorted out, the term "we" as used in this document should be understood to encompass all IETF bodies/persons that handle participants' and site visitors' data, including the secretariat, the IAD, the IAOC, and the management of the IETF Tools. An explanation of who "we" are should be added once the document has a proper home within the IETF organizational structure.] 2. Information you can choose to share with the IETF You can choose to share information with the IETF in a number of ways, as explained below. All of this information is stored within the United States unless otherwise noted. Searching on IETF-related web sites: The search terms you enter on IETF-related web sites are used only to provide you with search results. Making an IETF Contribution: As defined in [2], an "IETF Contribution" is any submission to the IETF intended by the contributor for publication as all or part of an Internet-Draft or RFC (with limited exceptions) and any statement made within the context of an IETF activity. Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place which are addressed to the IETF. All IETF Contributions are public information that may be indefinitely retained and posted publicly. Signing up for a mailing list: When you sign up for an IETF mailing list, you must provide an email address, and you may optionally provide your name and a password. We use this information only to deliver list mail to you and to administer the mailing lists. The membership list of most IETF mailing lists is available to members of those lists -- in other words, if you are subscribed to a list, you can determine who else is subscribed as well (although this is not possible for certain lists, such as ietf@ietf.org). Sending email to a mailing list: Emails sent to IETF mailing lists are considered to be IETF Contributions, as described above. Email messages that you send may contain information about your computer, including your IP address and the type of email program that you use. This and all email message information is public information that may be archived or replicated by anyone. Registering to attend a meeting or social event: Cooper Expires January 6, 2011 [Page 3] Internet-Draft IETF Privacy Policy July 2010 When you register to attend an IETF meeting or social event, we ask you for certain information about yourself, commonly including your name, affiliation, address, email address, phone number, t-shirt size, dietary restrictions, profile URL, and credit card information. We use this information to register you and to process your payment. We disclose your payment information to our payment processor, Authorize.net. Otherwise, registration information is only disclosed in the aggregate, to the meeting host or social event coordinator, for example. Some registration information may be transferred to the location of the meeting or event to which you registered (to provide you with a name badge, for example). Requesting a letter of invitation: If you require a letter of invitation in order to obtain a visa or other travel document to attend an IETF meeting, you can apply for a letter through the IETF web site. To apply you must provide your name, address, email, phone number, nationality, date of birth, and passport number and expiration date. This information is used to generate a letter of invitation that is personalized to you. Attending a meeting: When you attend a working group session at an IETF meeting, you are required to provide your name and email address on a form known as a "blue sheet" (which often but not always is blue). The blue sheets serve as the official attendance record for working group sessions, and such records are required by the IETF Working Group Guidelines and Procedures [3] in support of an open Internet standards process. To the extent that [3] is revised to require practices in conflict with this privacy policy, this policy must be revised at the same time as [3]. Participating in meeting experiments: We may from time to time experiment with new ways of collecting attendance information (such as the RFID experiment conducted at IETF 76 [4]). The policies surrounding the data collection and use involved in these experiments will always be announced well in advance and linked from this policy. Submitting or updating an Intellectual Property Rights (IPR) disclosure: When you submit or update an IPR disclosure (per [2]), we ask you for certain information about yourself, including your name, address, telephone number, and email address. We use this information only as described in [2] to handle IPR issues. Using IETF tools: The IETF hosts a number of tools [5] on its Tools site. The wiki and tracker tools allow you to upload content and tracker tickets to Cooper Expires January 6, 2011 [Page 4] Internet-Draft IETF Privacy Policy July 2010 individual working group pages. These tools require you to create a user account by providing your email address and a password. Other tools, including rfcdiff, idnits, and idspell, take Internet-Drafts or potential Internet-Drafts as input. We use these inputs only for the purpose of providing the tools. Working group chairs and members of the IESG, IAB, IAOC and other leadership bodies have many additional opportunities to share information with the IETF which are not covered by this policy. 3. Information that is automatically shared when you visit IETF-related web sites Several different kinds of information are automatically shared with the IETF when you visit IETF-related web sites: o URLs of the web pages within our sites that you visit o Internet Protocol (IP) address: The address of your computer on the Internet. Your IP address gets transmitted whenever you communicate online or visit web sites so that the content you are accessing can be delivered to you. o Browser type and operating system: The name and version number of your web browser (for example, Internet Explorer 7 or Firefox 3.5.3) and operating system (for example, Windows XP or Mac OS X). o Cookie: A piece of information that your browser can record after visiting a web site. We use cookies on the IETF home page (www.ietf.org) and on the IETF Tools wiki pages. o URL of the page that directed you to our site: If you arrive at an IETF-related web site through a link on another web site -- a search engine or a blog, for example -- our web servers will record the address of the web page that referred you to our site. If you arrive at our web site by clicking on a search result returned by a search engine, our servers may (depending on the search engine) record the search terms that you used. o Time and date of your site visit This individualized, non-aggregated data is stored in the United States in log files. These log files are retained for 1-3 months on average (the exact retention period depends on the size of each log file, which will vary with each IETF web site). We may occasionally examine these individualized log files for troubleshooting and security purposes. Cooper Expires January 6, 2011 [Page 5] Internet-Draft IETF Privacy Policy July 2010 We use persistent cookies on www.ietf.org to record your preference about how you like to view the web site. These cookies are set to expire in the year 2036. We use session cookies on tools.ietf.org to manage users who log in to wiki pages. We do not retain logs of any information collected when you access IETF materials via means other than the web (FTP or rsync, for example). 