idnits 2.17.1 draft-cooper-privacy-policy-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 5, 2010) is 5044 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 3979 (ref. '2') (Obsoleted by RFC 8179) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IETF A. Cooper 3 Internet-Draft Center for Democracy & 4 Intended status: Informational Technology 5 Expires: January 6, 2011 July 5, 2010 7 IETF Privacy Policy 8 draft-cooper-privacy-policy-01 10 Abstract 12 This document proposes to serve as the IETF's privacy policy. This 13 policy applies to data collected in conjunction with IETF activities 14 and on public IETF-related web sites. 16 Status of this Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on January 6, 2011. 33 Copyright Notice 35 Copyright (c) 2010 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 1. Introduction 50 In keeping with the goals and objectives of this standards body, the 51 IETF is committed to the highest degree of respect for the privacy of 52 IETF participants and site visitors. This policy applies to data 53 collected in conjunction with IETF activities, whether online or in 54 person, and on public web sites hosted on ietf.org, iab.org, rfc- 55 editor.org, and irtf.org (known hereafter as "IETF-related web 56 sites"). This policy explains how the IETF applies the Fair 57 Information Practices -- a widely accepted set of privacy principles 58 [1] -- to the data we obtain. The Fair Information Practices may be 59 briefly summarized as follows: 61 o Collection Limitation: There should be limits to the collection of 62 data about people. 64 o Data Quality: Personal data should be accurate, complete, up-to- 65 date, and relevant to the purposes for which it was collected. 67 o Purpose Specification: The purpose of collecting personal data 68 should be specified in advance of collection. 70 o Use Limitation: Personal data should only be used for the purposes 71 for which it was collected. 73 o Security: Personal data should be protected by reasonable security 74 safeguards against unauthorised access, use, and disclosure. 76 o Openness: Practices and policies with respect to personal data 77 should be open and transparent. 79 o Individual Participation: Individuals should have choice, access, 80 correction, and redress rights with respect to their data. 82 o Accountability: Those that collect and use data should be 83 accountable for complying with the above principles. 85 [Note 1: This document is meant to be a strawman proposal for a 86 public-facing privacy policy that any visitor to IETF-related web 87 sites can read and understand. Issues specific to WG chairs and I* 88 members are therefore left out. This also means that the document is 89 not written as a compliance document for the chair/I* audience -- it 90 does not prescribe what they should or should not do with IETF 91 participants' data, but rather informs participants about what the 92 IETF does with their data.] 94 [Note 2: It is unlikely that the RFC model is the best model for 95 maintaining and updating a document like this. It is more likely to 96 fall within the scope of the IAOC and/or the Trust. While this is 97 being sorted out, the term "we" as used in this document should be 98 understood to encompass all IETF bodies/persons that handle 99 participants' and site visitors' data, including the secretariat, the 100 IAD, the IAOC, and the management of the IETF Tools. An explanation 101 of who "we" are should be added once the document has a proper home 102 within the IETF organizational structure.] 104 2. Information you can choose to share with the IETF 106 You can choose to share information with the IETF in a number of 107 ways, as explained below. All of this information is stored within 108 the United States unless otherwise noted. 110 Searching on IETF-related web sites: 111 The search terms you enter on IETF-related web sites are used only to 112 provide you with search results. 114 Making an IETF Contribution: 115 As defined in [2], an "IETF Contribution" is any submission to the 116 IETF intended by the contributor for publication as all or part of an 117 Internet-Draft or RFC (with limited exceptions) and any statement 118 made within the context of an IETF activity. Such statements include 119 oral statements in IETF sessions, as well as written and electronic 120 communications made at any time or place which are addressed to the 121 IETF. All IETF Contributions are public information that may be 122 indefinitely retained and posted publicly. 124 Signing up for a mailing list: 125 When you sign up for an IETF mailing list, you must provide an email 126 address, and you may optionally provide your name and a password. We 127 use this information only to deliver list mail to you and to 128 administer the mailing lists. The membership list of most IETF 129 mailing lists is available to members of those lists -- in other 130 words, if you are subscribed to a list, you can determine who else is 131 subscribed as well (although this is not possible for certain lists, 132 such as ietf@ietf.org). 134 Sending email to a mailing list: 135 Emails sent to IETF mailing lists are considered to be IETF 136 Contributions, as described above. Email messages that you send may 137 contain information about your computer, including your IP address 138 and the type of email program that you use. This and all email 139 message information is public information that may be archived or 140 replicated by anyone. 