IETF                                                           A. Cooper
Internet-Draft                                    Center for Democracy &
Intended status: Informational                                Technology
Expires: January 6, 2011                                    July 5, 2010

                          IETF Privacy Policy


   This document proposes to serve as the IETF's privacy policy.  This
   policy applies to data collected in conjunction with IETF activities
   and on public IETF-related web sites.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 6, 2011.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Cooper                   Expires January 6, 2011                [Page 1]

Internet-Draft             IETF Privacy Policy                 July 2010

1.  Introduction

   In keeping with the goals and objectives of this standards body, the
   IETF is committed to the highest degree of respect for the privacy of
   IETF participants and site visitors.  This policy applies to data
   collected in conjunction with IETF activities, whether online or in
   person, and on public web sites hosted on,, rfc-, and (known hereafter as "IETF-related web
   sites").  This policy explains how the IETF applies the Fair
   Information Practices -- a widely accepted set of privacy principles
   [1] -- to the data we obtain.  The Fair Information Practices may be
   briefly summarized as follows:

   o  Collection Limitation: There should be limits to the collection of
      data about people.

   o  Data Quality: Personal data should be accurate, complete, up-to-
      date, and relevant to the purposes for which it was collected.

   o  Purpose Specification: The purpose of collecting personal data
      should be specified in advance of collection.

   o  Use Limitation: Personal data should only be used for the purposes
      for which it was collected.

   o  Security: Personal data should be protected by reasonable security
      safeguards against unauthorised access, use, and disclosure.

   o  Openness: Practices and policies with respect to personal data
      should be open and transparent.

   o  Individual Participation: Individuals should have choice, access,
      correction, and redress rights with respect to their data.

   o  Accountability: Those that collect and use data should be
      accountable for complying with the above principles.

   [Note 1: This document is meant to be a strawman proposal for a
   public-facing privacy policy that any visitor to IETF-related web
   sites can read and understand.  Issues specific to WG chairs and I*
   members are therefore left out.  This also means that the document is
   not written as a compliance document for the chair/I* audience -- it
   does not prescribe what they should or should not do with IETF
   participants' data, but rather informs participants about what the
   IETF does with their data.]

   [Note 2: It is unlikely that the RFC model is the best model for
   maintaining and updating a document like this.  It is more likely to

Cooper                   Expires January 6, 2011                [Page 2]

Internet-Draft             IETF Privacy Policy                 July 2010

   fall within the scope of the IAOC and/or the Trust.  While this is
   being sorted out, the term "we" as used in this document should be
   understood to encompass all IETF bodies/persons that handle
   participants' and site visitors' data, including the secretariat, the
   IAD, the IAOC, and the management of the IETF Tools.  An explanation
   of who "we" are should be added once the document has a proper home
   within the IETF organizational structure.]

2.  Information you can choose to share with the IETF

   You can choose to share information with the IETF in a number of
   ways, as explained below.  All of this information is stored within
   the United States unless otherwise noted.

   Searching on IETF-related web sites:
   The search terms you enter on IETF-related web sites are used only to
   provide you with search results.

   Making an IETF Contribution:
   As defined in [2], an "IETF Contribution" is any submission to the
   IETF intended by the contributor for publication as all or part of an
   Internet-Draft or RFC (with limited exceptions) and any statement
   made within the context of an IETF activity.  Such statements include
   oral statements in IETF sessions, as well as written and electronic
   communications made at any time or place which are addressed to the
   IETF.  All IETF Contributions are public information that may be
   indefinitely retained and posted publicly.

   Signing up for a mailing list:
   When you sign up for an IETF mailing list, you must provide an email
   address, and you may optionally provide your name and a password.  We
   use this information only to deliver list mail to you and to
   administer the mailing lists.  The membership list of most IETF
   mailing lists is available to members of those lists -- in other
   words, if you are subscribed to a list, you can determine who else is
   subscribed as well (although this is not possible for certain lists,
   such as

   Sending email to a mailing list:
   Emails sent to IETF mailing lists are considered to be IETF
   Contributions, as described above.  Email messages that you send may
   contain information about your computer, including your IP address
   and the type of email program that you use.  This and all email
   message information is public information that may be archived or
   replicated by anyone.

   Registering to attend a meeting or social event:

Cooper                   Expires January 6, 2011                [Page 3]

Internet-Draft             IETF Privacy Policy                 July 2010

   When you register to attend an IETF meeting or social event, we ask
   you for certain information about yourself, commonly including your
   name, affiliation, address, email address, phone number, t-shirt
   size, dietary restrictions, profile URL, and credit card information.
   We use this information to register you and to process your payment.
   We disclose your payment information to our payment processor,  Otherwise, registration information is only disclosed
   in the aggregate, to the meeting host or social event coordinator,
   for example.  Some registration information may be transferred to the
   location of the meeting or event to which you registered (to provide
   you with a name badge, for example).

