Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On Wed, Oct 23, 2013 at 4:24 PM, Michelle Paulson mpaul...@wikimedia.org wrote: Hi All, I wanted to let you know that I have posted a responsehttps://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_information_policy#Rethinking_the_access_policy:_Response_to_recent_feedbackto the recent feedback we have received and very much look forward to hearing your thoughts on the ideas proposed. I also wanted to thank you all for the feedback over the past week and a half. It really helped us understand your concerns and go back to the drawing board -- this discussion has really reemphasized the value of community consultations periods to me. In the end, we want to do what works for the community and the movement. Best, Michelle Hi guys, In addition to the continuing discussion Michelle started above on whether we should check ID or not the legal team has also started responding with thoughts and some options on other suggestions and questions (such as retention time and keeping the data instead of the id). In all of these they’ve asked for thoughts if you haven’t checked the page since early/mid last week it would be great if you could check it again to weigh in. They will also be continuing to respond to unanswered questions and concerns so please don’t think your specific concern is being ignored. We have also reached out to all OTRS agents to make sure they are aware of a discussion on whether they should be included in the policy (currently only OTRS admins are). That conversation is ongoing at https://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_information_policy#OTRS_volunteers and could, again, use more comments whether you’re a member of OTRS or not. James James Alexander Legal and Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Hi George - I can tell you that I was in the room as this was being discussed today. I'm fairly sure that Michelle is going to be following up on this question shortly. It wasn't being ignored - we are just in that territory where lawyers like to be certain that when they answer clarifying queries like yours, they aren't accidentally muddying the waters further. More soon. pb — Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc On Oct 25, 2013, at 9:19 PM, George Herbert george.herb...@gmail.com wrote: Again I ask: Can the WMF either publicly or privately provide enough detailed assurance as to the digital medium storage plan for these IDs? This is or should be a no-go for requiring IDs (or at least allowing them to be transferred that way). I would be happy to contribute a free independent security audit to a plan, if there is a detailed plan to audit. And do so under confidentiality agreement if you need that, as long as you let me share a non-exploitable summary with the community... On Wed, Oct 23, 2013 at 4:21 PM, George Herbert george.herb...@gmail.comwrote: Going back to the 2011 discussions on otrs lists, a flag was raised that challenged whether the WMF had sufficiently secure servers to host copies of ID documents that might be electronically submitted, including sufficient firewalling and/or airgapping, internal access controls, etc. My impression was that once that was raised as a detailed concern, the push died off rapidly, but I may be misremembering. Let me now ask - Can the WMF either publicly or privately (I live in the SF Bay Area and can come over and talk) provide enough detailed assurance as to the digital medium storage plan for these IDs? This is enough data for someone to do an identity theft with. The physical handling is relatively easy to ensure is proper (locked cabinet or the like requires a physical office intrusion). The electronic... On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 rschen7754.w...@gmail.comwrote: Speaking for myself, I have no problems with the overall idea, and I doubt that a lot of the others who have signed the petition do either. The problem is in the details of how it is implemented, and that appropriate safeguards are not written into place to protect the privacy and legal rights of those who (re)identify. I know some European users have raised concerns about how the overall policy does not work for them and/or would cause them to break the law. I don't believe that they should have to stand alone. Thanks, Rschen7754 rschen7754.w...@gmail.com On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier m...@uberbox.org wrote: On 10/23/2013 07:01 PM, Newyorkbrad wrote: (I myself can think of one and only one, but am curious if there are others.) I can also think of exactly one off the cuff (and it is almost certainly the same); but I can think of a couple of scenarios where the dissuasive effect alone might have made a difference. But my understanding is that this is prompted by a more serious focus on accountability than over any particular incident. -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- -george william herbert george.herb...@gmail.com -- -george william herbert george.herb...@gmail.com ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Ok. As long as it wasn't missed, in all the other topics. Thanks, I will be patient. On Fri, Oct 25, 2013 at 11:10 PM, Philippe Beaudette pbeaude...