----- Original Message ----- > > On 8/18/2014 1:32 AM, Mike Connor wrote: > > So, my initial take here is that I’m concerned about this from an oversight > > and governance standpoint. In general, I try to lean toward checks and > > balances, especially around anything with a privacy aspect. If the person > > responsible for delivering answers based on data is also the person acting > > as gatekeeper for which data we collect, that feels like an inherent > > conflict of interest on a structural basis. Adding peers doesn’t really > > solve this problem for me, since I believe an owner should be able to make > > decisions within their sphere without needing a committee. Where there > > are conflicting mandates, splitting those mandates and requiring > > discussion/negotiation is the best solution I can imagine for that. > > > > Were I constructing this from scratch, I would separate the technical and > > approval pieces, and have separate owners for each who have to work > > together to keep things in balance. I agree that the overall problem > > needs clear ownership, but I want to make sure we’re finding the right > > compromises, and compromises are always difficult to find in one’s own > > head. > > > > Having suggest that, I’d go further and suggest that Mozilla, as an > > organization, should have a consistent policy and application of that > > policy across products, but the technical requirements and implementation > > details are, by necessity, going to differ significantly, so we might have > > one gatekeeper group for the org, with technical leaders for each > > project/group. > On 8/15/2014 4:27 PM, David Flanagan wrote: > > +1, but can you say more about why you think that Firefox and > > FirefoxOS should have separate modules and decision makers for data > > collection issues? I know that our new product-oriented org chart > > leads us in this direction, but you're proposing a policy module, not > > an engineering module, and it seems to me that data collection (and > > therefore privacy) should not be governed by product-level policies > > but instead by organization wide manifesto-level policies. > > Maybe "policy module" is not the right term for what I'm proposing. I am > not proposing to be in charge of our privacy principles or privacy > policy, nor am I proposing to be the code owner for > toolkit/components/telemetry or services/healthreport. What I am > proposing to own is decision-making about data collection within > Firefox. This came out of a conversation I had with Alex Fowler earlier > this year about how there was not a clear owner who understood all our > existing data-collection systems within Firefox and could be held > accountable for those systems being both effective and respecting > privacy. I am not proposing to own other aspects of Firefox privacy > which aren't related to Mozilla data collection, such as DNT, > prefer:safe or anything like that. > > Day-to-day, I expect the work of the module owners and peers to make > simple decisions: if somebody wants to add a new telemetry probe, or FHR > measurement, or add new metadata to crash reports, the owner/peers will > be responsible for making quick approvals. For more complex requests, or > requests where or add a new kind of data collection system (recent Loop > pings come to mind), somebody needs to be in responsible for deciding > how to move forward with the request. As noted on the wiki, I intend to > continue working very closely with the project-wide privacy, legal, and > metrics teams in order to make the right decision. We have the option to > ask for a more formal privacy review, legal review, or a more detailed > metrics overview in collaboration with the metrics team. If something > requires changes to the Firefox privacy notice, for example, that policy > is still governed by some combination of the legal and privacy teams.
Telemetry has purposefully been limited to pre-release channels and kept free from approvals in order to ensure that engineering can quickly add new probes with little red tape. Is there a specific reason why we need to add approvals for Telemetry probes? Lawrence > > mconnor, I don't know if this is a solution to your concerns or not. I > agree 100% that there is often a inherent conflict of interest between > getting the best data/answering questions and having the most perfect > privacy. I'm skeptical, though, of setting up separate owners for each > side of that coin who then both have to approve any potential change. > I'd rather have a single person who we can trust to make the easy > decisions quickly, consult with the right experts for the harder > decisions, balance the concerns appropriately, and then make a > definitive decision. > > As for peers, mconnor is right: what I'm looking for in peers is not > experts. I am committed to consulting the proper experts. What I'm > looking for is a small group of people who have both the technical > understanding and privacy background to make good/fast approvals for new > telemetry probes and other easy decisions; it is a basic requirement to > NEEDINFO requests rapidly and communicate decisions and next-steps clearly. > > As for David's question of why this does not include Firefox OS: data > collection is intimately connected to feature and product requirements. > This isn't just about privacy; it's making sure that the entire design > of the data collection answers the questions we're trying to ask, and > that we strike the right balance between data, privacy, and product. I > don't think that one person can keep all of that in mind for both both > Firefox and Firefox OS, and I also don't think that one person will be > able to have the right level of influence with the decision-making > structure of the separate projects. > > --BDS > > _______________________________________________ > governance mailing list > [email protected] > https://lists.mozilla.org/listinfo/governance > _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
