To:
Ted Hardie <hardie@qualcomm.com>
cc:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>, brunner@nic-naa.net
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Wed, 16 Apr 2003 21:24:29 -0400
In-Reply-To:
Your message of "Wed, 16 Apr 2003 17:08:34 PDT." <BAFE0145-7068-11D7-A356-000393CB0816@qualcomm.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] legal entity vs individual person
> ... information of the same class ... And that is the error. We stopped work on defining "social" data when we stopped progressing Ross' draft. If we were still progressing it, I'd be attempting to make it clear that data that identifies individual persons has a distinct requirement associated with it, for some of the eventual EPP universe, than data that identifies things that aren't individual persons, which is the point of this discussion. To claim there is a single, undifferentiated "social" class of data is as uncareful as insisting that somewhere in 1034/35 et seq you are guaranteed a bind master file format. > Again, I didn't say that the same information was associated with each > of the three. The data can be "the same" (modulo one tends to identify an individual and one doesn't), but it (addresses, phone numbers) means different things, on just that "modulo" difference. > I think that quote elides a critical verb: Which? "To expect that" or "such as Do not distribute"? > Do you mean that the mechanism Scott has proposed contains no mechanism > for distinguishing among different types of data along some axis There is no need to distinguish, if dnd applies only to individuals, and not to non-individuals (dogs, rocks, sea shells, shell-corporations, etc.). As soon as one adds commercial confidential, extends the dnd to entities other than individuals, there is no need to try and find the individual, or pretend that this was just "privacy", or in a non-FTC jurisdiction, that there is "data protection". We started with a narrow "privacy" reqirement, and risk ending up with a commercial secrecy scheme instead of "privacy". It is possible to have both a sensible individual "privacy", and a sensible non-individual "secrecy", but not by asserting that the two are utterly indistinguishable. > Glad to have lifted the rock for you. I don't know how we managed to get along without you. If you are serious about on-line and off-line data correlation, and mechanisms to identify data collection linkage, then you'll be interested in the P3P Spec WG's archives. DoubleClick and someone else worked really, really hard to get linkage onto cookies, in the Nov. '99 (or '00) face-to-face. We didn't let them, but the outcome isn't as important as a good understanding of the mechanisms and the operational practices that could have been adopted. Eric