Re: Suggestions, questions and concerns about DebConf19?
Hi, please keep sending: https://pad.riseup.net/p/DC19Suggestions-keep -- Paulo Henrique de Lima Santana (phls) Curitiba - Brasil Membro da Comunidade Curitiba Livre Site: http://www.phls.com.br GNU/Linux user: 228719 GPG ID: 0443C450 Apoie a campanha pela igualdade de gênero #HeForShe (#ElesPorElas) http://www.heforshe.org/pt
Re: Suggestions, questions and concerns about DebConf19?
Hi! Taowa, thanks for phrasing all these well thought replies I can only fully agree with \ && thanks for your work! Cheers & <3 Ulrike
Re: Suggestions, questions and concerns about DebConf19?
Hello Norbert, On Sat 11 Aug 2018 at 10:10pm +0900, Norbert Preining wrote: > All find, don't let the voices of the privacy-maniacs disturb you. > They should stay in their High Castle and never leave. Please don't forget that some people need higher levels of privacy than average in order to be safe, for all sorts of reasons. It's a kind of privilege not to need that, a privlege of which we should be mindful. (let me join the chorus of thanking Yao and asking him not to feel too bad about what happened; we are all very grateful for this year's DebConf) -- Sean Whitton signature.asc Description: PGP signature
Re: Suggestions, questions and concerns about DebConf19?
On Sat, Aug 11, 2018 at 05:20:21PM +0200, John Paul Adrian Glaubitz wrote: > On 08/11/2018 01:15 PM, Judit Foglszinger wrote: > > It's weird to compromise the privacy of all attendees, > > because something bad could happen or someone could commit a crime. > They do the same on aircraft and most people seem okay with simply > because you have to weigh your loss of privacy against the win of > safety on board. No, people have simply made the trade-off that they must submit themselves to government overreach in order to have access to air travel at all. Do not infer from the fact that people still fly that they agree the TSA (and security agencies in other countries that have harmonized their airport security policies with those in the US) is making them safer. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature
Re: Suggestions, questions and concerns about DebConf19?
On 08/11/2018 05:00 PM, Wouter Verhelst wrote: > On 08/11/2018 11:44 AM, John Paul Adrian Glaubitz wrote: >> So you're saying that taking care of each other is not important for >> Debian? Got it. > > It would be useful if you stopped coming up with extreme hyperbolic > examples and then accusing the people who don't agree with you of > something ethically unjust. It's not helpful, nor constructive. Idiot-proof reading: my point was to say the organizers are not liable. It is, of course, desired if we can help of each other. But you're not an idiot: you just decided it was ok to distort my words and draw false conclusions with it. I very much agree with Wouter here, as always you're being over aggressive, uselessly accusative. On top of that, when being told that you've crossed the line, you're just evasive. This is *not* an acceptable way to communicate on public lists. Thomas Goirand (zigo)
Re: Suggestions, questions and concerns about DebConf19?