142 Registering to attend a meeting or social event: 144 When you register to attend an IETF meeting or social event, we ask 145 you for certain information about yourself, commonly including your 146 name, affiliation, address, email address, phone number, t-shirt 147 size, dietary restrictions, profile URL, and credit card information. 148 We use this information to register you and to process your payment. 149 We disclose your payment information to our payment processor, 150 Authorize.net. Otherwise, registration information is only disclosed 151 in the aggregate, to the meeting host or social event coordinator, 152 for example. Some registration information may be transferred to the 153 location of the meeting or event to which you registered (to provide 154 you with a name badge, for example). 156 Requesting a letter of invitation: 157 If you require a letter of invitation in order to obtain a visa or 158 other travel document to attend an IETF meeting, you can apply for a 159 letter through the IETF web site. To apply you must provide your 160 name, address, email, phone number, nationality, date of birth, and 161 passport number and expiration date. This information is used to 162 generate a letter of invitation that is personalized to you. 164 Attending a meeting: 165 When you attend a working group session at an IETF meeting, you are 166 required to provide your name and email address on a form known as a 167 "blue sheet" (which often but not always is blue). The blue sheets 168 serve as the official attendance record for working group sessions, 169 and such records are required by the IETF Working Group Guidelines 170 and Procedures [3] in support of an open Internet standards process. 171 To the extent that [3] is revised to require practices in conflict 172 with this privacy policy, this policy must be revised at the same 173 time as [3]. 175 Participating in meeting experiments: 176 We may from time to time experiment with new ways of collecting 177 attendance information (such as the RFID experiment conducted at IETF 178 76 [4]). The policies surrounding the data collection and use 179 involved in these experiments will always be announced well in 180 advance and linked from this policy. 182 Submitting or updating an Intellectual Property Rights (IPR) 183 disclosure: 184 When you submit or update an IPR disclosure (per [2]), we ask you for 185 certain information about yourself, including your name, address, 186 telephone number, and email address. We use this information only as 187 described in [2] to handle IPR issues. 189 Using IETF tools: 190 The IETF hosts a number of tools [5] on its Tools site. The wiki and 191 tracker tools allow you to upload content and tracker tickets to 192 individual working group pages. These tools require you to create a 193 user account by providing your email address and a password. Other 194 tools, including rfcdiff, idnits, and idspell, take Internet-Drafts 195 or potential Internet-Drafts as input. We use these inputs only for 196 the purpose of providing the tools. 198 Working group chairs and members of the IESG, IAB, IAOC and other 199 leadership bodies have many additional opportunities to share 200 information with the IETF which are not covered by this policy. 202 3. Information that is automatically shared when you visit IETF-related 203 web sites 205 Several different kinds of information are automatically shared with 206 the IETF when you visit IETF-related web sites: 208 o URLs of the web pages within our sites that you visit 210 o Internet Protocol (IP) address: The address of your computer on 211 the Internet. Your IP address gets transmitted whenever you 212 communicate online or visit web sites so that the content you are 213 accessing can be delivered to you. 215 o Browser type and operating system: The name and version number of 216 your web browser (for example, Internet Explorer 7 or Firefox 217 3.5.3) and operating system (for example, Windows XP or Mac OS X). 219 o Cookie: A piece of information that your browser can record after 220 visiting a web site. We use cookies on the IETF home page 221 (www.ietf.org) and on the IETF Tools wiki pages. 223 o URL of the page that directed you to our site: If you arrive at an 224 IETF-related web site through a link on another web site -- a 225 search engine or a blog, for example -- our web servers will 226 record the address of the web page that referred you to our site. 227 If you arrive at our web site by clicking on a search result 228 returned by a search engine, our servers may (depending on the 229 search engine) record the search terms that you used. 231 o Time and date of your site visit 233 This individualized, non-aggregated data is stored in the United 234 States in log files. These log files are retained for 1-3 months on 235 average (the exact retention period depends on the size of each log 236 file, which will vary with each IETF web site). We may occasionally 237 examine these individualized log files for troubleshooting and 238 security purposes. 240 We use persistent cookies on www.ietf.org to record your preference 241 about how you like to view the web site. These cookies are set to 242 expire in the year 2036. We use session cookies on tools.ietf.org to 243 manage users who log in to wiki pages. 245 We do not retain logs of any information collected when you access 246 IETF materials via means other than the web (FTP or rsync, for 247 example). 249 4. Data disclosure 251 The IETF does not sell, rent, or exchange any information that we 252 collect about our participants or site visitors. However, we will 253 disclose information under the following circumstances: 255 All IETF Contributions are public information and are usually 256 disclosed at the time the Contributions are made. 258 We may disclose to our payment processor (Authorize.net) the payment 259 information you provide to us when you register to attend an IETF 260 meeting in order to process your payment. 