On Wed, Mar 22, 2017 at 09:30:37AM -0500, John Bambenek via gnso-rds-pdp-wg wrote:
Making most of the fields optional/maskable means we don't have to adopt a one-size fits all approach.
But there's a big difference between "optional" and "maskable". Data that isn't collected can't be disclosed, at all, ever, to anyone, because the collector doesn't have it. It cannot be delivered in response to a subpoena. It cannot be leaked due to attacks on the database. It cannot be subject of "just this once" requests from law enforcement or identity thieves doing social engineering or creeps who want to spy on their old girl/boyfriend. Data that is masked or otherwise controlled in disclosure is still there for the taking; we're just arguing about the conditions. And that's why we're talking about data collection first. A -- Andrew Sullivan ajs@anvilwalrusden.com