   Requesting a letter of invitation:
   If you require a letter of invitation in order to obtain a visa or
   other travel document to attend an IETF meeting, you can apply for a
   letter through the IETF web site.  To apply you must provide your
   name, address, email, phone number, nationality, date of birth, and
   passport number and expiration date.  This information is used to
   generate a letter of invitation that is personalized to you.

   Attending a meeting:
   When you attend a working group session at an IETF meeting, you are
   required to provide your name and email address on a form known as a
   "blue sheet" (which often but not always is blue).  The blue sheets
   serve as the official attendance record for working group sessions,
   and such records are required by the IETF Working Group Guidelines
   and Procedures [3] in support of an open Internet standards process.
   To the extent that [3] is revised to require practices in conflict
   with this privacy policy, this policy must be revised at the same
   time as [3].

   Participating in meeting experiments:
   We may from time to time experiment with new ways of collecting
   attendance information (such as the RFID experiment conducted at IETF
   76 [4]).  The policies surrounding the data collection and use
   involved in these experiments will always be announced well in
   advance and linked from this policy.

   Submitting or updating an Intellectual Property Rights (IPR)
   When you submit or update an IPR disclosure (per [2]), we ask you for
   certain information about yourself, including your name, address,
   telephone number, and email address.  We use this information only as
   described in [2] to handle IPR issues.

   Using IETF tools:
   The IETF hosts a number of tools [5] on its Tools site.  The wiki and
   tracker tools allow you to upload content and tracker tickets to

Cooper                   Expires January 6, 2011                [Page 4]

Internet-Draft             IETF Privacy Policy                 July 2010

   individual working group pages.  These tools require you to create a
   user account by providing your email address and a password.  Other
   tools, including rfcdiff, idnits, and idspell, take Internet-Drafts
   or potential Internet-Drafts as input.  We use these inputs only for
   the purpose of providing the tools.

   Working group chairs and members of the IESG, IAB, IAOC and other
   leadership bodies have many additional opportunities to share
   information with the IETF which are not covered by this policy.

3.  Information that is automatically shared when you visit IETF-related
    web sites

   Several different kinds of information are automatically shared with
   the IETF when you visit IETF-related web sites:

   o  URLs of the web pages within our sites that you visit

   o  Internet Protocol (IP) address: The address of your computer on
      the Internet.  Your IP address gets transmitted whenever you
      communicate online or visit web sites so that the content you are
      accessing can be delivered to you.

   o  Browser type and operating system: The name and version number of
      your web browser (for example, Internet Explorer 7 or Firefox
      3.5.3) and operating system (for example, Windows XP or Mac OS X).

   o  Cookie: A piece of information that your browser can record after
      visiting a web site.  We use cookies on the IETF home page
      ( and on the IETF Tools wiki pages.

   o  URL of the page that directed you to our site: If you arrive at an
      IETF-related web site through a link on another web site -- a
      search engine or a blog, for example -- our web servers will
      record the address of the web page that referred you to our site.
      If you arrive at our web site by clicking on a search result
      returned by a search engine, our servers may (depending on the
      search engine) record the search terms that you used.

   o  Time and date of your site visit

   This individualized, non-aggregated data is stored in the United
   States in log files.  These log files are retained for 1-3 months on
   average (the exact retention period depends on the size of each log
   file, which will vary with each IETF web site).  We may occasionally
   examine these individualized log files for troubleshooting and
   security purposes.

Cooper                   Expires January 6, 2011                [Page 5]

Internet-Draft             IETF Privacy Policy                 July 2010

   We use persistent cookies on to record your preference
   about how you like to view the web site.  These cookies are set to
   expire in the year 2036.  We use session cookies on to
   manage users who log in to wiki pages.

   We do not retain logs of any information collected when you access
   IETF materials via means other than the web (FTP or rsync, for

4.  Data disclosure

   The IETF does not sell, rent, or exchange any information that we
   collect about our participants or site visitors.  However, we will
   disclose information under the following circumstances:

   All IETF Contributions are public information and are usually
   disclosed at the time the Contributions are made.

   We may disclose to our payment processor ( the payment
   information you provide to us when you register to attend an IETF
   meeting in order to process your payment.

   For all of the information we retain, we will comply with lawful
   requests from law enforcement and civil litigants that follow
   appropriate legal standards and procedures.  We will object to
   disclosure requests that we believe are improper.