Hello, On 08/11/2018 11:13 AM, John Paul Adrian Glaubitz wrote: Passports can go missing, like it just happened during DebConf (saw the mail?). Yes, so then it becomes a question of relying on the myriad of other ways someone can be identified. That person likely still has their Driver's License, "Resident ID Card" and maybe even a business card or a keyslip on them. No, but you can at least make sure that you at least know who is attending your conference. We do. I can name at least two pseudonymous attendees, both of whom are DDs, who I can honestly say I know better than many other attendees. For one of them, it either requires guessing that their name is a pseudonym or knowing them. This is fine. They should be able to feel comfortable attending DebConf, and short a CoC violation on their part, I don't see any good reason to prevent this. It can also be at the cost of the safety of others. If someone at the conference steals your laptop, you don't want to know whose name it is? That would be unfortunate. However, I think that someone who thought about this scheme for more than a few minutes would take off their badge. Short of posting guards at the entrance to the hacklabs, there's not much that can be done to prevent this. Nonetheless, people are, for the most part, vigilant of each others' things. Or what happens if one anonymous attendee decides to randomly destroy other people's property? On balancing whether to allow pseudonymous attendees from attending at the cost of them maybe destroying property vs. forcing people to give us a name and asking for ID, the former wins. If something like this were to happen, we'd remember who it was and their future ability to register would be affected. It's simply naive to assume that nothing can happen if you are hosting such a big conference. And I have the impression that many people take privacy on an ideological level that they're willing to dismiss even the most basic safety precautions. We don't assume nothing will happen. We find that it's not worth it to institute such policies because it's not necessary simply on a balance of probabilities, let alone any better argument. Nonetheless, such an argument does exist. Wanting to allow those who are part of the Debian community under a pseudonym is a very good reason to "dismiss" what may, prima facie, look like a "basic safety precaution", but is effectively both unmanageable and unnecessary. On 08/11/2018 11:20 AM, John Paul Adrian Glaubitz wrote: They do the same on aircraft and most people seem okay with simply because you have to weigh your loss of privacy against the win of safety on board. As Thomas pointed out, DebConf is not being held in a metal box going 5-6 hundred knots in the air. While that would be a fun bid for 2020, it seems to be cost prohibitive for two weeks :(. I was not assuming that at all. But the thing is, you are never able to see into someone's mind so it doesn't hurt to have at least some sort of suspiciousness. Actually, it absolutely can hurt. I don't inherently trust a "real name" attendee over a pseudonymous one. I have trust in the community as a whole. Lots of western countries have had mandatory registration with the authorities for years: https://en.wikipedia.org/wiki/Resident_registration The US is rather an exception when it comes to this. Not only do many object to this (I would, if my country introduced it), I don't think DebConf has become big enough to qualify as a country *yet*. Taowa
keep passport in locker was Re: Suggestions, questions and concerns about DebConf19?
Dear all, While I have been reading the interesting thread, while researching for stay, travel etc. for Debconf 16 at many travel sites people mentioned it's much better to leave the passport in a locker/safe etc. at the hotel or wherever you stay rather than on you. This was more from the safety of theft along with having photocopies of the passport stashed in different places just in case the passport goes missing/theft happens and you need to approach your consulate. What was also advised is to have a visiting card or two and local number/s where you register/stay and put home contact details etc. This is/was supposed to be the recommended practice and now I'm hearing something different. Thoughts ? -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
Re: Suggestions, questions and concerns about DebConf19?
On 08/11/2018 01:15 PM, Judit Foglszinger wrote: > It's weird to compromise the privacy of all attendees, > because something bad could happen or someone could commit a crime. They do the same on aircraft and most people seem okay with simply because you have to weigh your loss of privacy against the win of safety on board. > Debconf is not known for the high number of criminals among it's attendees, > rather the opposite. I was not assuming that at all. But the thing is, you are never able to see into someone's mind so it doesn't hurt to have at least some sort of suspiciousness. > If data collection and insisting on real names would start because of a > single > incident, that "could have been avoided", that would be the same kind of > overreaction, that governments got used to nowadays. > This shouldn't be copied by us. Lots of western countries have had mandatory registration with the authorities for years: https://en.wikipedia.org/wiki/Resident_registration The US is rather an exception when it comes to this. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Re: Suggestions, questions and concerns about DebConf19?