262 For all of the information we retain, we will comply with lawful 263 requests from law enforcement and civil litigants that follow 264 appropriate legal standards and procedures. We will object to 265 disclosure requests that we believe are improper. 267 [Note: I have removed the language below about notification to 268 participants affected by lawful process, but I think it is worth 269 considering adopting it as IETF policy. 271 "If the law or a lawful order requires us to disclose information 272 about your activities, we will (unless prohibited by law from doing 273 so) attempt to contact you prior to such disclosure, and attempt to 274 disclose to you the fact that we have submitted information to legal 275 authorities or civil litigants (including disclosing which 276 information we have submitted)."] 278 5. Data retention 280 All log files of automatically collected data about our site visitors 281 are deleted every 1-3 months on average. Aggregated data about 282 visitors to our web site which cannot be linked back to individual 283 visitors may be retained permanently. Some of this data is viewable 284 at [6]. 286 Meeting registration information other than credit card information 287 is permanently retained (including cancelled registrations). Credit 288 card processing records are retained for 18 months. 290 Letter of invitation information, including passport and date of 291 birth information, is permanently retained. 293 Blue sheets and IPR Disclosures are permanently retained. 295 IETF Tools inputs are retained for 1 month on average (the exact 296 retention period depends on the size of the log file for each tools 297 site). 299 More information about IETF data retention policies can be found in 300 the IETF Trust Records Retention Policy [7]. 302 6. Security Considerations 304 We use a variety of security technologies and procedures to help 305 protect your personal information from unauthorized access, use, or 306 disclosure. When we transmit sensitive information (such as credit 307 card numbers), we protect it through the use of the encrypted Secure 308 Socket Layer (SSL) protocol, and you may access all IETF websites 309 using SSL whenever desired. 311 When signing up for an IETF mailing list, you may optionally provide 312 a password. You will receive monthly reminders about your mailing 313 list subscriptions, and these reminders may contain your list 314 passwords. Because these emails are sent unencrypted, there is a 315 risk that your passwords may be intercepted by third parties. 316 Because of this, you should not use the same password for an IETF 317 mailing list that you use for any other secure transactions (such as 318 for your banking web site or email login). 320 [Note: This section still needs more information about access control 321 and encryption practices for data that gets stored.] 323 7. Changes to the privacy policy 325 If we make substantial changes to this privacy policy, we will post a 326 prominent notification on www.ietf.org and we will send a notice to 327 the IETF-Announce mailing list about the changes. You can sign up 328 for that mailing list and view its archives at [8]. 330 8. Your privacy questions 332 Feel free to contact us at [insert appropriate email address] to ask 333 us to disclose to you any information we have about you. You have 334 the right to correct, update, or delete information that we may have 335 about you, except to the extent that such alteration or deletion 336 would be contrary to the purpose and terms of [2] or [3]. 338 If you have any concerns about this policy, please contact [insert 339 appropriate email address]. 341 [Note 3: This is derived from CDT's privacy policy and is offered as 342 an example of a policy that the IETF could have.] 344 9. IANA Considerations 346 This document makes no request of IANA. 348 10. Acknowledgements 350 I would like to thank Fred Baker, John Morris, Martin Thomson, Henk 351 Uljerwaal, Tim Polk, Rich Kulawiec and the IAOC for their reviews of 352 this document. Glen Barney also provided invaluable insights. 354 11. Informative References 356 [1] Organization for Economic Cooperation and Development, "OECD 357 Guidelines on the Protection of Privacy and Transborder Flows of 358 Personal Data", http://www.oecd.org/document/18/ 359 0,3343,en_2649_34255_1815186_1_1_1_1,00.html, 1980. 361 [2] Bradner, S., "Intellectual Property Rights in IETF Technology", 362 BCP 79, RFC 3979, March 2005. 364 [3] Bradner, S., "IETF Working Group Guidelines and Procedures", 365 BCP 25, RFC 2418, September 1998. 367 [4] Internet Engineering Task Force, "RFID Tagging Experiment at 368 IETF 76", http://www.ietf.org/EbluesheetInformation.html, 2009. 370 [5] Internet Engineering Task Force, "IETF Tools", 371 http://tools.ietf.org/tools/, 2009. 373 [6] Internet Engineering Task Force, "Usage Statistics for 374 www6.ietf.org", http://www.ietf.org/usagedata/, 2010. 376 [7] IETF Trust, "IETF Trust Records Retention and Management 377 Policy", http://trustee.ietf.org/docs/ 378 IETF_Trust_Records_Retention_Policy_(Complete_Final).pdf, 2007. 380 [8] Internet Engineering Task Force, "IETF-Announce Info Page", 381 https://www.ietf.org/mailman/listinfo/IETF-Announce. 383 Author's Address 385 Alissa Cooper 386 Center for Democracy & Technology 387 1634 I Street NW, Suite 1100 388 Washington, DC 389 USA 391 Email: acooper@cdt.org