4. Data disclosure The IETF does not sell, rent, or exchange any information that we collect about our participants or site visitors. However, we will disclose information under the following circumstances: All IETF Contributions are public information and are usually disclosed at the time the Contributions are made. We may disclose to our payment processor (Authorize.net) the payment information you provide to us when you register to attend an IETF meeting in order to process your payment. For all of the information we retain, we will comply with lawful requests from law enforcement and civil litigants that follow appropriate legal standards and procedures. We will object to disclosure requests that we believe are improper. [Note: I have removed the language below about notification to participants affected by lawful process, but I think it is worth considering adopting it as IETF policy. "If the law or a lawful order requires us to disclose information about your activities, we will (unless prohibited by law from doing so) attempt to contact you prior to such disclosure, and attempt to disclose to you the fact that we have submitted information to legal authorities or civil litigants (including disclosing which information we have submitted)."] 5. Data retention All log files of automatically collected data about our site visitors are deleted every 1-3 months on average. Aggregated data about visitors to our web site which cannot be linked back to individual visitors may be retained permanently. Some of this data is viewable at [6]. Cooper Expires January 6, 2011 [Page 6] Internet-Draft IETF Privacy Policy July 2010 Meeting registration information other than credit card information is permanently retained (including cancelled registrations). Credit card processing records are retained for 18 months. Letter of invitation information, including passport and date of birth information, is permanently retained. Blue sheets and IPR Disclosures are permanently retained. IETF Tools inputs are retained for 1 month on average (the exact retention period depends on the size of the log file for each tools site). More information about IETF data retention policies can be found in the IETF Trust Records Retention Policy [7]. 6. Security Considerations We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. When we transmit sensitive information (such as credit card numbers), we protect it through the use of the encrypted Secure Socket Layer (SSL) protocol, and you may access all IETF websites using SSL whenever desired. When signing up for an IETF mailing list, you may optionally provide a password. You will receive monthly reminders about your mailing list subscriptions, and these reminders may contain your list passwords. Because these emails are sent unencrypted, there is a risk that your passwords may be intercepted by third parties. Because of this, you should not use the same password for an IETF mailing list that you use for any other secure transactions (such as for your banking web site or email login). [Note: This section still needs more information about access control and encryption practices for data that gets stored.] 7. Changes to the privacy policy If we make substantial changes to this privacy policy, we will post a prominent notification on www.ietf.org and we will send a notice to the IETF-Announce mailing list about the changes. You can sign up for that mailing list and view its archives at [8]. Cooper Expires January 6, 2011 [Page 7] Internet-Draft IETF Privacy Policy July 2010 8. Your privacy questions Feel free to contact us at [insert appropriate email address] to ask us to disclose to you any information we have about you. You have the right to correct, update, or delete information that we may have about you, except to the extent that such alteration or deletion would be contrary to the purpose and terms of [2] or [3]. If you have any concerns about this policy, please contact [insert appropriate email address]. [Note 3: This is derived from CDT's privacy policy and is offered as an example of a policy that the IETF could have.] 9. IANA Considerations This document makes no request of IANA. 10. Acknowledgements I would like to thank Fred Baker, John Morris, Martin Thomson, Henk Uljerwaal, Tim Polk, Rich Kulawiec and the IAOC for their reviews of this document. Glen Barney also provided invaluable insights. 11. Informative References [1] Organization for Economic Cooperation and Development, "OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data", http://www.oecd.org/document/18/ 0,3343,en_2649_34255_1815186_1_1_1_1,00.html, 1980. [2] Bradner, S., "Intellectual Property Rights in IETF Technology", BCP 79, RFC 3979, March 2005. [3] Bradner, S., "IETF Working Group Guidelines and Procedures", BCP 25, RFC 2418, September 1998. [4] Internet Engineering Task Force, "RFID Tagging Experiment at IETF 76", http://www.ietf.org/EbluesheetInformation.html, 2009. [5] Internet Engineering Task Force, "IETF Tools", http://tools.ietf.org/tools/, 2009. [6] Internet Engineering Task Force, "Usage Statistics for www6.ietf.org", http://www.ietf.org/usagedata/, 2010. Cooper Expires January 6, 2011 [Page 8] Internet-Draft IETF Privacy Policy July 2010 [7] IETF Trust, "IETF Trust Records Retention and Management Policy", http://trustee.ietf.org/docs/ IETF_Trust_Records_Retention_Policy_(Complete_Final).pdf, 2007. [8] Internet Engineering Task Force, "IETF-Announce Info Page", https://www.ietf.org/mailman/listinfo/IETF-Announce. Author's Address Alissa Cooper Center for Democracy & Technology 1634 I Street NW, Suite 1100 Washington, DC USA Email: acooper@cdt.org Cooper Expires January 6, 2011 [Page 9]