[OpenID] Inviting community input for good OIDF Privacy Policy
SitG Admin
sysadmin at shadowsinthegarden.com
Thu Dec 11 02:49:50 UTC 2008
This is a call for volunteers (from within the community) who value
privacy, especially if you haven't yet joined the Foundation.
If you do join the Foundation, you authorize it (per
<http://openid.net/terms.php>openid.net/terms.php, item 3) to
publicly disclose your membership unless otherwise requested in
writing. The page does not elaborate upon what "your membership"
consists of (full name? telephone number? home address?), and the
Foundation has no formal Privacy Policy.
The Foundation could probably make do with just any old privacy
policy (it seems to have done just fine with NO privacy policy, as
any member can attest), but we (who value privacy) have a chance to
make it more than that: to have a Privacy Policy that *impresses*
people with the Foundation's commitment to privacy. Standing out from
the crowd in this respect could be considered a company asset (or
leveraged as such), encouraging a broader acceptance of OpenID by its
doubters. The (soon to be former) Executive Director liked this idea
and asked me to review their draft, and after exchanging several
ideas, we ended up with two key plans: one, to start with a Privacy
Policy draft in "plain English" so everyone (not just lawyers) could
understand what was meant, then using that to formulate the legalese
version to *reflect* our intent; and the other, to take a step back
and come up with a list of "best practice" ideas for whatever Privacy
Policy the Foundation eventually comes up with. That's where you - as
part of the OpenID community - come in. We think that YOU should
advise the Foundation on what can look bad in a privacy policy, and
how such an area might be improved, so it doesn't make prospective
members more worried than comfortable about joining.
With elections underway, and some board members (including the Exec.
Dir.) on their way out, now is the best time to volunteer this
information. Candidates can show us how deeply they care about our
privacy by openly discussing such concerns, and those who are voted
onto the board will be around for at least a year to implement and
respect the agreed-upon measures. Their understanding of the legalese
in the OIDF's formal Privacy Policy will be based upon these candid
discussions with the people whose personal information they would be
entrusted with, and give them an opportunity to set a good example
for future board members in transparency.
One such example can be set here. Bill Washburn has authorized the
release of a draft Privacy Policy we were discussing, since it may
still have some modest value as an alternative starting point; that
draft can provide context for many of the ideas I sent to him
previously, which I am willing to share (in their entirety) with the
community.
And remember, this is not just about the elections, or about
protecting the privacy of however few members may care about theirs -
it's an opportunity to improve OpenID's public image. Before an
understanding of the technical aspects is acquired, OpenID is just
one more technology that may claim some privacy support; if the
Foundation that promotes it is seen to have people on the Board who
are aware of the privacy issues (not just where to hire good lawyers)
and have put some thought into what data-publishing behavior might
put the user (member) at risk, and taken the time to actively
reassure us that measures are available to withhold certain items of
data from publication - THAT would attract some good attention, I
think, from those in the pro-privacy groups that might still have
some reservations about OpenID, or to whom it might not have stood
out from all the alternatives yet.
-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081210/4c648945/attachment-0002.htm>
More information about the general
mailing list