@wikimedia.org wrote: Hi George - I can tell you that I was in the room as this was being discussed today. I'm fairly sure that Michelle is going to be following up on this question shortly. It wasn't being ignored - we are just in that territory where lawyers like to be certain that when they answer clarifying queries like yours, they aren't accidentally muddying the waters further. More soon. pb — Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc On Oct 25, 2013, at 9:19 PM, George Herbert george.herb...@gmail.com wrote: Again I ask: Can the WMF either publicly or privately provide enough detailed assurance as to the digital medium storage plan for these IDs? This is or should be a no-go for requiring IDs (or at least allowing them to be transferred that way). I would be happy to contribute a free independent security audit to a plan, if there is a detailed plan to audit. And do so under confidentiality agreement if you need that, as long as you let me share a non-exploitable summary with the community... On Wed, Oct 23, 2013 at 4:21 PM, George Herbert george.herb...@gmail.comwrote: Going back to the 2011 discussions on otrs lists, a flag was raised that challenged whether the WMF had sufficiently secure servers to host copies of ID documents that might be electronically submitted, including sufficient firewalling and/or airgapping, internal access controls, etc. My impression was that once that was raised as a detailed concern, the push died off rapidly, but I may be misremembering. Let me now ask - Can the WMF either publicly or privately (I live in the SF Bay Area and can come over and talk) provide enough detailed assurance as to the digital medium storage plan for these IDs? This is enough data for someone to do an identity theft with. The physical handling is relatively easy to ensure is proper (locked cabinet or the like requires a physical office intrusion). The electronic... On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 rschen7754.w...@gmail.com wrote: Speaking for myself, I have no problems with the overall idea, and I doubt that a lot of the others who have signed the petition do either. The problem is in the details of how it is implemented, and that appropriate safeguards are not written into place to protect the privacy and legal rights of those who (re)identify. I know some European users have raised concerns about how the overall policy does not work for them and/or would cause them to break the law. I don't believe that they should have to stand alone. Thanks, Rschen7754 rschen7754.w...@gmail.com On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier m...@uberbox.org wrote: On 10/23/2013 07:01 PM, Newyorkbrad wrote: (I myself can think of one and only one, but am curious if there are others.) I can also think of exactly one off the cuff (and it is almost certainly the same); but I can think of a couple of scenarios where the dissuasive effect alone might have made a difference. But my understanding is that this is prompted by a more serious focus on accountability than over any particular incident. -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l , mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- -george william herbert george.herb...@gmail.com -- -george william herbert george.herb...@gmail.com ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- -george william herbert george.herb...@gmail.com ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
As for I, I have totally given up with the idea of preservation of confidential data when the US are somehow involved (if the NSA is already involved in recording German president phone conversations or French diplomatic department communications, who are we to hope that our every steps can be private anyway ?). My trust in WMF ability to provide security to our private information also dramatically dropped with the password leak a couple of months ago. So what are the risks left ? I see mostly three main ones 1) that a digital version of my passport get in the hands of scammers. We know some of the risks associated to this, one of which being identity theft. Collection of a bunch of private data (name, email, phone number, postal address...) is one thing. Preservation of official identity paper is another. I think that's a non-acceptable risk. 2) that WMF disclose private information about us (OTRS member for example) volunteers to other volunteers, who may not even be identified in the least (as in arbitration committee members). Main risk associated imho would go from mild online bullying to severe irl mishandling. I have very acute memory of this sick person sending me emails threatening my life and the life of my own kids when I was Chair of WMF. I was happy he was in the USA and me in France. I was not happy he knew of my postal address. And I was scared when I met him at the WMF doors irl. Disclosing private information about us to a lawyer or a policeman is one thing. Disclosing private information about us to an unknown wikimedia member not bound by similar rules related to private data is unacceptable. 