On 08/11/2018 05:00 PM, Wouter Verhelst wrote: >> It's a matter of liability. If your event surpasses a certain size, you >> will not be able to make sure that everyone who attends is of good will, >> for example. > > Right, and that's completely irrelevant. Responsibility is irrelevant? If, for example, an attendee of the conference has a serious accident and other folk call emergency services, they will have a problem when asked for the name and street address of an attendee.> Or, even worse, if an attendee died, organizers will not be able to contact someone from the circle of their family etc. >>> >>> For this kind of issues, there's government organizations like >>> consulates and so on. >> >> And? How is the consulate going to identify them? > > By way of a government-issued document, like a passport? Passports can go missing, like it just happened during DebConf (saw the mail?). Or imagine an attendee commits a felony, you need to be able to identify them as well. >>> >>> Talk to the police. >> >> Even the police cannot identify a foreigner without passport documents. > > We cannot either. No, but you can at least make sure that you at least know who is attending your conference. >> There have been numerous cases in the past where police found someone >> unconscious without an ID and amnesia and they were unable to identify >> them for months. Just happened here recently in Berlin. > > That does happen, yes, and in such cases it's something we might be able > to help with if we know in detail who a particular person is. > > But there's nothing that *requires* us to be able to do that. "We run a > conference" doesn't mean "we babysit everyone who attends". Nor should > it; if (adult) attendees decide that they value their privacy more than > their personal safety, then that's their problem, not Debconf's. It can also be at the cost of the safety of others. If someone at the conference steals your laptop, you don't want to know whose name it is? Or what happens if one anonymous attendee decides to randomly destroy other people's property? There are probably countless occasions where it's simply not enough to identify as "trumpet232" at the registration desk. >>> >>> I don't agree. That's not Debian's job to do the one of the police and >>> other governmental organizations. >> >> So you're saying that taking care of each other is not important for >> Debian? > > It would be useful if you stopped coming up with extreme hyperbolic > examples and then accusing the people who don't agree with you of > something ethically unjust. It's not helpful, nor constructive. It's simply naive to assume that nothing can happen if you are hosting such a big conference. And I have the impression that many people take privacy on an ideological level that they're willing to dismiss even the most basic safety precautions. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Re: Suggestions, questions and concerns about DebConf19?
On Sat, Aug 11, 2018 at 11:44:40AM +0200, John Paul Adrian Glaubitz wrote: > On 08/11/2018 11:23 AM, Thomas Goirand wrote: > >> What happens in case of an emergency then? Aren't organizers of large > >> events of this type required by law to keep lists of real name? > > > > Why would they? > > It's a matter of liability. If your event surpasses a certain size, you > will not be able to make sure that everyone who attends is of good will, > for example. Right, and that's completely irrelevant. > >> If, for example, an attendee of the conference has a serious accident > >> and other folk call emergency services, they will have a problem when > >> asked for the name and street address of an attendee.> Or, even worse, > >> if an attendee died, organizers will not be able to contact someone > >> from the circle of their family etc. > > > > For this kind of issues, there's government organizations like > > consulates and so on. > > And? How is the consulate going to identify them? By way of a government-issued document, like a passport? > >> Or imagine an attendee commits a felony, you need to be able to > >> identify them as well. > > > > Talk to the police. > > Even the police cannot identify a foreigner without passport documents. We cannot either. > There have been numerous cases in the past where police found someone > unconscious without an ID and amnesia and they were unable to identify > them for months. Just happened here recently in Berlin. That does happen, yes, and in such cases it's something we might be able to help with if we know in detail who a particular person is. But there's nothing that *requires* us to be able to do that. "We run a conference" doesn't mean "we babysit everyone who attends". Nor should it; if (adult) attendees decide that they value their privacy more than their personal safety, then that's their problem, not Debconf's. > >> There are probably countless occasions where > >> it's simply not enough to identify as "trumpet232" at the registration > >> desk. > > > > I don't agree. That's not Debian's job to do the one of the police and > > other governmental organizations. > > So you're saying that taking care of each other is not important for > Debian? It would be useful if you stopped coming up with extreme hyperbolic examples and then accusing the people who don't agree with you of something ethically unjust. It's not helpful, nor constructive. -- Could you people please use IRC like normal people?!? -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008 Hacklab
Re: Suggestions, questions and concerns about DebConf19?
> They can. Why do you think they collect photos and fingerprints when > entering the country? >From personal experience *this*year* (different case though, lethal mountaineer), I can tell you it can take weeks to confirm finger prints. And that was in Japan. Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Re: Suggestions, questions and concerns about DebConf19?
