Re: [Mailman-Users] [Mailman-cabal] GDPR
Grant Taylor via Mailman-Users writes: > What is their working definition of "thread"? I don't know. I gave what I think is a reasonable definition, and I would argue that going to parents of that message is not required by GDPR, even if for some reason you need to remove whole posts. > I'm afraid that the infinite wisdom of politicians will say that the > entire paper needs to be shredded. We know what the politicians said. It's in the GDPR law. Forget politicians' stupidity. What matters now is (1) what courts will say, and (2) what courts will refuse to call frivolous (so that the party with the uglier lawyer wins at great expense to the party with the beautiful lawyer). Appeals judges generally are pretty sensible in the U.S. and Japan, and usually they do understand the issues. I suppose it's similar in the EU. What I'm concerned with is where PII can enter Mailman and be stored on the host. Whether the law reaches that or not is not really important here. We look at each place, decide how easy it is to (1) find all instances of a particular identifier, (2) determine whether and by whom it has been accessed, and (3) redact that identifier. Then we look at costs and start implementing the cheaper cases. > I think it also significantly depends on what needs to be redacted. > Removing "supercalifragilisticexpialidocious" is a LOT different than > removing "Grant Taylor" from the Mailman-Users archive. It needs to be personally identifying, and pragmatically (1) above means either (a) it will be found in certain header fields which we can remove entirely or redact in full or part, or (b) a full-text search will find it. This means that descriptions like "the US politician known to lie 6 times a day" are out -- there are too many ways to express that. If GDPR requires finding and redacting that, the list will have to fold up shop. But I don't think it does: I think here PII refers to numbers, names, and addresses (as we usually understand those words!) that uniquely identify a person for purposes such delivering goods, services and information, or as part of an authentication process for accessing services (eg, financial or informational). > I wonder if there's any correlation between the IP that authenticated > and the IP that accessed data. Not in Mailman, although it could be done. HTTP is a stateless protocol, so to maintain a session you need to provide a token (typically a "cookie"). That token can be passed around in the user's network. It would be possible to include the IP in the data hashed to create the auth token, and validate that, but we don't. > 2) *sigh* It sounds like GDPR is talking about specific fields that > could contain PII, even if they don't, while ignoring other fields that > erroneously do contain PII. It's not GDPR. *I* wrote that. What I was trying to say is that there are fields like display name and email that are normally used for data that is PII, and so would be presumed to contain PII if populated in a database record. > > However, in Mailman 2 the various list passwords are shared, and > > would not identify individuals in cases with multiple moderators > > or list owners. > > IMHO that's an operational mis-step. It's a FACT, and it's not going to change in Mailman 2. We need to work with it, or perhaps European lists simply won't be able to use Mailman 2 with multiple admins if GDPR requires auth that identifies a single individual. (Mailman 3 does allow identifying a single individual, but I don't think we log auth attempts or successes yet.) > (Part of) GDPR is not about (just) knowing who has (had at the > time) legitimate access to data, but additionally making it more > difficult for other 3rd parties to gain access to the data in the > future. By the fact that the data is removed from the corpus that > the 3rd party is subsequently given access to. I don't think "make it difficult to access data" is a requirement in GDPR. I think making reconstruction of history difficult is the *intent* of GDPR's "right to be forgotten", but that doesn't mean you need to conceal data (such as social network "handles") that is normally used to identify users in operation. The access logging is about a different aspect of privacy, which is knowing who had access to that data. AFAICS, the privacy policy itself is up to the host and/or the industry and its regulators. Wikis may have zero privacy in normal operation, but you still need to log accesses to people's profiles I suppose. Banking privacy is specified by banking laws, not GDPR, I suppose, but again GDPR mandates logging of accesses. > I'm talking about 3rd party spam filtering services that are in the > path between, downstream in between Mailman and the recipient's > server. They collect logs / data all the time. Usually those logs > and that data are what help them be better at their job of spam > filtering. The Mailman admins don't have access
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/22/2018 07:33 PM, Stephen J. Turnbull wrote: I would imagine that it is the subthread rooted at the first post containing complainant's PII -- "Personally Identifying Information". I feel like that's a self referencing definition. A "thread" is "a subthread rooted at the first post containing PII". I agree that's where the focus should start. But I don't think it defines a thread in the way that I'm asking. What is their working definition of "thread"? Let's say: 1) Bla 2) +--- Re: Bla 3) +--- Re: Bla 4) | +--- BlaBlaBla 5) +--- Re: Bla 6) +--- I hijacked this thread because I need help!!! Let's say the PII was in message 3 and the person replying to it in message 4 removed the PII. Do messages 3 and 4 need to be removed (or otherwise modified)? Let's say that message 1 had the PII, messages 2, 3, and 5 quoted it, but 4 did not and 6 is a hijacker that hit reply on the most convenient message (under his cursor) and removed all content. Do messages 4 and 6 need to be removed? What is the "(sub)thread" that needs to be removed? That is going to depend on the presence of PII in the messages. If *whole messages* are to be deleted, that would presumably involve content that somehow identifies the person. I would expect that we don't have to delete whole bug reports on this list just because somebody requests their PII be redacted. I agree that it's possible to remove / redact PII without deleting the items containing the PII. Think about it this way, spooks don't shred the entire sheet of paper, instead they take a black marker and redact just the pieces that need to be removed. I'm afraid that the infinite wisdom of politicians will say that the entire paper needs to be shredded. I think it also significantly depends on what needs to be redacted. Removing "supercalifragilisticexpialidocious" is a LOT different than removing "Grant Taylor" from the Mailman-Users archive. "supercalifragilisticexpialidocious" would be like reference to an event. "Grant Taylor" would be any mention of my (or an impostor's) name. The former is likely MUCH simpler to do than the latter. The latter will also impact MANY more messages. What worries me more is the implications for blockchain, or more precisely, DAG-based VCSes that use hashes for integrity check like git: the identity of commits will change if authors and emails are redacted, including if a commit log refers to PII of a bug reporter as they often do. I guess you'd need to maintain an index of pointers from old commit ids, or at least for branches and tags (we do have the reflog in git). I don't want to try to work that out. And heaven help you if you're a security conscious group like the Linux kernel and use signed commits. I guess the person who does the redaction would sign the new commits, but that's pretty yucky -- that person could do anything and nobody would know when it happened because you have to delete the old commits and blobs that get redacted. Yep. As I understand the "right to be forgotten", it's *not* a right to arbitrarily edit content stored by someone else, it's the right to redact *all* PII in that content. Agreed. In this case, I don't think that supercalifragilisticexpialidocious qualifies under GDPR's right to be forgotten. }:-) It's not just messages from a person, it's headers containing their name and email address, attribution lines for quoted material, quoted .sigs, etc etc. Agreed. What about headers containing message ID from an uncommon / single user domain like mine? I'd say that anything that can be used to identify less than a group of 1000 people would probably need to be redacted. (I just chose 1000 arbitrarily, but it's a starting point.) You're missing 0) Randos accessing public archives. What other modes have we collectively missed? For (0), the only logging would be IP addresses in the webserver. True. No. The accessing IPs will be in the webserver logs, but I don't think there is any logging in either Mailman 2 or Mailman 3 of authentication data. All there would be is the implication that authentication was successful if that data were accessed. Okay. I wonder if there's any correlation between the IP that authenticated and the IP that accessed data. In Mailman 2 there's no PII data whatsoever except for email address and (maybe) display name in the subscriber data. I expect that either of those, the email address -or- the display name are enough to count as PII. I believe it's fair to say that people expect gtaylor (at) tnetconsulting (dot) net to reference a single person. I also believe it's fair to say that most people expect most email addresses to identify be associated with one person. The only exceptions to the rule being things like positional addresses; sales@ or info@ or webmaster@. I suppose you could put phone #s and junk like that in the display name, but GDPR
