[OpenID] Inviting community input for good OIDF Privacy Policy

[SitG Admin]

This is a call for volunteers (from within the community) who value 
privacy, especially if you haven't yet joined the Foundation.

If you do join the Foundation, you authorize it (per 
<http://openid.net/terms.php>openid.net/terms.php, item 3) to 
publicly disclose your membership unless otherwise requested in 
writing. The page does not elaborate upon what "your membership" 
consists of (full name? telephone number? home address?), and the 
Foundation has no formal Privacy Policy.

The Foundation could probably make do with just any old privacy 
policy (it seems to have done just fine with NO privacy policy, as 
any member can attest), but we (who value privacy) have a chance to 
make it more than that: to have a Privacy Policy that *impresses* 
people with the Foundation's commitment to privacy. Standing out from 
the crowd in this respect could be considered a company asset (or 
leveraged as such), encouraging a broader acceptance of OpenID by its 
doubters. The (soon to be former) Executive Director liked this idea 
and asked me to review their draft, and after exchanging several 
ideas, we ended up with two key plans: one, to start with a Privacy 
Policy draft in "plain English" so everyone (not just lawyers) could 
understand what was meant, then using that to formulate the legalese 
version to *reflect* our intent; and the other, to take a step back 
and come up with a list of "best practice" ideas for whatever Privacy 
Policy the Foundation eventually comes up with. That's where you - as 
part of the OpenID community - come in. We think that YOU should 
advise the Foundation on what can look bad in a privacy policy, and 
how such an area might be improved, so it doesn't make prospective 
members more worried than comfortable about joining.

With elections underway, and some board members (including the Exec. 
Dir.) on their way out, now is the best time to volunteer this 
information. Candidates can show us how deeply they care about our 
privacy by openly discussing such concerns, and those who are voted 
onto the board will be around for at least a year to implement and 
respect the agreed-upon measures. Their understanding of the legalese 
in the OIDF's formal Privacy Policy will be based upon these candid 
discussions with the people whose personal information they would be 
entrusted with, and give them an opportunity to set a good example 
for future board members in transparency.

One such example can be set here. Bill Washburn has authorized the 
release of a draft Privacy Policy we were discussing, since it may 
still have some modest value as an alternative starting point; that 
draft can provide context for many of the ideas I sent to him 
previously, which I am willing to share (in their entirety) with the 
community.

And remember, this is not just about the elections, or about 
protecting the privacy of however few members may care about theirs - 
it's an opportunity to improve OpenID's public image. Before an 
understanding of the technical aspects is acquired, OpenID is just 
one more technology that may claim some privacy support; if the 
Foundation that promotes it is seen to have people on the Board who 
are aware of the privacy issues (not just where to hire good lawyers) 
and have put some thought into what data-publishing behavior might 
put the user (member) at risk, and taken the time to actively 
reassure us that measures are available to withhold certain items of 
data from publication - THAT would attract some good attention, I 
think, from those in the pro-privacy groups that might still have 
some reservations about OpenID, or to whom it might not have stood 
out from all the alternatives yet.

-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081210/4c648945/attachment-0002.htm>