3) last, that WMF disclose private information about us without having the obligation to inform us it did so. The draft proposes that The Wikimedia Foundation will not share submitted materials with third parties, unless such disclosure is (A) permitted by a non-disclosure agreement approved by the Wikimedia Foundation’s legal department; (B) required by law; (C) needed to protect against immediate threat to life or limb; or (D) needed to protect the rights, property, or safety of the Wikimedia Foundation, its employees, or contractors. This is vague enough that it may happen that our private data is disclosed to about whoever (who will access our private data thanks to this permitted by a non-disclosure agreement approved by the Wikimedia Foundation’s legal department ???), possibly without us knowing. Consequences may be various (being citing in a legal case without even knowning; having personal information disclosed to spammers or scammers; being sued by an unhappy customer after we failed to fix his case on otrs etc.) A good part of benefit of this agreement would be that covered person better feel accountable. I think a fitting balance would be that WMF agree to mandatorily inform ANY covered person WHEN and to WHOM his/her information has been disclosed. Florence On 10/26/13 8:20 AM, George Herbert wrote: Ok. As long as it wasn't missed, in all the other topics. Thanks, I will be patient. On Fri, Oct 25, 2013 at 11:10 PM, Philippe Beaudette pbeaude...@wikimedia.org wrote: Hi George - I can tell you that I was in the room as this was being discussed today. I'm fairly sure that Michelle is going to be following up on this question shortly. It wasn't being ignored - we are just in that territory where lawyers like to be certain that when they answer clarifying queries like yours, they aren't accidentally muddying the waters further. More soon. pb — Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc On Oct 25, 2013, at 9:19 PM, George Herbert george.herb...@gmail.com wrote: Again I ask: Can the WMF either publicly or privately provide enough detailed assurance as to the digital medium storage plan for these IDs? This is or should be a no-go for requiring IDs (or at least allowing them to be transferred that way). I would be happy to contribute a free independent security audit to a plan, if there is a detailed plan to audit. And do so under confidentiality agreement if you need that, as long as you let me share a non-exploitable summary with the community... On Wed, Oct 23, 2013 at 4:21 PM, George Herbert george.herb...@gmail.comwrote: Going back to the 2011 discussions on otrs lists, a flag was raised that challenged whether the WMF had sufficiently secure servers to host copies of ID documents that might be electronically submitted, including sufficient firewalling and/or airgapping, internal access controls, etc. My impression was that once that was raised as a detailed concern, the push died off rapidly, but I may be misremembering. Let me now ask - Can the WMF either publicly or privately (I live in the SF Bay Area and can come over and talk) provide enough detailed assurance as to the digital medium storage plan for these IDs? This is enough data for someone to do an
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On 10/26/2013 10:00 AM, Florence Devouard wrote: 2) that WMF disclose private information about us (OTRS member for example) volunteers to other volunteers, who may not even be identified in the least (as in arbitration committee members) The members of the English Wikipedia Arbcom, at least, are all identified. -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On Sat, Oct 26, 2013 at 10:00 AM, Florence Devouard anthe...@yahoo.comwrote: As for I, I have totally given up with the idea of preservation of confidential data when the US are somehow involved (if the NSA is already involved in recording German president phone conversations or French diplomatic department communications, who are we to hope that our every steps can be private anyway ?). This bit is extraneous and unnecessary because (a) no one is asking the WMF to hide details from the NSA, who let's agree couldn't care less about that bit of data and (b) anything the NSA is capturing in Germany or France was already quite certainly being captured by the governments of Germany and France (or really, both). That said, I agree with your three main points and think the WMF legal team should consider them very strongly as they bring their failed policy proposal back to the drawing board. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On 10/26/13 5:37 PM, Nathan wrote: On Sat, Oct 26, 2013 at 10:00 AM, Florence Devouard anthe...@yahoo.comwrote: As for I, I have totally given up with the idea of preservation of confidential data when the US are somehow involved (if the NSA is already involved in recording German president phone conversations or French diplomatic department communications, who are we to hope that our every steps can be private anyway ?). This bit is extraneous and unnecessary because (a) no one is asking the WMF to hide details from the NSA, who let's agree couldn't care less about that bit of data and (b) anything the NSA is capturing in Germany or France was already quite certainly being captured by the governments of Germany and France (or really, both). At 45, I am still perhaps very innocent about my gov. But really, I do not think the French gov is recording Ms Merkel. If only because they very likely do not have the tech means to do so ;) Still, I disagree with you that the bit is extraneous. The thing is that most Europeans were really very shocked to read all that stuff about the NSA in the past few months. People are probably more sensitive about their private data than they were a couple of days ago because that was the opportunity for much talk on the general subject in the past few months (which data is recorded, by who, what for and so on). Flo That said, I agree with your three main points and think the WMF legal team should consider them very strongly as they bring their failed policy proposal back to the drawing board. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Again I ask: Can the WMF either publicly or privately provide enough detailed assurance as to the digital medium storage plan for these IDs? This is or should be a no-go for requiring IDs (or at least allowing them to be transferred that way). I would be happy to contribute a free independent security audit to a plan, if there is a detailed plan to audit. And do so under confidentiality agreement if you need that, as long as you let me share a non-exploitable summary with the community... On Wed, Oct 23, 2013 at 4:21 PM, George Herbert george.herb...@gmail.comwrote: Going back to the 2011 discussions on otrs lists, a flag was raised that challenged whether the WMF had sufficiently secure servers to host copies of ID documents that might be electronically submitted, including sufficient firewalling and/or airgapping, internal access controls, etc. My impression was that once that was raised as a detailed concern, the push died off rapidly, but I may be misremembering. Let me now ask - Can the WMF either publicly or privately (I live in the SF Bay Area and can come over and talk) provide enough detailed assurance as to the digital medium storage plan for these IDs? This is enough data for someone to do an identity theft with. The physical handling is relatively easy to ensure is proper (locked cabinet or the like requires a physical office intrusion). The electronic... On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 rschen7754.w...@gmail.comwrote: Speaking for myself, I have no problems with the overall idea, and I doubt that a lot of the others who have signed the petition do either. The problem is in the details of how it is implemented, and that appropriate safeguards are not written into place to protect the privacy and legal rights of those who (re)identify. I know some European users have raised concerns about how the overall policy does not work for them and/or would cause them to break the law. I don't believe that they should have to stand alone. Thanks, Rschen7754 rschen7754.w...@gmail.com On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier m...@uberbox.org wrote: On 10/23/2013 07:01 PM, Newyorkbrad wrote: (I myself can think of one and only one, but am curious if there are others.) I can also think of exactly one off the cuff (and it is almost certainly the same); but I can think of a couple of scenarios where the dissuasive effect alone might have made a difference. But my understanding is that this is prompted by a more serious focus on accountability than over any particular incident. -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- -george william herbert george.herb...@gmail.com -- -george william herbert george.herb...@gmail.com ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
MZMcBride, 24/10/2013 05:47: Marc A. Pelletier wrote: Seriously, however, I can understand why some current holders of rights might have reservations about a policy that tightens greatly how private information is handled and how much vetting is done on who does the handling; but that tightening does very much need to take place. Says who? I've been trying to get a clear answer to this question for the past few days. Seconded. The last message by legals on the talk page doesn't address this root issue. The access to non-public info policy is the Board's creation and the Board's prerogative. Is the Board interested in updating this policy? If not, then politely: why are we having this conversation? If so, why and in what ways would the Board like to see the policy updated? Apparently, legals say that the current policy is too flexible for the board to have really meant approving it, so of course the board will like to change his mind and make it much stricter, while if one wanted to keep it as flexible as it is now one would need the board to change his mind. Hmm. Nemo ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
