On 8/18/2014 1:32 AM, Mike Connor wrote:
So, my initial take here is that I’m concerned about this from an oversight and
governance standpoint. In general, I try to lean toward checks and balances,
especially around anything with a privacy aspect. If the person responsible
for delivering answers based on data is also the person acting as gatekeeper
for which data we collect, that feels like an inherent conflict of interest on
a structural basis. Adding peers doesn’t really solve this problem for me,
since I believe an owner should be able to make decisions within their sphere
without needing a committee. Where there are conflicting mandates, splitting
those mandates and requiring discussion/negotiation is the best solution I can
imagine for that.
Were I constructing this from scratch, I would separate the technical and
approval pieces, and have separate owners for each who have to work together to
keep things in balance. I agree that the overall problem needs clear
ownership, but I want to make sure we’re finding the right compromises, and
compromises are always difficult to find in one’s own head.
Having suggest that, I’d go further and suggest that Mozilla, as an
organization, should have a consistent policy and application of that policy
across products, but the technical requirements and implementation details are,
by necessity, going to differ significantly, so we might have one gatekeeper
group for the org, with technical leaders for each project/group.
On 8/15/2014 4:27 PM, David Flanagan wrote:
+1, but can you say more about why you think that Firefox and
FirefoxOS should have separate modules and decision makers for data
collection issues? I know that our new product-oriented org chart
leads us in this direction, but you're proposing a policy module, not
an engineering module, and it seems to me that data collection (and
therefore privacy) should not be governed by product-level policies
but instead by organization wide manifesto-level policies.
Maybe "policy module" is not the right term for what I'm proposing. I am
not proposing to be in charge of our privacy principles or privacy
policy, nor am I proposing to be the code owner for
toolkit/components/telemetry or services/healthreport. What I am
proposing to own is decision-making about data collection within
Firefox. This came out of a conversation I had with Alex Fowler earlier
this year about how there was not a clear owner who understood all our
existing data-collection systems within Firefox and could be held
accountable for those systems being both effective and respecting
privacy. I am not proposing to own other aspects of Firefox privacy
which aren't related to Mozilla data collection, such as DNT,
prefer:safe or anything like that.
Day-to-day, I expect the work of the module owners and peers to make
simple decisions: if somebody wants to add a new telemetry probe, or FHR
measurement, or add new metadata to crash reports, the owner/peers will
be responsible for making quick approvals. For more complex requests, or
requests where or add a new kind of data collection system (recent Loop
pings come to mind), somebody needs to be in responsible for deciding
how to move forward with the request. As noted on the wiki, I intend to
continue working very closely with the project-wide privacy, legal, and
metrics teams in order to make the right decision. We have the option to
ask for a more formal privacy review, legal review, or a more detailed
metrics overview in collaboration with the metrics team. If something
requires changes to the Firefox privacy notice, for example, that policy
is still governed by some combination of the legal and privacy teams.
mconnor, I don't know if this is a solution to your concerns or not. I
agree 100% that there is often a inherent conflict of interest between
getting the best data/answering questions and having the most perfect
privacy. I'm skeptical, though, of setting up separate owners for each
side of that coin who then both have to approve any potential change.
I'd rather have a single person who we can trust to make the easy
decisions quickly, consult with the right experts for the harder
decisions, balance the concerns appropriately, and then make a
definitive decision.
As for peers, mconnor is right: what I'm looking for in peers is not
experts. I am committed to consulting the proper experts. What I'm
looking for is a small group of people who have both the technical
understanding and privacy background to make good/fast approvals for new
telemetry probes and other easy decisions; it is a basic requirement to
NEEDINFO requests rapidly and communicate decisions and next-steps clearly.
As for David's question of why this does not include Firefox OS: data
collection is intimately connected to feature and product requirements.
This isn't just about privacy; it's making sure that the entire design
of the data collection answers the questions we're trying to ask, and
that we strike the right balance between data, privacy, and product. I
don't think that one person can keep all of that in mind for both both
Firefox and Firefox OS, and I also don't think that one person will be
able to have the right level of influence with the decision-making
structure of the separate projects.
--BDS
_______________________________________________
governance mailing list
[email protected]
https://lists.mozilla.org/listinfo/governance