> If you, as an attendee, are worried about this, I encourage you to carry > your passport around when outside the venue. As a person in a foreign > country, this is generally advised. I am pretty sure that *most* countries *require* foreigners to carry their passport with them. Austria is surely one of them, Japan, too. ALthough I ignored this, the law is different in most cases. Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Re: Suggestions, questions and concerns about DebConf19?
Hi, > Please, if possible, keep your funding source simple and don't sell data to > the government like we did this time. I disagree with this assessment. You have passed them reasonable data to prove attendance and international participation. Passing on initials and country of origin is not selling anything. I have organized conference with up to a few tousands of participants, and every funding organization expect these kind of data. All find, don't let the voices of the privacy-maniacs disturb you. They should stay in their High Castle and never leave. Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Re: Suggestions, questions and concerns about DebConf19?
Hi Yao Wei, I second what Gunnar has said. Please don't be hard on yourself. -- znoteer znot...@mailbox.org > Le 11 août 2018 à 00:51, Gunnar Wolf a écrit : > > > Yao Wei dijo [Sat, Aug 11, 2018 at 09:45:22AM +0800]: > > Hi, > > > > Please, if possible, keep your funding source simple and don't sell data to > > the government like we did this time. > > > > I feel tremendously sorry handling this issue. > > Hi Yao Wei, > > *Please* don't be so hard upon yourself. You, all of the team and you > in particular, did *great*. Many people (me included) have complained > in different tones about the MEET TAIWAN request. > > The amount of funds granted by your government was HUGE, and although > there are many things that could have been handled better, > that... Will always be the case. > > So, did MEET TAIWAN ask for something we didn't have in mind and > brought some friction? Well, and if it weren't that, something else > would have popped up. Running a DebConf is _the_ most vexing, complex > conference you can think of. Some minor friction points, specially > when dealing with highly opinionated people such as our project, are > unavoidable. > > You did, have done, are doing, and will probably continue doing for a > couple of months a GREAT, INCREDIBLE job.
Re: Suggestions, questions and concerns about DebConf19?
It's weird to compromise the privacy of all attendees, because something bad could happen or someone could commit a crime. Debconf is not known for the high number of criminals among it's attendees, rather the opposite. If data collection and insisting on real names would start because of a single incident, that "could have been avoided", that would be the same kind of overreaction, that governments got used to nowadays. This shouldn't be copied by us.
Re: Suggestions, questions and concerns about DebConf19?
Hello, Once again, when I say "we" I mean that I'm speaking with my DC Registration hat on, but not on behalf of the team. On 08/11/2018 05:44 AM, John Paul Adrian Glaubitz wrote: Even the police cannot identify a foreigner without passport documents. There have been numerous cases in the past where police found someone unconscious without an ID and amnesia and they were unable to identify them for months. Just happened here recently in Berlin. If you, as an attendee, are worried about this, I encourage you to carry your passport around when outside the venue. As a person in a foreign country, this is generally advised. So you're saying that taking care of each other is not important for Debian? Got it. Drawing this conclusion is disingenuous, IMO. On 08/11/2018 05:41 AM, John Paul Adrian Glaubitz wrote: This is a matter of liability. If you have some going crazy and start demolishing property at the conference venue, you will most certainly want to have someone whom you can make pay for it. Our insurance company. So, if you have someone who goes by "trumpet232" and they become so seriously injured that you need to call an ambulance, you just shrug your shoulders when it comes to contacting their relatives? From my personal experience, you sometimes need to protect people from their own mistakes. Especially younger folk will underestimate the importance of safety precautions. Well, for the most part, even people who are pseudonymous will have passport on them when in a foreign country. So, you are saying all this fancy encryption technology with USB keys, fingerprint sensors and whatnot in the hands of Debian Developers is not trustworthy