Re: [Mailman-Users] [Mailman-cabal] GDPR
Grant Taylor via Mailman-Users writes: > On 05/14/2018 06:33 AM, Andrew Hodgson wrote: > > Current advice from the GDPR people is we may have to delete the whole > > thread. > > What is their working definition of "thread"? I would imagine that it is the subthread rooted at the first post containing complainant's PII -- "Personally Identifying Information". > Why can't just the individual's message(s) be delete? Or better > redacted to not reflect them? That is going to depend on the presence of PII in the messages. If *whole messages* are to be deleted, that would presumably involve content that somehow identifies the person. I would expect that we don't have to delete whole bug reports on this list just because somebody requests their PII be redacted. What worries me more is the implications for blockchain, or more precisely, DAG-based VCSes that use hashes for integrity check like git: the identity of commits will change if authors and emails are redacted, including if a commit log refers to PII of a bug reporter as they often do. I guess you'd need to maintain an index of pointers from old commit ids, or at least for branches and tags (we do have the reflog in git). And heaven help you if you're a security conscious group like the Linux kernel and use signed commits. I guess the person who does the redaction would sign the new commits, but that's pretty yucky -- that person could do anything and nobody would know when it happened because you have to delete the old commits and blobs that get redacted. > > Still under discussion, this is also complex because threads and > > subjects change, if we delete the whole thread there may be > > messages from the same author in other threads that don't have > > correct atribution etc. As I understand the "right to be forgotten", it's *not* a right to arbitrarily edit content stored by someone else, it's the right to redact *all* PII in that content. It's not just messages from a person, it's headers containing their name and email address, attribution lines for quoted material, quoted .sigs, etc etc. > I see six modes of access to the data: > > 1) List subscribers > 2) List owners / administrators > 3) Host system administrators > 4) Administrators that are in the downstream SMTP / HTTP path and can > track things. > 5) Backups. > 6) Ongoing Discovery. You're missing 0) Randos accessing public archives. For (0), the only logging would be IP addresses in the webserver. > I would expect that #1 requires authentication to MM for > subscribers to see data, and I expect that this is logged in some > (indirect) capacity. No. The accessing IPs will be in the webserver logs, but I don't think there is any logging in either Mailman 2 or Mailman 3 of authentication data. All there would be is the implication that authentication was successful if that data were accessed. In Mailman 2 there's no PII data whatsoever except for email address and (maybe) display name in the subscriber data. I suppose you could put phone #s and junk like that in the display name, but GDPR is more concerned with the database fields that might store PII than the actual content. > I would expect that #2 would have access to the data as part of their > role of owning / administering a mailing list. However, in Mailman 2 the various list passwords are shared, and would not identify individuals in cases with multiple moderators or list owners. > I would also expect that #3 has the capability to access the data. But > I would also expect that #3 would not access the data in normal day to > day operations. Indeed. The problem is identifying them if they do, since they can just use normal filesystem operations from the shell, which are not normally logged at all. In Mailman 3, we can configure databases like PostgreSQL, which I suppose can log access to the subscriber databases, and which make it hard (but not impossible) to access data via ordinary filesystem operations. However, I think that the issue here is basically moot. You keep host access logs to check for suspicious IP addresses (attempting to) log in, and otherwise (for #2 and #3) you just give the list of all the people who can access that data in the normal course of their duties. I don't think the issue with logging is pinning down a particular access to specific data, but rather determining who *could* access that data. The relevant access might have been by a long-since fired engineer who did a Snowden on your database. How could you possibly know? > Are you saying that GDPR is going to complicate things related to > #3 and make it such that there is more of a union between #2 and > #3? I.e. exclude 3rd party site hosters from being able to be #3? I don't understand the "exclude third party site hosters". The GDPR requirement is not to *limit* access, it's to *log* access. > What is their working definition of "marketing"? I'm pretty sure they're
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/17/2018 02:56 AM, Bernd Petrovitsch wrote: FWIW and IMHO, I think we are in violent agreement here. :-) In the old-school life: the sender (because s/he said it on her/his free will) - I hope;-). But the person who overheard it may tell the story to a third person. And it's just/only hear-say - even if it's actually 100% correct (which it is almost never ever the case). And there starts actually the real "forgetting" or "doubts" ... I agree that fan-out can be a problem. IMHO the root cause is the person that said it, the sender. But in a "everything is written" world, that is massively different: In the old-school world, a "written proof" had a quite large value because it wasn't trivial to have such a thing. Nowadays - with almost every communication over the Internet - it's the normal, that there is a "written proof" aka recorded/logged/whatever. That's an interesting point, but I'm not seeing who's at fault, the person who overheard what I said (the archive) or me for saying it in a non-secure manner (the sender)? I'm not diving into differences of "how some judge may value some so- called proof" in some given (somewhat Western) country, but most people - even in Spring 2018 - don't realize, what's really going on and try to get back the world from the 1960s (or so;-) - well, "thinking before talking" was always a hard job;-) True. A court order may "force" you to not tell it to anyone but it can't make you forget it (or write it down and hide it somewhere safe). Where force = order under some form of penalty, sure. So in general: No. And that's exactly the problem with the "right to be forgotten". :-) Good ideas usually start to have problems when they are taken too far. Of course. But only for (somewhat obvious) very good (including legal) reason like really hard law issues like - at least in .at and .de - Nazi stuff and/or (everywhere I hope) certain forms of pr0n. Even with those issues, the court can only order you, under some penalty, to not do something. They still can't cause you to unsee or forget something. At least I'm not aware of any such technology yet. (My ignorance of such technology does not preclude it from existing.) But for some claims of "please remove my email address?"