<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Inviting community input for good OIDF Privacy
Policy</title></head><body>
<div>This is a call for volunteers (from within the community) who
value privacy, especially if you haven't yet joined the
Foundation.</div>
<div><br></div>
<div>If you do join the Foundation, you authorize it (per <a
href="http://openid.net/terms.php">openid.net/terms.php</a>, item 3)
to publicly disclose your membership unless otherwise requested in
writing. The page does not elaborate upon what "your membership"
consists of (full name? telephone number? home address?), and the
Foundation has no formal Privacy Policy.</div>
<div><br></div>
<div>The Foundation could probably make do with just any old privacy
policy (it seems to have done just fine with NO privacy policy, as any
member can attest), but we (who value privacy) have a chance to make
it more than that: to have a Privacy Policy that *impresses* people
with the Foundation's commitment to privacy. Standing out from the
crowd in this respect could be considered a company asset (or
leveraged as such), encouraging a broader acceptance of OpenID by its
doubters. The (soon to be former) Executive Director liked this idea
and asked me to review their draft, and after exchanging several
ideas, we ended up with two key plans: one, to start with a Privacy
Policy draft in "plain English" so everyone (not just
lawyers) could understand what was meant, then using that to formulate
the legalese version to *reflect* our intent; and the other, to take a
step back and come up with a list of "best practice" ideas
for whatever Privacy Policy the Foundation eventually comes up with.
That's where you - as part of the OpenID community - come in. We think
that YOU should advise the Foundation on what can look bad in a
privacy policy, and how such an area might be improved, so it doesn't
make prospective members more worried than comfortable about
joining.</div>
<div><br></div>
<div>With elections underway, and some board members (including the
Exec. Dir.) on their way out, now is the best time to volunteer this
information. Candidates can show us how deeply they care about our
privacy by openly discussing such concerns, and those who are voted
onto the board will be around for at least a year to implement and
respect the agreed-upon measures. Their understanding of the legalese
in the OIDF's formal Privacy Policy will be based upon these candid
discussions with the people whose personal information they would be
entrusted with, and give them an opportunity to set a good example for
future board members in transparency.</div>
<div><br></div>
<div>One such example can be set here. Bill Washburn has authorized
the release of a draft Privacy Policy we were discussing, since it may
still have some modest value as an alternative starting point; that
draft can provide context for many of the ideas I sent to him
previously, which I am willing to share (in their entirety) with the
community.</div>
<div><br></div>
<div>And remember, this is not just about the elections, or about
protecting the privacy of however few members may care about theirs -
it's an opportunity to improve OpenID's public image. Before an
understanding of the technical aspects is acquired, OpenID is just one
more technology that may claim some privacy support; if the Foundation
that promotes it is seen to have people on the Board who are aware of
the privacy issues (not just where to hire good lawyers) and have put
some thought into what data-publishing behavior might put the user
(member) at risk, and taken the time to actively reassure us that
measures are available to withhold certain items of data from
publication - THAT would attract some good attention, I think, from
those in the pro-privacy groups that might still have some
reservations about OpenID, or to whom it might not have stood out from
all the alternatives yet.</div>
<div><br></div>
<div>-Shade</div>
</body>
</html>