enough? No? I don't think that it's an issue of us not being trusted, it's an issue of us not really having any particularly valid need to know. How does it work at your company? Do they also allow just nicknames for customers and employees and if something happens, you just trust for the police to investigate this data? Don't you think that the police or insurance companies will at least say "Hey, why didn't you keep a record of the people you're making business with so that you know who is going to be liable?" At my company/org we ask for peoples' names. If they gave us a "fake" name it wouldn't really matter, as long as we have something to put on their meal containers (we do meals-on-wheels for people with a loss of autonomy), their bills and the sheet with peoples' names for our volunteers. Same here. Also, in Germany, you are legally required to be able to identify yourself in public (Ausweispflicht) and if you're not to, police can arrest you and take you to the next station: https://de.wikipedia.org/wiki/Ausweispflicht Also, legally, anyone leaving their home country within the European Union is required to carry an ID: "Bürger jener Staaten, in denen das Freizügigkeitsabkommen der EU gilt (d. h. der Europäischen Union einschließlich des Europäischen Wirtschaftsraums wie auch der Schweiz), müssen nach § 8 des Freizügigkeitsgesetzes/EU während ihres Aufenthaltes einen Pass oder anerkannten Passersatz besitzen und diesen bei der Einreise in die Bundesrepublik mitführen, um ihn beim Grenzübertritt auf Verlangen vorzeigen zu können." We aren't police. Again, you are just referring to the basic laws of the constitution but those don't apply ultimately. There are still laws building on top of the constitution which can limit them, e.g. police can take away your freedom in some cases and especially in Germany, freedom of speech is also not unlimited. Plus, your insurance company will want to have a word with you as They haven't in the (admittedly fairly short) time I've been involved in orga. And as Karen Sandler pointed out there's no such thing as 'anonymized' data. There is also no such thing as ultimate privacy. Then why not do our best to protect attendees privacy as much as possible :). Taowa
Re: Suggestions, questions and concerns about DebConf19?
On 2018-08-11 17:41, John Paul Adrian Glaubitz wrote: > On 08/11/2018 11:03 AM, Thomas Kuiper wrote: >>> What happens in case of an emergency then? Aren't organizers of large >>> events of this type required by law to keep lists of real name? >> It depends on the country but I've never had that in Taiwan. >> Martial law is over since a long time. >> There's an 'old' "assembly act" but that's for anything political. >> "Freedom of assembly/association" that exists in most democratic countries >> means you don't have to keep such lists. > This is a matter of liability. If you have some going crazy and start > demolishing > property at the conference venue, you will most certainly want to have someone > whom you can make pay for it. The procedure is that the police will question him, take his personal information and the venue/organizers may start legal proceedings. You can also sue someone that you don't know the name of. Just because you know their name doesn't mean they will pay either! Liability is something else. So knowing someone's name won't stop vandalism unless you think that someone behaves better cause their name is known... ? > If you're fine with carrying the costs yourself, that's ok. But I think it's > a bit of naive to assume that everyone who attends such a large event is > of good will and nothing will ever happen. no, for such cases there's this thing called third party liability insurance. > This seems to be a typical case of a rule that is not going to be enforced > unless there is going to be the first incident which would have prevented > by it. You know, like these signs at certain beaches where it says "No > swimming.". So far I'm not convinced by knowing someone's name or address changes anything. Otherwise will you have to give your name to someone when you take a bus or go for a swim?! > >>> If, for example, an attendee of the conference has a serious accident >>> and other folk call emergency services, they will have a problem when >>> asked for the name and street address of an attendee. Or, even worse, >>> if an attendee died, organizers will not be able to contact someone >>> from the circle of their family etc. >> I don't think this falls under the responsibility of the organizers, unless >> there is a Debconf on a ship or airplane. >> For such a long conference it makes sense to provide an OPTIONAL emergency >> contact