? If that email address can be found (via Google) on hundreds of sites, the removal of one instance doesn't change anything. Ooops, and a chicken-egg problem I think it does. IMHO it's the issue of multiple people doing the same wrong thing does not make the thing in question correct. Case and point, is it wrong to ask someone specific to stop spamming me when considering that multiple other people could be spamming me? Or, more along the lines of your example, saluting in a Nazi-esq manner? (I'm not saying I agree with anything there in, I'm just using it as an example.) That question should be answered by some copyright/authors right lawyer. Hum. I would be interested in what their take is. I suspect it's going to come down to misrepresentation. Either trying to falsely claim credit for someone else's work, or trying to attribute something to someone who didn't say it. Short of significant persuation to the contrary, I'm going to continue to believe that admins / owners of system have the right to modify what was said in very specific cases when it comes to what enters / passes through / is stored on their systems. IMHO this MUST be done in a manner that makes it clear that this was done. Yes, and everyone writes that in the mailinglists charta (including that all mails go into a public archive, are never edited, censored, deleted, etc.). Just from that point of view, everyone sending mails to the mailinglist has implicitly agreed to the rules including the publication in a Google-indexed archive. I have some issues with that. - Corporate policy, regional laws, technical capabilities, etc. can conflict. - Agreeing to a E.U.L.A. does not mean that you actually understand it. (I'm hearing where this is being starting to be challenged in courts.) - Index ability is independent of publicity. BTW: I cannot do everything I want with it because I cannot choose to plain simply ignore modification requests from a court. Hence regional laws above. Everyone can claim a lot of things - the hard question is how to proove it;-) Yep. Any serious business won't send me any "newsletters" if I request that without any legal backing (if only that I continue to buy from it in the future and don't tell anyone that they ignore such simple things - and because it's "just the right thing to do"(TM)). Sadly, I've seen legitimate businesses fail and do exactly that. Use contact details specifically for the contracted service inappropriately for marketing reasons. Yup, but there are other companies or folks using selling addresses and other personal data (if only for "scientific purposes"[0]). I feel
Re: [Mailman-Users] [Mailman-cabal] GDPR
On Mon, 2018-05-14 at 16:54 -0600, Grant Taylor via Mailman-Users wrote: [...] > On 05/14/2018 04:11 PM, Bernd Petrovitsch wrote: > > Seriously, these folks don't know what they imply. > > Nope. Politicians (almost) never fully understand what's going on. FWIW and IMHO, I think we are in violent agreement here. [...] > Who's at fault in this scenario: The person who overheard what I said > (the archive) or me for saying it in a non-secure manner (the sender)? In the old-school life: the sender (because s/he said it on her/his free will) - I hope;-). But the person who overheard it may tell the story to a third person. And it's just/only hear-say - even if it's actually 100% correct (which it is almost never ever the case). And there starts actually the real "forgetting" or "doubts" ... But in a "everything is written" world, that is massively different: In the old-school world, a "written proof" had a quite large value because it wasn't trivial to have such a thing. Nowadays - with almost every communication over the Internet - it's the normal, that there is a "written proof" aka recorded/logged/whatever. I'm not diving into differences of "how some judge may value some so- called proof" in some given (somewhat Western) country, but most people - even in Spring 2018 - don't realize, what's really going on and try to get back the world from the 1960s (or so;-) - well, "thinking before talking" was always a hard job;-) > Is there any legal method that I can use to compel a person to > forget=20 > what they overheard me say? A court order may "force" you to not tell it to anyone but it can't make you forget it (or write it down and hide it somewhere safe). So in general: No. And that's exactly the problem with the "right to be forgotten". > > For the author's rights side to it: I answer an email (and happen > > to quote just the relevant parts of other emails) to a public > > mailinglist with a public archive. > > > > I don't think that the archive's admin or anyone else should have > > the right (let alone the duty) to edit or change my email in there > > - or even worse: remove it completely. > > I disagree. > > I believe that the admins / owners of the archive have the right to > remove something from the archive (or prevent it from going into the > archive in the first place). Of course. But only for (somewhat obvious) very good (including legal) reason like really hard law issues like - at least in .at and .de - Nazi stuff and/or (everywhere I hope) certain forms of pr0n. But for some claims of "please remove my email address?"? If that email address can be found (via Google) on hundreds of sites, the removal of one instance doesn't change anything. Ooops, and a chicken-egg problem > I don't believe that admins / owners have the general right to modify > what was said. ACK. > I do believe that the admins / owners have the right to modify what was > said in very specific cases, like REDACTING something. As long as they That question should be answered by some copyright/authors right lawyer. > do so in a manner that is clearly identifiable that something was REDACTED. ACK. > After all, it is their system, they administer / own it and can do > what ever they want to with it. Yes, and everyone writes that in the mailinglists charta (including that all mails go into a public archive, are never edited, censored, deleted, etc.). Just from that point of view, everyone sending mails to the mailinglist has implicitly agreed to the rules including the publication in a Google-indexed archive. BTW: I cannot do *everything* I want with it because I cannot choose to plain simply ignore modification requests from a court. > They should go out of their way to not misrepresent what you said / > did. > > They could also claim that your message was modified before it got to > them. Everyone can claim a lot of things - the hard question is how to proove it;-) > > PS: The whole "right to be forgotten" idea is absurd per se - think > > about private archives (and I don't think about 3-letter > > organizations only). > > Can't we define the public archive to be an necessary and important > > part of a public mailinglist and be done with it?! For almost > > everyone else some "important reason" is good enough too. > > I feel like the idea that you can compel someone to forget something > is absurd. > > I think you can compel businesses to no longer use your contact > information. Any serious business won't send me any "newsletters" if I request that without any legal backing (if only that I continue to buy from it in the future and don't tell anyone that they ignore such simple things - and because it's "just the right thing to do"(TM)). > Which is my naive understanding of part of what the spirit of GDPR > is. Yup, but there are other companies or folks using selling addresses and other personal data (if only for "scientific purposes"[0]). > I can see a scenario where a company
Re: [Mailman-Users] [Mailman-cabal] GDPR
Following with interest, although my mailmans are on Dreamhost and I don't have root access only admin. RBTF concerns aside, I am wondering how to do a renewed opt-in, similar to what I see Mailchimp currently running. Any ideas? -- --- Joly MacFie 218 565 9365 Skype:punkcast -- - -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/15/2018 03:08 AM, Andrew Hodgson wrote: What do I redact or remove in this instance? - Personal details about the original poster and the event who had not consented to having their email posted to the mailing list; I would likely have (presuming sufficient motivation): 1) Get mailman into a state that I can safely modify the archive. 2) Run a script (likely sed) to REDACT the contents. sed -i$ticketID 's/phone number/REDACTED/g;s/Eventbright Link/REDACTED/g;#etc' 3) Restarted Mailman and possibly web server serving the archive. (Or otherwise flushed caches.) I quite like "REDACTED" as it shows that there was something, and that it was removed, but it does not show what that something was. In the end I removed the phone numbers, her personal address and the Eventbright links from all messages, including some messages from other people where they had re-echoed the Eventbright links as part of their conversation to help other people. Fair enough. She wasn't very happy, I doubt there was much more that you could have done. She's free to be upset. But she shouldn't be upset with you. You did her a favor that I don't think you were strictly compelled to do. but worse is the person who forwarded it to the mailing list refused to understand what they had really done and believed they had the right to send the post anywhere as they believed it was in the public domain. *sigh* I don't know what to say there. I feel like that's between her and the event owner / organizer. Just an example of the type of stuff that I may get asked to remove in future. IMHO that is not unexpected, if not somewhat typical. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/15/2018 03:18 AM, Andrew Hodgson wrote: At the moment the list administrator and moderator account is accessed via no username and a single password. If that password is shared, I have no audit trail of who logged into the system. ACK I like to run Mailman (et al) administration pages behind htaccess protection. Thus I have the username that authenticated to the web server to corroborate who's actually accessing things. Also the system currently doesn't log specific access, for example admin A exported a load of addresses, admin B added 100 subscribers to the mailing list etc. Can you not tell what was done based on the web server logs and the requested URLs? I know that won't catch POST data, but it will give you more information than not looking at the web server logs. Aside: I personally consider the web server to be part of the application framework. As such, I exercise and use it to (what I think is) my advantage. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Bernd Petrovitsch [be...@petrovitsch.priv.at] wrote: >On Mon, 2018-05-14 at 12:33 +, Andrew Hodgson wrote: [...] >> These are just rough notes: >> >> - Archive purge requests. We have discussed the same items as on the >> list to date. I am looking at doing a simple grep for the relevant >> person's details and changing that. The main reason for doing this >> is that if we just remove the author's messages they will be in a >> thread of other messages and our users typically don't remove quoted >> material. Current advice from the GDPR people is we may have to >> delete the whole thread. Still under discussion, this is also >While at it, why not delete the entire archive just to be sure? SCNR That is something we haven't ruled out just yet! >And to be honest: If person X fullquotes and the email ends in an >archive, who's fault is it? The last archive removal request I had a few weeks ago stemmed from one of the subscribers posting a private message about an event and it had the original poster's mobile number in it as well as contact details for the event. There was a large thread about this event, and everyone used top posting. The original author contacted us after having been informed they found the event invitation from our website, and were not happy. What do I redact or remove in this instance? - The whole thread; - Personal details about the original poster and the event who had not consented to having their email posted to the mailing list; - Anything else? In the end I removed the phone numbers, her personal address and the Eventbright links from *all* messages, including some messages from other people where they had re-echoed the Eventbright links as part of their conversation to help other people. She wasn't very happy, but worse is the person who forwarded it to the mailing list refused to understand what they had really done and believed they had the right to send the post anywhere as they believed it was in the public domain. Just an example of the type of stuff that I may get asked to remove in future. Andrew. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Grant Taylor wrote: On 05/14/2018 06:33 AM, Andrew Hodgson wrote: [...] >> - Audit logs for data access. it is not clear who is accessing >> subscription data for the list as there is just a single owner and >> moderator account. Unsure if current logging data in either MM2 or MM3 is >> "good enough" for this. MM3 may solve the issue about single accounts. >I guess I don't understand the problem and / or make invalid assumptions >about MM. >I see six modes of access to the data: >1) List subscribers >2) List owners / administrators At the moment the list administrator and moderator account is accessed via no username and a single password. If that password is shared, I have no audit trail of who logged into the system. Also the system currently doesn't log specific access, for example admin A exported a load of addresses, admin B added 100 subscribers to the mailing list etc. Andrew. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 2018-05-13 at 05:39 +0900, Stephen J. Turnbull wrote: > It would be a much more annoying matter if they claimed the right to > be deleted from third party posts that quoted and identified them, > though. If there is a "right to be forgotten" that impinges on > mailing list archives, that seems plausible to me, though who knows > what the High Court would rule. I see a few points here. First of all, and I think it hasn't been mentioned yet is the Right to access, ie. of letting people know which data you have about them. I would consider that listing all post by email address X would fulfill it, plus a search feature (*) in case they want to search by other terms, like looking for posts with their name in it. (*) It is my understanding that just providing the mbox and expecting them to grep through it just as the sysadmin would have to do would be sufficient (OTOH if you had an advanced system for completely tracking a guy, and provide him just a crude interface that's probably not ok). Having to find out "anything and everything" where the user was mentioned may imho require what the GDPR calls "a disproportionate effort", and could even result into some liability for not finding some instance. Whereas providing the tools with which it can be done, takes that issue back to the requestor, by providing the tools by which they can do it. As such, wrt redacting archives my view is that they should provide all the urls to the content they want removed (which they should have been able to easily found per above). They provide a list of urls for consideration, only those need to be looked at. I would assume they are ok with other mentions to them if they didn't provide them. If I detected that there was a follow-up top-posting email containing the original content I would probably also truncate it, but strictly as a courtesy matter and with no guarantees that I would do that. If they failed to find themselves, why would I need to dig through the archives, not even knowing what I am looking for? There are too many ways to refer to someone, the email address, different names and abbreviations (and misspellings!), which would not even be unique, plus all kind of references (just suppose that the people to which Julian referred claimed that his email contains PII about them!). Requests to remove on-topic inline replies would be quite a different matter, as they involve removing or altering messages by other people, which could significantly modify the meaning of what third users say by changing the context of the rest of the thread (which isn't necessarily well-defined in a machine readable way). Plus, changing that may infringe some protected speech rights by the subsequent poster (ouch!). Not to mention the multiple jurisdictions typically found on the user base many mailing lists. I would expect reasonable requests not to be a problem, though (eg. just removing an address from a mail signature). As an actionable for the mailman project, I think it could facilitate the implementation of §59: > Modalities should be provided for facilitating the exercise of the > data subject's rights under this Regulation, including mechanisms to > request and, if applicable, obtain, free of charge, in particular, > access to and rectification or erasure of personal data and the > exercise of the right to object. The controller should also provide > means for requests to be made electronically, especially where > personal data are processed by electronic means. The controller should > be obliged to respond to requests from the data subject without undue > delay and at the latest within one month and to give reasons where the > controller does not intend to comply with any such requests. > The user could be browsing a mailing list archive (as noted above) that provides a link to "report content to remove" (automatically verifying the reporter provided email address), which can then be automatically removed (if it's his own email message and configured that way by the list admin) or goes into a queue for admin reviewing (where it can be easily hidden) or replied. NB: this process is more ample than mere "Right to be forgotten" requests, as that would also work for copyright infringement, virus, etc. Best regards Ángel -- Just another non-lawyer looking for his way through the GDPR. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/14/2018 04:11 PM, Bernd Petrovitsch wrote: Seriously, these folks don't know what they imply. Nope. Politicians (almost) never fully understand what's going on. And to be honest: If person X fullquotes and the email ends in an archive, who's fault is it? Obviously the archive's (or more it's owners), not? I don't think so. Who's at fault in this scenario: The person who overheard what I said (the archive) or me for saying it in a non-secure manner (the sender)? Is there any legal method that I can use to compel a person to forget what they overheard me say? For the author's rights side to it: I answer an email (and happen to quote just the relevant parts of other emails) to a public mailinglist with a public archive. I don't think that the archive's admin or anyone else should have the right (let alone the duty) to edit or change my email in there - or even worse: remove it completely. I disagree. I believe that the admins / owners of the archive have the right to remove something from the archive (or prevent it from going into the archive in the first place). I don't believe that admins / owners have the general right to modify what was said. I do believe that the admins / owners have the right to modify what was said in very specific cases, like REDACTING something. As long as they do so in a manner that is clearly identifiable that something was REDACTED. After all, it is their system, they administer / own it and can do what ever they want to with it. They should go out of their way to not misrepresent what you said / did. They could also claim that your message was modified before it got to them. Enter rabbit hole. PS: The whole "right to be forgotten" idea is absurd per se - think about private archives (and I don't think about 3-letter organizations only). Can't we define the public archive to be an necessary and important part of a public mailinglist and be done with it?! For almost everyone else, some "important reason" is good enough too. I feel like the idea that you can compel someone to forget something is absurd. I think you can compel businesses to no longer use your contact information. — Which is my naive understanding of part of what the spirit of GDPR is. I can see a scenario where a company completely removes any and all traces of someone, then buys sales leads which contain said person, and ultimately contact said person again. — Is the company in violation of GDPR? They did (and can prove *) that they removed the person's contact information and thus forgot about them. Or should the company have retained just enough information to know that they should not contact the person again? I.e. a black list. (* Don't talk to me about proving the negative. Assume a 3rd party oversight of some sort.) -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/14/2018 04:02 PM, Ángel wrote: IMHO they would mostly fail under §18 and GDPR wouldn't apply: Okay. What happens if a subsequent data breach (malware / infection) causes said individual archives to become public information? }:-) Of course, if a company was using the mailing list to process personal data, it should have been stated the whole time. I half way suspect this happens much more commonly than you might think. I've seen info@ or sales@ or the likes positional addresses be front ends for mailing lists (of one form or another) that redistributes the email to multiple (usually) internal (usually) employees. I have never seen these types of expansion contacts disclosed as such. Being nitpicky. What about sysadmins subscribed to this list as part of their professional activity ? I know that this happens. But I would argue that the SA should not subscribe themselves. Instead there should be an additional monitoring email address specifically for that purpose. I'd really like to see an intelligent Mailing List Manager have the ability to subscribe an address like this that is used as a feedback loop. I.e. Did the MLM receive a copy of the message that it sent yesterday. I'd assume that it would be something like <$list>-fbl@<$list_domain> to avoid recursive loops. That would allow the MLM to self monitor and escalate if there's a problem. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Hi all! On Mon, 2018-05-14 at 12:33 +, Andrew Hodgson wrote: [...] > These are just rough notes: > > - Archive purge requests. We have discussed the same items as on the > list to date. I am looking at doing a simple grep for the relevant > person's details and changing that. The main reason for doing this > is that if we just remove the author's messages they will be in a > thread of other messages and our users typically don't remove quoted > material. Current advice from the GDPR people is we may have to > delete the whole thread. Still under discussion, this is also While at it, why not delete the entire archive just to be sure? SCNR Seriously, these folks don't know what they imply. And to be honest: If person X fullquotes and the email ends in an archive, who's fault is it? Obviously the archive's (or more it's owners), not? For the author's rights side to it: I answer an email (and happen to quote just the relevant parts of other emails) to a public mailinglist with a public archive. I don't think that the archive's admin or anyone else should have the right (let alone the duty) to *edit* or *change* *my* email in there - or even worse: *remove* it completely. MfG, Bernd PS: The whole "right to be forgotten" idea is absurd per se - think about private archives (and I don't think about 3-letter organizations only). Can't we define the public archive to be an *necessary* and *important* part of a public mailinglist and be done with it?! For almost everyone else, some "important reason" is good enough too. -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/14/2018 05:02 PM, Ángel wrote: > Being nitpicky. What about sysadmins subscribed to this list as part of > their professional activity ? (but otherwise interacting in the same way > as a hobbyist) How do hobbyists interact? Enquiring minds want to know. -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu signature.asc Description: OpenPGP digital signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Grant Taylor asked: > What does GDPR have to say, if anything, about subscribers having > their own archives, which will not be redacted in any way? > IMHO they would mostly fail under §18 and GDPR wouldn't apply: > This Regulation does not apply to the processing of personal data by a > natural person in the course of a purely personal or household > activity and thus with no connection to a professional or commercial > activity. Personal or household activities could include > correspondence and the holding of addresses, or social networking and > online activity undertaken within the context of such activities. > However, this Regulation applies to controllers or processors which > provide the means for processing personal data for such personal or > household activities. Of course, if a company was using the mailing list to process personal data, it should have been stated the whole time. Being nitpicky. What about sysadmins subscribed to this list as part of their professional activity ? (but otherwise interacting in the same way as a hobbyist) -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Grant Taylor via Mailman-Users wrote: ... lots of good examples ... well done ! I too dont think any complainer should have the right to kill a thread, just cos he/she wrote something they later wish to retract. Killing a thread would be gross abuse of all other posters' rights, & would invite worse abuse: anyone could write to a thread knowing they could leverage it later to kill a whole thread. My guess is GDPR (& later similar elsewhere) will probably have been drafted by, & interpreted by mostly politicians & lawyers clueless of our sort of mail lists, who will not have thought through most nasty edge cases we could easily present. Most probably they wont know more than nasty anonymous low grade abusive cases on commercial [anti-]social web chat forums. ( As a crude test I'd expect most drafters to be top posters, gratuitously breaking context, not our sort of list people. (I only know one lawyer professionaly, & typicaly he top posts, & thinks tech style bottom posters weird & they should confirm to his Normal standards, - never occurs to such `Normal' people that they are un-educated, & are contravening Internet procedures techs evolved for good reasons. )). So no faith in GDPR or similar being anything other than drafted by & interpreted by ignorant `Normal' people who will bring us nothing but trouble, & who will seek to waste time of unpaid