RE: [Ldsoss] Scout Tracking

Fri, 09 Jun 2006 20:26:41 -0700

THanks for your feedback Steven.  I do understand where you are coming from although I do not entirely agree.  One thing we both can agree to, however, is that security has to be a top concern and should not be treated lightly.  
 
Tom
 
>>>"Steven H. McCown" <[EMAIL PROTECTED]> 06/09/06 6:25 pm >>>
 
Tom,
 
 
I hear all the time about how such and such a website got hacked and the
 
information leaked.  I'm prior military, so I've been following the VA
 
incident -- and that wasn't even web hosted.  The reality is that hackers
 
(or their bots, zombies, etc.) attempt intrusions on all websites every day.
 
Given that, most websites will be hacked at one time or other.  I have
 
statistics, but I'll forgo them for now.
 
 
Given that most websites will be hacked, the real question is what we choose
 
to put there.  It wouldn't bother me (too much) if someone found out that I
 
was a church member, my address, that I served a mission, or who's in my
 
family.  Those things are all a matter public record, anyway.  It wouldn't
 
bother me if someone found out how much tithing that I paid, either.  If
 
someone found out my credit card number, then Visa would cover my losses and
 
issue me a new card number.  So, that's not a permanent problem.
 
 
However, YM / YW / Scouting records paint a much more personal account of
 
the individual.  They have things such as likes, dislikes, achievements,
 
associations, other personal information, etc.  If those things, coupled
 
with name and address, fell into the wrong hands, then bad things could
 
happen.  Here is a sample article about kids and 'myspace.com'
 
(http://www.msnbc.msn.com/id/7668788/). 
 
 
In the case of 'myspace.com', kids are voluntarily disclosing information
 
that sets them up for stalking and the like.  This has gotten so bad that
 
public schools are starting to try to ban student's participation or to
 
monitor them for inappropriate activity.  I don't want to open a discussion
 
as to whether that is good or bad, but the schools are, at least, trying to
 
protect the children.
 
 
If the church were to sponsor what would really amount to an online database
 
of personally identifiable personal information of minor children, then they
 
would be making themselves hugely liable if that information ever got out.
 
Groups like the ACLU would have a heyday.  The VA had to announce recently
 
that ~2M soldiers' information was compromised.  Imaging the PR and
 
financial liability if the church had to make the same announcement.  This
 
possibility has to be weighed against the benefit of an online system vs.
 
keeping those records by hand or in another non-centralized manner.
 
 
I took a class at BYU that discussed things like "risk management" and
 
"mitigating risk".  Most of us glossed over that course in favor of building
 
'cool stuff'.  As technologists, scientists, and engineers, we all have to
 
pay more attention to the ramifications of technology than we do about the
 
technology itself. 
 
 
So, to answer your question, if the church hosted a minor child information
 
tracking website, then no I would still not be comfortable with that.  I
 
would opt out and my opting out would unfortunately hinder the utility of
 
the overall system.
 
 
Steve
 
 
 
 
-----Original Message-----
 
From: [EMAIL PROTECTED]
 
[mailto:[EMAIL PROTECTED]] On Behalf Of Tom Welch
 
Sent: Wednesday, June 07, 2006 7:29 AM
 
To: LDS Open Source Software
 
Subject: Re: [Ldsoss] Scout Tracking
 
 
If the Church were to host the site, would that alleviate your
 
concerns?  Currently you can get a ward listing of all members in the
 
ward, their address and phone numbers from the ward unit website.  This
 
would not be much different.
 
 
Tom
 
 
Steven H. McCown wrote:
 
>I can appreciate all the fervor for a web-based app.  However,
 
>
 
>1) The church has said no websites.  You can't get away with making the
 
>"this is scouting and that is the church" distinction, anymore. 
 
>
 
>2) It is a legal problem to start posting information about minor children
 
>to the Internet.  That would have to be decided at Church HQ and not by
 
the
 
>local units.  They don't even allow information to be posted into Family
 
>Search about living people, they just insert a "LIVING" placeholder.
 
Being
 
>involved with security professionally, I would not give my consent.  This
 
is
 
>a huge pitfall -- despite good intentions -- it would be wise not to fall
 
>into it.
 
>
 
>Steve
 
>
 
>
 
>-----Original Message-----
 
>From: [EMAIL PROTECTED]
 
>[mailto:[EMAIL PROTECTED]] On Behalf Of Dan Hanks
 
>Sent: Tuesday, June 06, 2006 9:04 AM
 
>To: LDS Open Source Software
 
>Subject: Re: [Ldsoss] Scout Tracking
 
>
 
>On Tue, 6 Jun 2006, Tom Welch wrote:
 
>
 
>
 
>Web-based would be great, but with the church's policy on non-official
 
>websites, where does that put the local unit that would want to install
 
>and use such a web-based app?
 
>
 
>-- Dan
 
>
 
>
 
>
 
>Ldsoss mailing list
 
>Ldsoss@lists.ldsoss.org
 
>http://lists.ldsoss.org/mailman/listinfo/ldsoss
 
>
 
>  
 
 
--
 
Tom Welch
 
[EMAIL PROTECTED]
 
(801) 240-1609
 
(858) 829-4614 - Cell
 
 
 
----------------------------------------------------------------------------
 
--
 
 
 
NOTICE: This email message is for the sole use of the
 
intended recipient(s) and may contain confidential and
 
privileged information. Any unauthorized review, use,
 
disclosure or distribution is prohibited. If you are not the
 
intended recipient, please contact the sender by reply email
 
and destroy all copies of the original message.
 
 
----------------------------------------------------------------------------
 
--
 
 
 
Ldsoss mailing list
 
Ldsoss@lists.ldsoss.org
 
http://lists.ldsoss.org/mailman/listinfo/ldsoss
 
 

------------------------------------------------------------------------------


NOTICE: This email message is for the sole use of the
 intended recipient(s) and may contain confidential and
 privileged information. Any unauthorized review, use,
 disclosure or distribution is prohibited. If you are not the
 intended recipient, please contact the sender by reply email
 and destroy all copies of the original message.


------------------------------------------------------------------------------




_______________________________________________
Ldsoss mailing list
Ldsoss@lists.ldsoss.org
http://lists.ldsoss.org/mailman/listinfo/ldsoss

Reply via email to