though! >> Also there should be people that know how to do CPR at the venue (it can be >> trained). > So, if you have someone who goes by "trumpet232" and they become so seriously > injured that you need to call an ambulance, you just shrug your shoulders > when it comes to contacting their relatives? No, ideally he has friends at the conference that can identify him. There's also consular offices (in case that is a foreigner) and many other means to identify someone. I'm assuming that the ambulance has the right to search his belongings and find stuff like an ID or credit cards. > From my personal experience, you sometimes need to protect people from > their own mistakes. Especially younger folk will underestimate the > importance of safety precautions. That's what parents or babysitters are for. ;-) . >>> Or imagine an attendee commits a felony, you need to be able to >>> identify them as well. There are probably countless occasions where >>> it's simply not enough to identify as "trumpet232" at the registration >>> desk. >> Why? That's up to the police to investigate. Any Data Protection Assessment >> (DPA) >> would show that the mass collection of people's addresses is by far worse >> than >> the risk of having someone commit a felony. > So, you are saying all this fancy encryption technology with USB keys, > fingerprint sensors and whatnot in the hands of Debian Developers is > not trustworthy enough? Why you think that I'm saying that? I'm pointing out that any collection of private data must have a previous assessment. This is part of the new EU GDPR by the way: https://www.itgovernance.co.uk/privacy-impact-assessment-pia (its PIA btw not DPA, sorry). There's a fine for not doing it now... ;-) I don't get your connection with encryption keys to this issue. > How does it work at your company? Do they also allow just nicknames > for customers and employees and if something happens, you just trust > for the police to investigate this data? Don't you think that the police > or insurance companies will at least say "Hey, why didn't you keep a > record of the people you're making business with so that you know who > is going to be liable?" I don't get your point. Are you leaving your address to every place you visit?! ;-) > Also, in Germany, you are legally required to be able to identify > yourself in public (Ausweispflicht) and if you're not to, police > can arrest you and take you to the next station: You don't really need to carry it with you (news for you probably). Its the police/legal authorities that is authorized to check
Re: Suggestions, questions and concerns about DebConf19?
John Paul Adrian Glaubitz writes: >>> Or imagine an attendee commits a felony, you need to be able to >>> identify them as well. >> >> Talk to the police. > > Even the police cannot identify a foreigner without passport documents. They can. Why do you think they collect photos and fingerprints when entering the country? Ansgar
Re: Suggestions, questions and concerns about DebConf19?
On 08/11/2018 11:23 AM, Thomas Goirand wrote: >> What happens in case of an emergency then? Aren't organizers of large >> events of this type required by law to keep lists of real name? > > Why would they? It's a matter of liability. If your event surpasses a certain size, you will not be able to make sure that everyone who attends is of good will, for example. >> If, for example, an attendee of the conference has a serious accident >> and other folk call emergency services, they will have a problem when >> asked for the name and street address of an attendee.> Or, even worse, >> if an attendee died, organizers will not be able to contact someone >> from the circle of their family etc. > > For this kind of issues, there's government organizations like > consulates and so on. And? How is the consulate going to identify them? >> Or imagine an attendee commits a felony, you need to be able to >> identify them as well. > > Talk to the police. Even the police cannot identify a foreigner without passport documents. There have been numerous cases in the past where police found someone unconscious without an ID and amnesia and they were unable to identify them for months. Just happened here recently in Berlin. >> There are probably countless occasions where >> it's simply not enough to identify as "trumpet232" at the registration >> desk. > > I don't agree. That's not Debian's job to do the one of the police and > other governmental organizations. So you're saying that taking care of each other is not important for Debian? Got it. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Re: Suggestions, questions and concerns about DebConf19?