admins. Hence my intent is to reduce the threat of time wasters as much as pos.: to draft something that says all those who don't conform to our norms are breaching the domains terms of unpaid service, & they lose all rights to waste our time. It wont be water- tight, but if it reduces time wasters, it's sufficient. Most unpaid volunteer admins aren't about to pay their own money to get lawyers to write water tight clauses to protect us from wasters, so I see no better option. Cheers, Julian -- Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU. UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3. Petition for votes: http://berklix.eu/queen/ -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/14/2018 06:33 AM, Andrew Hodgson wrote: - Archive purge requests. We have discussed the same items as on the list to date. I am looking at doing a simple grep for the relevant person's details and changing that. The main reason for doing this is that if we just remove the author's messages they will be in a thread of other messages and our users typically don't remove quoted material. ACK This seems like the lowest common denominator. Current advice from the GDPR people is we may have to delete the whole thread. What‽ What is their working definition of "thread"? Consider this scenario: a LONG running thread and the person exercising their right to be forgotten simply adds a "me to" or an insult at the very end. Does that thread, which obviously had a lot of value to the thread participants need to be deleted? Why can't just the individual's message(s) be delete? Or better redacted to not reflect them? Still under discussion, this is also complex because threads and subjects change, if we delete the whole thread there may be messages from the same author in other threads that don't have correct atribution etc. What does GDPR have to say, if anything, about subscribers having their own archives, which will not be redacted in any way? — Is the mailing list owner / administrator in any way, shape, or form, responsible for expunging those records too? - Audit logs for data access. it is not clear who is accessing subscription data for the list as there is just a single owner and moderator account. Unsure if current logging data in either MM2 or MM3 is "good enough" for this. MM3 may solve the issue about single accounts. I guess I don't understand the problem and / or make invalid assumptions about MM. I see six modes of access to the data: 1) List subscribers 2) List owners / administrators 3) Host system administrators 4) Administrators that are in the downstream SMTP / HTTP path and can track things. 5) Backups. 6) Ongoing Discovery. I would expect that #1 requires authentication to MM for subscribers to see data, and I expect that this is logged in some (indirect) capacity. I would expect that #2 would have access to the data as part of their role of owning / administering a mailing list. I would also expect that #3 has the capability to access the data. But I would also expect that #3 would not access the data in normal day to day operations. Are you saying that GDPR is going to complicate things related to #3 and make it such that there is more of a union between #2 and #3? I.e. exclude 3rd party site hosters from being able to be #3? What say you / them about #4? - Relevant people seem to be happy that running a discussion list not used for marketing purposes should exempt us from some of the marketing type rules regarding data processing. What is their working definition of "marketing"? Does someone saying "Hay, I've got a hand knitted blanket for sale, contact me directly if you're interested." count as marketing? What about a news list from a library saying "Bob is managing the sale of used computer equipment."? They both refer to items for sale and how to contact someone off list. To be really ornery, what if Bob is the person exercising his right to be forgotten. — Can you simply redact his name & contact info? Can you replace it with someone else's? — Or do you need to delete the entire thread and send out a new message / thread? IMHO: History happened. (Some) People will remember (some) details (for a while). Removing evidence of them does not mean that history did not happen. - People seem happy with the system default logs as long as we can audit access to the logs (which we are able to as there is little access to the boxes themselves). Please forgive me for questioning if all of your bases are covered. Are #5 and #6 accounted for? What about #4 downstream? Or something like the NSA's PRISM program. - Likely that I will have to move the lists to a host the charities control themselves and a separate host for each charity. This will increase costs so we may need to look at an alternative solution like a hosted list service as I am not setting myself up as a list hosting business. I understand why you say this. But to me this is an unacceptable solution. It certainly will not scale. I fell like there should be a GDPR counterpart of reasonable level of effort in good faith. — I.e. redacting things in existing files and stating that backups are expunged after X number of days. — I'm perfectly fine responding to someone saying "I've REDACTED you from live files, and old backups will automatically expunge…" in a short time frame after the ""amnesia request. Yet knowing that I can't mark something as completely resolved until after the backups do expunge. I'm not quite sure what to do in a situation of a litigation hold that suspends expunging of
Re: [Mailman-Users] [Mailman-cabal] GDPR
"Stephen J. Turnbull" wrote Sun, 13 May 2018 05:39:27 +0900 > Dimitri Maziuk writes: > > On 05/11/2018 04:55 PM, Julian H. Stacey wrote: > > ... > > > > I think the basic inconvenient truth is nobody's going to come after you > > unless you have money to pay the settlement. > > I think the basic inconvenient truth is that *some*body *will* come It could have been clearer to have omitted my name Julian S. from above, as I did not write any quoted text as such. No direct text from me, just a later 6 word contraction from my Message-id: <201805112155.w4blt2cw082...@fire.js.berklix.net> smaller lists, run Free by Unpaid volunteers to Dimitri M.'s Message-id: <49946b69-1e3a-63cb-b497-663e12e87...@bmrb.wisc.edu> "smaller lists run by Unpaid Volunteers" to Stephen T's > I expect the impact on "smaller lists run by Unpaid Volunteers" to Cheers, Julian -- Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU. UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3. Petition for votes: http://berklix.eu/queen/ -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/12/2018 03:35 PM, Bernd Petrovitsch wrote: Well, it's the very nature of an archive that everything stays there (similar to a backup). Yes. But I believe that GDPR has implications on expunging things from archives / backups too. Not doing so is not within the spirit of forgetting someone. The other aspect of a mailing list archive is that one can find it and may want to ask the original author something about the issue there. Yes. IMHO that's one of the wonderful things about public email archives. On the other hand deleting the mail address (on the mail server side by the author) also kills that communication line. I would rather have a GDPRed (read: anonymized) copy of a message than no message at all. Consider if you will, someone publishing a How To for something quite rare, including all the necessary steps and minutia. Then they subsequently leverage GDPR to be forgotten. Would you want their how to to be removed (possibly taking the only / best source of said information with it) or simply anonymized so that it no longer reflects the sender? I personally would STRONGLY prefer the latter. The former causes destruction / loss of usable information that is not related to the sender. One other thing: And if someone (as a current or former mailing list member) has the right to get the email address, name and signature removed in one mail, does the mailing list admin has the right to delete *all* the instances or only the actively requested/mentioned ones? And what about other mail addresses of the same person? My understanding of (the pertinent part of) the spirit of is that the person has the right to be forgotten. Thus, I would think that any and all references to the person would need to be modified so that the person is forgotten. So I do believe that means that the mailing list admin would have the obligation to modify all instances of the requester in the archive. Now, this brings up a question: Is the mailing list administrator also responsible for my private archive of messages that I received while subscribed to a mailing list they administer? Does anyone know how the "blockckain is the solution to everything" faction handles these issues? It's not that they can ignore that either - if only to discuss the question how personal the wallet address (or whatever it is called) is. First, IMHO blockchain is NOT the solution to everything. It is a technique that happens to be a buzzword. Further, blockchain is specifically designed to detect modification. What is done when something is detected is likely implementation dependent. Remember that blockchain is a LOT more than just crypto currency. Crypto currency happens to be a heavy user of blockchain because it is possible to detect modifications. Blockchain can be used for a LOT of other things. I've heard references to using it for system logs as a way to prove that logs have not been modified after the fact. Or at least detect if they have been modified. My understanding is that blockchain is meant to make the historical portion of what it's used for be immutable. (Or detectable.) Or can we kill the whole problem by using a blockchain for a mailinglist archive archive? I think using blockchain for mailing list archives would be the wrong way to go. 1) We have no motivation (problem that needs to be fixed) to migrate away from what's been used for decades. 