   [Note: I have removed the language below about notification to
   participants affected by lawful process, but I think it is worth
   considering adopting it as IETF policy.

   "If the law or a lawful order requires us to disclose information
   about your activities, we will (unless prohibited by law from doing
   so) attempt to contact you prior to such disclosure, and attempt to
   disclose to you the fact that we have submitted information to legal
   authorities or civil litigants (including disclosing which
   information we have submitted)."]

5.  Data retention

   All log files of automatically collected data about our site visitors
   are deleted every 1-3 months on average.  Aggregated data about
   visitors to our web site which cannot be linked back to individual
   visitors may be retained permanently.  Some of this data is viewable
   at [6].

Cooper                   Expires January 6, 2011                [Page 6]

Internet-Draft             IETF Privacy Policy                 July 2010

   Meeting registration information other than credit card information
   is permanently retained (including cancelled registrations).  Credit
   card processing records are retained for 18 months.

   Letter of invitation information, including passport and date of
   birth information, is permanently retained.

   Blue sheets and IPR Disclosures are permanently retained.

   IETF Tools inputs are retained for 1 month on average (the exact
   retention period depends on the size of the log file for each tools

   More information about IETF data retention policies can be found in
   the IETF Trust Records Retention Policy [7].

6.  Security Considerations

   We use a variety of security technologies and procedures to help
   protect your personal information from unauthorized access, use, or
   disclosure.  When we transmit sensitive information (such as credit
   card numbers), we protect it through the use of the encrypted Secure
   Socket Layer (SSL) protocol, and you may access all IETF websites
   using SSL whenever desired.

   When signing up for an IETF mailing list, you may optionally provide
   a password.  You will receive monthly reminders about your mailing
   list subscriptions, and these reminders may contain your list
   passwords.  Because these emails are sent unencrypted, there is a
   risk that your passwords may be intercepted by third parties.
   Because of this, you should not use the same password for an IETF
   mailing list that you use for any other secure transactions (such as
   for your banking web site or email login).

   [Note: This section still needs more information about access control
   and encryption practices for data that gets stored.]

7.  Changes to the privacy policy

   If we make substantial changes to this privacy policy, we will post a
   prominent notification on and we will send a notice to
   the IETF-Announce mailing list about the changes.  You can sign up
   for that mailing list and view its archives at [8].

Cooper                   Expires January 6, 2011                [Page 7]

Internet-Draft             IETF Privacy Policy                 July 2010

8.  Your privacy questions

   Feel free to contact us at [insert appropriate email address] to ask
   us to disclose to you any information we have about you.  You have
   the right to correct, update, or delete information that we may have
   about you, except to the extent that such alteration or deletion
   would be contrary to the purpose and terms of [2] or [3].

   If you have any concerns about this policy, please contact [insert
   appropriate email address].

   [Note 3: This is derived from CDT's privacy policy and is offered as
   an example of a policy that the IETF could have.]

9.  IANA Considerations

   This document makes no request of IANA.

10.  Acknowledgements

   I would like to thank Fred Baker, John Morris, Martin Thomson, Henk
   Uljerwaal, Tim Polk, Rich Kulawiec and the IAOC for their reviews of
   this document.  Glen Barney also provided invaluable insights.

11.  Informative References

   [1]  Organization for Economic Cooperation and Development, "OECD
        Guidelines on the Protection of Privacy and Transborder Flows of
        Personal Data",
        0,3343,en_2649_34255_1815186_1_1_1_1,00.html, 1980.

   [2]  Bradner, S., "Intellectual Property Rights in IETF Technology",
        BCP 79, RFC 3979, March 2005.

   [3]  Bradner, S., "IETF Working Group Guidelines and Procedures",
        BCP 25, RFC 2418, September 1998.

   [4]  Internet Engineering Task Force, "RFID Tagging Experiment at
        IETF 76",, 2009.

   [5]  Internet Engineering Task Force, "IETF Tools",, 2009.

   [6]  Internet Engineering Task Force, "Usage Statistics for",, 2010.

Cooper                   Expires January 6, 2011                [Page 8]

Internet-Draft             IETF Privacy Policy                 July 2010

   [7]  IETF Trust, "IETF Trust Records Retention and Management
        IETF_Trust_Records_Retention_Policy_(Complete_Final).pdf, 2007.

   [8]  Internet Engineering Task Force, "IETF-Announce Info Page",

Author's Address

   Alissa Cooper
   Center for Democracy & Technology
   1634 I Street NW, Suite 1100
   Washington, DC


Cooper                   Expires January 6, 2011                [Page 9]