[Chapter-delegates] ISOC nominees must discuss ISOC's exclusion, financial support for chapters, board independence, finding waste

[Dave Burstein]

Richard

Re: ISOC policies are not aligned with US policies: encryption and data
protection/privacy.
Actually, the US is still allowing encryption and different officials have
made different comments. As recently as June 2019, some in the US gov was
considering blocking encryption but others effectively blocked them so far.
Trump officials weigh encryption crackdown
<https://www.politico.com/story/2019/06/27/trump-officials-weigh-encryption-crackdown-1385306>
"DHS is internally divided."
There remain some conservative republicans who join with liberals to block
legislation so far. I could have encrypted this email to you.
============
On privacy, again US (and ISOC) have deliberately ambiguous policies.

The US government under both Obama and Trump supported and signed  "the
Organisation for Economic Co-operation and Development (OECD) 2013 Privacy
Guidelines," (below) a typical political document that has not changed
things. It's as close to an official US position on privacy as I could
find. Richard, does ISOC strongly disagree?

Every Trump Republican I've read is strongly in favour of privacy,
including some close to ISOC. From the Trump Presidential platform
"We intend to advance policies that protect data privacy" "In recent years,
technology companies have responded to market demand for products and
services that protect the privacy of customers through increasingly
sophisticated encryption technology. These increased privacy protections
have become crucial to the digital economy." "We applaud the advance of
technology in electronic medical records while affirming patient privacy
and ownership of personal health information"

To make a difference on privacy, we need to get past the hypocrisy even if
that will anger our government and corporate allies. What we have is a lot
of talk and pr, not action.

I just read https://www.internetsociety.org/policybriefs/privacy/ and some
of ISOC's other statements. They do not read very differently than the
official government statements. High order principles that everyone can
agree with but almost no specific government or private/collective actions
that would make much difference.  Not merely are they so vague as to be
meaningless, *it actually turns out ISOC's official policy is based on on
the US government approved OECD *

<https://www.internetsociety.org/policybriefs/privacy/>
Quote <https://www.internetsociety.org/policybriefs/privacy/>

The following principles are derived from the Organisation for Economic
Co-operation and Development (OECD) 2013 Privacy Guidelines, and are widely
recognized as providing a good foundation for developing online privacy
policies and practices:

   - Collection limitation. There should be limits to the collection of
   personal data. Any such data should be obtained by lawful and fair means
   and, where appropriate, with the knowledge or consent of the data subject.
   - Data quality. Personal data should be relevant to the purposes for
   which they are to be used, and, to the extent necessary for those purposes,
   should be accurate, complete, and kept up-to-date.
   - Purpose specification. The purposes for which personal data is
   collected should be specified. The use should be limited to those purposes
   or other purposes that are not incompatible.
   - Use limitation. Personal data should not be disclosed, made available,
   or used for other purposes except with the consent of the individual or
   where authorised by law.
   - Security safeguards. Personal data should be protected by reasonable
   security safeguards.
   - Openness. There should be a general policy of openness about
   developments, practices, and policies with respect to personal data.
   - Individual participation. Individuals should have the right to obtain
   information about personal data held by others and to have it erased,
   rectified, completed, or amended, as appropriate.
   - Accountability. Those who collect personal data should be accountable
   for complying with the principles.



On Tue, Sep 17, 2019 at 3:55 AM Richard Hill via Chapter-delegates <
chapter-delegates at elists.isoc.org> wrote:

> Dear Dave,
>
>
>
> While I agree with the gist of what you say below, I can think of at least
> two instances in which ISOC policies are not aligned with US policies:
> encryption and data protection/privacy.
>
>
>
> Best,
>
> Richard
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20190917/51ce5302/attachment.htm>