2) Moving to blockchain would be seen as an attempt to avoid GDPR. 3) The attempt would quite likely fail in and of itself. 4) The bad motivation would be known (see #1) and as such, invalidate any attempt to migrate to blockchain for mailing list archives. 5) We would still need to have a way to delete things. 6) We would likely get into trouble with GDPR for going out of our way to snub our faces at GDPR. I think most uses of blockchain are bogus and I'm ready for the buzz word to go away. I mentioned it because GDPR and blockchain are sort of antipodes when it comes to the right to be forgotten. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Hi all! On 12/05/18 22:48, Grant Taylor via Mailman-Users wrote: > On 05/12/2018 02:39 PM, Stephen J. Turnbull wrote: >> It would be a much more annoying matter if they claimed the right to >> be deleted from third party posts that quoted and identified them, >> though. If there is a "right to be forgotten" that impinges on mailing >> list archives, that seems plausible to me, though who knows what the Well, it's the very nature of an archive that everything stays there (similar to a backup). >> High Court would rule. > > I wonder if the entire post (and any partial / quoted copies) must be > deleted or if it is sufficient to modify them so that they do not > reflect the author but still retain (non-PII) content. That would be The other aspect of a mailing list archive is that one can find it and may want to ask the original author something about the issue there. On the other hand deleting the mail address (on the mail server side by the author) also kills that communication line. One other thing: And if someone (as a current or former mailing list member) has the right to get the email address, name and signature removed in one mail, does the mailing list admin has the right to delete *all* the instances or only the actively requested/mentioned ones? And what about other mail addresses of the same person? > less of a negative impact on archives. > > God forbid if blockchain was used on the archive. }:-) Does anyone know how the "blockckain is the solution to everything" faction handles these issues? It's not that they can ignore that either - if only to discuss the question how personal the wallet address (or whatever it is called) is. Or can we kill the whole problem by using a blockchain for a mailinglist archive archive? MfG, Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/12/2018 03:39 PM, Stephen J. Turnbull wrote: > I think the basic inconvenient truth is that *some*body *will* come > after *some*body else on the basis that they *might* have enough money > to pay a settlement, or just to make "the responding party's" life > hell. Possibly. Also an asteroid size of Texas will hit the Caribbean at some point in this planet's lifetime and I don't believe I should start building an asteroid-killing Death Star just yet either. And besides, I strongly suspect that all the legalese one can write for the mailman's starting page will have a little unguarded duct in it leading all the way to the soft chewy core and... KABOOM! I.e. I'm talking the cure worse than the disease. Especially when there are no observable symptoms yet. -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu signature.asc Description: OpenPGP digital signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/12/2018 02:39 PM, Stephen J. Turnbull wrote: It would be a much more annoying matter if they claimed the right to be deleted from third party posts that quoted and identified them, though. If there is a "right to be forgotten" that impinges on mailing list archives, that seems plausible to me, though who knows what the High Court would rule. I wonder if the entire post (and any partial / quoted copies) must be deleted or if it is sufficient to modify them so that they do not reflect the author but still retain (non-PII) content. That would be less of a negative impact on archives. God forbid if blockchain was used on the archive. }:-) -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Julian H. Stacey writes: > Best action for least effort, IMO is first someone to agree to > commit a big default legal disclaimer in the Mailman source > distribution, as a This isn't going to happen if I have anything to say about it. (I may not have all that much to say about it! :-) As far as I can see that would be tantamount to giving legal advice, even if hedged with IANAL TINLA. And it would almost certainly be wrong for many sites. At the very least I would oppose it without opinion of two real lawyers (one from the US where we have some money that could be taken from us and most of our devs live for the TINLA issue, and one from the EU for GDPR interpretation), which I don't think we can afford. [There used to be 60-some lines of suggestion here, which just reinforces my estimate that we cannot afford enough real legal advice to make such a boilerplate disclaimer safe for publication in the distribution.] Counterproposal: we make a wiki page that people can update, with suggested text *and citations to "authorities"* (or real authorities, where possible) explaining the use cases and limitations of those EULA clauses. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Dimitri Maziuk writes: > On 05/11/2018 04:55 PM, Julian H. Stacey wrote: > ... > > I think the basic inconvenient truth is nobody's going to come after you > unless you have money to pay the settlement. I think the basic inconvenient truth is that *some*body *will* come after *some*body else on the basis that they *might* have enough money to pay a settlement, or just to make "the responding party's" life hell. I know several people that's happened to in the US, and one in the EU (where things are reputed to be more civilized, but that doesn't mean risk is zero). > I expect the impact on "smaller lists run by Unpaid Volunteers" to > be about on par with that of the right to be forgotten. How many > people here had to delete messages and rebuild the archives because > of it? And besides, I've done that a few times cleaning up spam > that got past the filters -- it's not *that* hard. It would be a much more annoying matter if they claimed the right to be deleted from third party posts that quoted and identified them, though. If there is a "right to be forgotten" that impinges on mailing list archives, that seems plausible to me, though who knows what the High Court would rule. