On Thu, Aug 30, 2001 at 05:58:03PM +0300, john.loughney@nokia.com wrote:
> Hi all,
>
> I have a very general question about this work. Is this work (in the IETF)
> to be considered an opt-in or opt-out technology.
>
> What I mean is, do we expect that location information exchange to be
> something which users will explicity need to agree to use; or is it
> something that users will have to explicity agree not to use?
>
> I see a disconnect between what some are saying (from the IETF view) and
> what others are saying about certain local regulations.
>
> I would suggest that this be clarified in the requirements document.
I think that opt-in vs. opt-out is an oversimplified model of the
privacy issues that we face. I would strongly prefer that we try to
ensure that the requirements encompass or address some instance of the
fair information practices (notice, consent, limits on collection and
use, quality requirements, security, openness, accountability.) Some
of these (accountability) are hard to meaningfully encode, although
p3p may offer ways to encode the idea of "go here to ask questions or
raise complaints."
The notice and consent practices mean that we're looking at something
like opt-in, but even opt-in means "ok, here's my data, have fun."
We can do better.
Adam
-- "It is seldom that liberty of any kind is lost all at once." -HumeReceived on Thu Aug 30 11:25:07 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST