On 08/11/2018 11:03 AM, Thomas Kuiper wrote:
>> What happens in case of an emergency then? Aren't organizers of large
>> events of this type required by law to keep lists of real name?
> It depends on the country but I've never had that in Taiwan.
> Martial law is over since a long time.
> There's an 'old' "assembly act" but that's for anything political.
> "Freedom of assembly/association" that exists in most democratic countries
> means you don't have to keep such lists.

This is a matter of liability. If you have some going crazy and start 
property at the conference venue, you will most certainly want to have someone
whom you can make pay for it.

If you're fine with carrying the costs yourself, that's ok. But I think it's
a bit of naive to assume that everyone who attends such a large event is
of good will and nothing will ever happen.

This seems to be a typical case of a rule that is not going to be enforced
unless there is going to be the first incident which would have prevented
by it. You know, like these signs at certain beaches where it says "No

>> If, for example, an attendee of the conference has a serious accident
>> and other folk call emergency services, they will have a problem when
>> asked for the name and street address of an attendee. Or, even worse,
>> if an attendee died, organizers will not be able to contact someone
>> from the circle of their family etc.
> I don't think this falls under the responsibility of the organizers, unless 
> there is a Debconf on a ship or airplane.
> For such a long conference it makes sense to provide an OPTIONAL emergency 
> contact though!
> Also there should be people that know how to do CPR at the venue (it can be 
> trained).

So, if you have someone who goes by "trumpet232" and they become so seriously
injured that you need to call an ambulance, you just shrug your shoulders
when it comes to contacting their relatives?

>From my personal experience, you sometimes need to protect people from
their own mistakes. Especially younger folk will underestimate the
importance of safety precautions.

>> Or imagine an attendee commits a felony, you need to be able to
>> identify them as well. There are probably countless occasions where
>> it's simply not enough to identify as "trumpet232" at the registration
>> desk.
> Why? That's up to the police to investigate. Any Data Protection Assessment 
> (DPA)
> would show that the mass collection of people's addresses is by far worse than
> the risk of having someone commit a felony.

So, you are saying all this fancy encryption technology with USB keys,
fingerprint sensors and whatnot in the hands of Debian Developers is
not trustworthy enough?

How does it work at your company? Do they also allow just nicknames
for customers and employees and if something happens, you just trust
for the police to investigate this data? Don't you think that the police
or insurance companies will at least say "Hey, why didn't you keep a
record of the people you're making business with so that you know who
is going to be liable?"

Also, in Germany, you are legally required to be able to identify
yourself in public (Ausweispflicht) and if you're not to, police
can arrest you and take you to the next station:

> https://de.wikipedia.org/wiki/Ausweispflicht

Also, legally, anyone leaving their home country within the European
Union is required to carry an ID:

"Bürger jener Staaten, in denen das Freizügigkeitsabkommen der EU gilt (d. h. 
der Europäischen Union einschließlich des Europäischen Wirtschaftsraums wie auch
der Schweiz), müssen nach § 8 des Freizügigkeitsgesetzes/EU während ihres 
Aufenthaltes einen Pass oder anerkannten Passersatz besitzen und diesen bei der
Einreise in die Bundesrepublik mitführen, um ihn beim Grenzübertritt auf 
Verlangen vorzeigen zu können."

>> I know many people in Debian are a huge fan of high privacy levels,
>> but there is often actually a valid reason beyond advertisement and
>> statistics why lists are kept with the name of attendees and people
>> who demand these high levels of privacy should keep that in mind.
>> Some requirements are imposed by the law and/or safety requirements,
>> so you cannot just ignore them, even if you a "digital native".
> I would be very interested if you can point those laws out?
> I'm not aware such stuff exists in Germany (basic law article 8 has freedom 
> of assembly)
> so does Taiwan (which is a copy/paste from the German basic law).

Again, you are just referring to the basic laws of the constitution
but those don't apply ultimately. There are still laws building on top
of the constitution which can limit them, e.g. police can take away
your freedom in some cases and especially in Germany, freedom of speech
is also not unlimited. Plus, your insurance company will want to have
a word with you as well.

> And as Karen Sandler pointed out there's no such thing as 'anonymized' data.

There is also no such thing as ultimate privacy.


 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply via email to