On 08/11/2018 11:03 AM, Thomas Kuiper wrote: >> What happens in case of an emergency then? Aren't organizers of large >> events of this type required by law to keep lists of real name? > It depends on the country but I've never had that in Taiwan. > Martial law is over since a long time. > There's an 'old' "assembly act" but that's for anything political. > "Freedom of assembly/association" that exists in most democratic countries > means you don't have to keep such lists. This is a matter of liability. If you have some going crazy and start demolishing property at the conference venue, you will most certainly want to have someone whom you can make pay for it. If you're fine with carrying the costs yourself, that's ok. But I think it's a bit of naive to assume that everyone who attends such a large event is of good will and nothing will ever happen. This seems to be a typical case of a rule that is not going to be enforced unless there is going to be the first incident which would have prevented by it. You know, like these signs at certain beaches where it says "No swimming.". >> If, for example, an attendee of the conference has a serious accident >> and other folk call emergency services, they will have a problem when >> asked for the name and street address of an attendee. Or, even worse, >> if an attendee died, organizers will not be able to contact someone >> from the circle of their family etc. > I don't think this falls under the responsibility of the organizers, unless > there is a Debconf on a ship or airplane. > For such a long conference it makes sense to provide an OPTIONAL emergency > contact though! > Also there should be people that know how to do CPR at the venue (it can be > trained). So, if you have someone who goes by "trumpet232" and they become so seriously injured that you need to call an ambulance, you just shrug your shoulders when it comes to contacting their relatives? >From my personal experience, you sometimes need to protect people from their own mistakes. Especially younger folk will underestimate the importance of safety precautions. >> Or imagine an attendee commits a felony, you need to be able to >> identify them as well. There are probably countless occasions where >> it's simply not enough to identify as "trumpet232" at the registration >> desk. > Why? That's up to the police to investigate. Any Data Protection Assessment > (DPA) > would show that the mass collection of people's addresses is by far worse than > the risk of having someone commit a felony. So, you are saying all this fancy encryption technology with USB keys, fingerprint sensors and whatnot in the hands of Debian Developers is not trustworthy enough? How does it work at your company? Do they also allow just nicknames for customers and employees and if something happens, you just trust for the police to investigate this data? Don't you think that the police or insurance companies will at least say "Hey, why didn't you keep a record of the people you're making business with so that you know who is going to be liable?" Also, in Germany, you are legally required to be able to identify yourself in public (Ausweispflicht) and if you're not to, police can arrest you and take you to the next station: > https://de.wikipedia.org/wiki/Ausweispflicht Also, legally, anyone leaving their home country within the European Union is required to carry an ID: "Bürger jener Staaten, in denen das Freizügigkeitsabkommen der EU gilt (d. h. der Europäischen Union einschließlich des Europäischen Wirtschaftsraums wie auch der Schweiz), müssen nach § 8 des Freizügigkeitsgesetzes/EU während ihres Aufenthaltes einen Pass oder anerkannten Passersatz besitzen und diesen bei der Einreise in die Bundesrepublik mitführen, um ihn beim Grenzübertritt auf Verlangen vorzeigen zu können." >> I know many people in Debian are a huge fan of high privacy levels, >> but there is often actually a valid reason beyond advertisement and >> statistics why lists are kept with the name of attendees and people >> who demand these high levels of privacy should keep that in mind. >> >> Some requirements are imposed by the law and/or safety requirements, >> so you cannot just ignore them, even if you a "digital native". > I would be very interested if you can point those laws out? > I'm not aware such stuff exists in Germany (basic law article 8 has freedom > of assembly) > so does Taiwan (which is a copy/paste from the German basic law). Again, you are just referring to the basic laws of the constitution but those don't apply ultimately. There are still laws building on top of the constitution which can limit them, e.g. police can take away your freedom in some cases and especially in Germany, freedom of speech is also not unlimited. Plus, your insurance company will want to have a word with you as well. > And as Karen Sandler pointed out there's no such thing as 'anonymized' data. There is also no such thing as ultimate privacy.
Re: Suggestions, questions and concerns about DebConf19?
On 08/11/2018 03:45 AM, Yao Wei wrote: > Hi, > > Please, if possible, keep your funding source simple and don't sell data > to the government like we did this time. > > I feel tremendously sorry handling this issue. > > Yao Wei Hi, You really don't need to. Other people would have just sent out all the info without telling anyone, and you handled it correctly. I personally don't care too much if my initials and country name are given out to a government who anyways takes my fingerprint when I get in. This makes me by the way think that giving out initials is the same as giving out full passport info, as they can easily cross-compile the dbs. But should I care? Attending Debconf is *ANWAY* a public thing: faces can be seen on camera and so on (even if you don't give any talk). Thanks for all the work you've done, Cheers, Thomas Goirand (zigo)
Re: Suggestions, questions and concerns about DebConf19?