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Dimitri Maziuk wrote: > On 05/11/2018 04:55 PM, Julian H. Stacey wrote: > I think the basic inconvenient truth is nobody's going to come after you > unless you have money to pay the settlement. Not `Nobody' but `Very few' & then a major pain best pre-deterred. Most volunteer unpaid admins not working for employers, have no employer protection, but will still have personal savings they wouldnt want at risk. The attention to GDPR in an increasingly litigous world will encourage more complainers & more ambulance chasing lawyers looking for jobs. There's also the occasional looney that's really malicious: (eg back running majordomo, I saw a few swine report a whole domain as a spammer, as they were too lazy to learn to unsubscribe themselves, they also emitted all sorts of time wasting annoying threats, best warn people before they start ) A generic in distribution + site supplemental link to an empty dummy would be well worth the few hours it would take to write. We could start drafting our own under various http://mailman.YOUR-DOMAIN/mailman/listinfo#legal & share URLs & ides here, then someone could merge for distribution ? > I expect the impact on > "smaller lists run by Unpaid Volunteers" to be about on par with that of > the right to be forgotten. How many people here had to delete messages > and rebuild the archives because of it? Not me yet, I want to deter users from wasting admin time requesting anything. > And besides, I've done that a few times cleaning up spam that got past > the filters -- it's not *that* hard. Good. Cheers, Julian -- Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU. UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3. Petition for votes: http://berklix.eu/queen/ -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/11/2018 04:55 PM, Julian H. Stacey wrote: ... I think the basic inconvenient truth is nobody's going to come after you unless you have money to pay the settlement. I expect the impact on "smaller lists run by Unpaid Volunteers" to be about on par with that of the right to be forgotten. How many people here had to delete messages and rebuild the archives because of it? And besides, I've done that a few times cleaning up spam that got past the filters -- it's not *that* hard. -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu signature.asc Description: OpenPGP digital signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Alain D D Williams wrote: > On Sat, May 12, 2018 at 01:06:15AM +0900, Stephen J. Turnbull wrote: > > I hate to disagree with everybody, but ... > > > > We need to get an articulare European lawyer, or at least find someone > > who has studied the subject. If you or employer have money & time for that, do share results of - paying a lawyer to read those 88 EU pages, & answering questions - paying a programmer for development time for patches to Mailman. Maybe other major users of Mailman might afford to share costs. I won't. It's just EU law so far, but laws & interpretations vary by time & geography, This list is global, 191 countries in https://en.wikipedia.org/wiki/List_of_sovereign_states Best action for least effort, IMO is first someone to agree to commit a big default legal disclaimer in the Mailman source distribution, as a seperate localy served clickable link from top of http://mailman.YOUR-DOMAIN/mailman/listinfo That default Legal page would include a further clickable link to a dummy page for site local extra legal waffle. Once that's agreed t would be worth some of us workng on content. My suggestion, approx: Generic Preamble: Why Mailman Rules Are Necessary & Mandatory To All Users While Big [Anti-]Social Web providers, may get enough advertising revenue to employ people to deal with various legal pains ... Many Mailman sites have smaller lists, run Free by Unpaid volunteers with No free time for boring, annoyiny, risky legal hastles wasting their of time, (eg: logging & adjudcating internal or external complainers, users & authorities, discipling posters, editing archives, etc). Many Mailman sites & list admins would rather close down their free service rather than have their time forcibly wasted unpaid to provide & host free levels of "service" & abuse control, that users might be accustomed to have provided on larger commercial )often advert paid) [Anti-]Social web sites, (as first targeted by regulators etc). Some issues one might then cover in the generic, or leave to local site: eg: Those from previous posters to this thread + Liability Copyright Secrecy Security Posting means irrevocable publishing No right to use lists if you waste unpaid admins time. Incitement to this & that Right to inform authorities Non obligation of admins to have to waste time monitoring/ censoring etc. Anti hate crime/ adjitation laws V. free speach (eg As considered in Germany, reported in: Economist Jan 13-19th 2018 Page 21 "Freedom & its discontents") site owner doesnt necessarily agree views of archived posters etc Policy if members of a by default private archived list vote to make their archive public ? What if someone had posted, archived, then left list, sees it public, & now objects ? ) How to even technicaly & legaly establish objector is same person (or their rep. or inheritor or purchaser of copyright of initial postera or litigant against poster, or recipient of court order against poster ? Local server operator & global Mailman org disclaim liability, & no insurance to tempt lawyesr to sue (another can of worms ;-) Optionaly & asynchronously while some are drafting a generic legal page: A python programmer (or HTML editor, depending where) could add a switch so new users had to agree before joining list[s]. Whether switch should be per list or global, to be decided by who does the work. Switch might be a null string, updated to latest date when terms agreed. ? Cheers, Julian -- Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU. UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3. Petition for votes: http://berklix.eu/queen/ -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On Sat, May 12, 2018 at 01:06:15AM +0900, Stephen J. Turnbull wrote: > I hate to disagree with everybody, but ... > > We need to get an articulare European lawyer, or at least find someone > who has studied the subject. I don't know the credentials of anyone > who has posted on this list, so I would be careful. There was a post > a few months back listing a bunch of stuff that person claimed we > needed to support for our users (ie, list owners) to be able to > conform to GDPR. (Sorry, on a plane right now, search is painful.) > I have no idea if that person was clueful, but I suspect he was a > privacy activist and so would be biased toward stringent > interpretation. Still that post is where I'd start. > > On the FUD end of the spectrum, there are claims that the IPs in your > webserver log are subject to redaction on request. There are > counterclaims that that is FUD. ;-) [ first: IANAL ] It is FUD. Yes, you could argue that an IP address is a form of 'personal information' (PI), in that it might identify someone. But you are allowed to keep such information for the purposes of debugging server problems, tracking down attempted break ins, etc. So you can keep the logs for a reasonable time to allow you to do that. How long: the default log recycling times (eg a few weeks to a couple of months) would be reasonable. Some have suggested 2 days - but it is easy to justify that that is not long enough since many problems do not become known for some time. One confusion is that the GDPR does not prevent you keeping PI (eg as above), but there are strictures on *processing* it, eg with the purpose of sending spam. *processing* it to trace a break in would be allowed - you are not seeking to identify or act on the individual -- unless s/he was the reprobate who attacked your machine. A huge number of organisations are now seeking reaffirmation that you want to receive email from them, this is because they do not have adequate documentation that you want to receive email. My view is that the mailman log files show when a user requested to join a mail list (eg the subscribe file); if they asked to be subscribed and someone else did it, then the email/signup-form should be kept. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ > I don't know the credentials of > either claimant. It is my understanding that you may need to remove > posts from archives on request. AFAIK neither Mailman 2 nor Mailman 3 > supports that in the sense of making it possible to do it without > editing the archives by hand (and in Mailman 2's case, rebuilding the > archives), which requires login access to the host. There is a right to be forgotten https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ > There are also claims that if you don't profit from the data stored in > your host's records, you're safe. Some people have posted "all posts > yours are automatically permanently ours" rules of usage -- but I > don't think EU law necessarily allows that, because GDPR rights may > very well be inalienable "creator's rights". I have no way to > evaluate these claims, but at the very least you have to worry about > frivolous claims (insert Michael Cohen/Rudy Guiliani joke here). > > Footnotes: > [1] If someone reading this thinks they know GDPR well enough to (1) > present basic concepts and risks (while liberally sprinkling IANALs and > TINLAs around) and IANAL > (2) point people at real lawyer blogs, But beware: there is a mini-industry of people who try to worry organisations and seek to advise you (at a fee - of course). -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/contact.php #include -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org