Hi, On 2018-08-11 16:01, John Paul Adrian Glaubitz wrote: > On 08/11/2018 09:06 AM, Clayton wrote: >> This was my first DebConf and I chose not to offer my last name on the >> registration, or at any point during the conference, and nobody seemed >> bothered. I believe(?) there were some registrants who were entirely >> pseudonymous. If one does not want one's name exposed publicly in an >> online community, then just don't give a real name. > What happens in case of an emergency then? Aren't organizers of large > events of this type required by law to keep lists of real name? It depends on the country but I've never had that in Taiwan. Martial law is over since a long time. There's an 'old' "assembly act" but that's for anything political. "Freedom of assembly/association" that exists in most democratic countries means you don't have to keep such lists. > If, for example, an attendee of the conference has a serious accident > and other folk call emergency services, they will have a problem when > asked for the name and street address of an attendee. Or, even worse, > if an attendee died, organizers will not be able to contact someone > from the circle of their family etc. I don't think this falls under the responsibility of the organizers, unless there is a Debconf on a ship or airplane. For such a long conference it makes sense to provide an OPTIONAL emergency contact though! Also there should be people that know how to do CPR at the venue (it can be trained). > Or imagine an attendee commits a felony, you need to be able to > identify them as well. There are probably countless occasions where > it's simply not enough to identify as "trumpet232" at the registration > desk. Why? That's up to the police to investigate. Any Data Protection Assessment (DPA) would show that the mass collection of people's addresses is by far worse than the risk of having someone commit a felony. > I know many people in Debian are a huge fan of high privacy levels, > but there is often actually a valid reason beyond advertisement and > statistics why lists are kept with the name of attendees and people > who demand these high levels of privacy should keep that in mind. > > Some requirements are imposed by the law and/or safety requirements, > so you cannot just ignore them, even if you a "digital native". I would be very interested if you can point those laws out? I'm not aware such stuff exists in Germany (basic law article 8 has freedom of assembly) so does Taiwan (which is a copy/paste from the German basic law). How about Brazil? I'm not a lawyer, but as far as I can tell from their Constitution its a right too: Article 5: [...] 10. the privacy, private life, honour and image of persons are inviolable, and the right to compensation for property or moral damages resulting from their violation is ensured;[...] [...] 16. all persons may hold peaceful meetings, without weapons, in places open to the public, regardless of authorization provided that they do not frustrate another meeting previously called for the same place, subject only to prior notice to the competent authority;[...] As sponsor, we hope that you can collect the absolute minimum amount of data and give the freedom from (risk of) surveillance to attendees. The government sponsor which makes the rule that attendees information must be shared obviously did not do any privacy assessment. For us in Taiwan, it would be interesting to talk with them how it can be avoided in the future. In case the local domain registry (.TW = TWNIC) would held events with us (Gandi) they ask for similar things (including signatures of the attendees!) and that is why we never co-hosted anything with them. ;-) And as Karen Sandler pointed out there's no such thing as 'anonymized' data. Thanks for this interesting discussion, Thomas
Suggestions, questions and concerns about DebConf19?
Hello, Suggestions, questions and concerns about DebConf19? Please write on the pad below (we really need your help): https://pad.riseup.net/p/DC19Suggestions-keep Best regards, -- Paulo Henrique de Lima Santana (phls) Curitiba - Brasil Membro da Comunidade Curitiba Livre Site: http://www.phls.com.br GNU/Linux user: 228719 GPG ID: 0443C450 Apoie a campanha pela igualdade de gênero #HeForShe (#ElesPorElas) http://www.heforshe.org/pt