... Apparently, legals say that the current policy is too flexible for the board to have really meant approving it, so of course the board will like to change his mind and make it much stricter, while if one wanted to keep it as flexible as it is now one would need the board to change his mind. Hmm. Nemo Without an explanation of why this was an issue or a priority legal matter, it seems perfectly reasonable to fill in the gaps with wild fantasy and speculation. I rather like the idea that someone in the WMF legal team read something about privacy on their top of the range internet tablet, while drinking freshly ground top of the range coffee, and as it was an otherwise dull day on the subpoena front, decided to give this policy a poke to see the ants scurry about. It certainly seems to have kept many volunteers busy this week. Fae -- fae...@gmail.com http://j.mp/faewm ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On 10/24/2013 09:37 AM, Risker wrote: Wow, Fae. Justwow. I think Fae was being highly ironic there. -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On Thu, Oct 24, 2013 at 10:01 AM, Marc A. Pelletier m...@uberbox.org wrote: On 10/24/2013 09:37 AM, Risker wrote: Wow, Fae. Justwow. I think Fae was being highly ironic there. If so, I think we just ran into Poe's law.[1] [1]: https://en.wikipedia.org/wiki/Poe%27s_law (of course) ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On 10/21/2013 08:13 PM, MZMcBride wrote: On a typical site, paid staff would deal with problematic users. The obvious, and perhaps a bit trite, answer would be that we are most certainly not a typical site by any meaning of the term. :-) Seriously, however, I can understand why some current holders of rights might have reservations about a policy that tightens greatly how private information is handled and how much vetting is done on who does the handling; but that tightening does very much need to take place. It's not clear to me what those people who have signed the petition think they can accomplish; those new rules (perhaps altered through feedback) will need to be installed eventually, but nobody is obliged to abide them if they do not feel comfortable doing so; being a steward, oversighter or checkuser is not something one is forced into doing. If they prefer not to proceed with the new system, they don't actually need to resign. As a volunteer, I'd *much* rather those functions be held by active members of the community than by staff; and as long as there remains sufficient volunteers to do the job, then this is what should happen. (We'd probably get more people willing to step forward if we stopped - collectively - heaping so much crap on the heads of functionaries; but that's a different issue). -- Coren / Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Although I personally didn't consider identifying to be onerous, I've never thought the entire identification requirement and process were necessary, since nothing is ever done with the identification data. Can anyone think of a situation that would have been handled differently if the proposed policy had been in place at the relevant time? (I myself can think of one and only one, but am curious if there are others.) Newyorkbrad On Wed, Oct 23, 2013 at 6:45 PM, Marc A. Pelletier m...@uberbox.org wrote: On 10/21/2013 08:13 PM, MZMcBride wrote: On a typical site, paid staff would deal with problematic users. The obvious, and perhaps a bit trite, answer would be that we are most certainly not a typical site by any meaning of the term. :-) Seriously, however, I can understand why some current holders of rights might have reservations about a policy that tightens greatly how private information is handled and how much vetting is done on who does the handling; but that tightening does very much need to take place. It's not clear to me what those people who have signed the petition think they can accomplish; those new rules (perhaps altered through feedback) will need to be installed eventually, but nobody is obliged to abide them if they do not feel comfortable doing so; being a steward, oversighter or checkuser is not something one is forced into doing. If they prefer not to proceed with the new system, they don't actually need to resign. As a volunteer, I'd *much* rather those functions be held by active members of the community than by staff; and as long as there remains sufficient volunteers to do the job, then this is what should happen. (We'd probably get more people willing to step forward if we stopped - collectively - heaping so much crap on the heads of functionaries; but that's a different issue). -- Coren / Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On 24 October 2013 00:07, Marc A. Pelletier m...@uberbox.org wrote: On 10/23/2013 07:01 PM, Newyorkbrad wrote: (I myself can think of one and only one, but am curious if there are others.) I can also think of exactly one off the cuff (and it is almost certainly the same); but I can think of a couple of scenarios where the dissuasive effect alone might have made a difference. But my understanding is that this is prompted by a more serious focus on accountability than over any particular incident. I'm thinking of a case, but I can't see how this would have dissuaded the individual in question, who was almost obsessive. - d. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
As far as The physical handling is relatively easy to ensure is proper, well... Considering that some of our less sane problematic users have, if I'm remembering correctly, shown up at the WMF office itself and would have loved to get their hands on the real-life documents of our advanced-privilege users, I'm not all that confident that *any *storage on the WMF premises, short of a vault, is adequate. When crazies go crazy about Wikipedia, they go *very *crazy, and breaking a padlock in an office isn't that outlandish for some of them. -Fluff On Wed, Oct 23, 2013 at 7:21 PM, George Herbert george.herb...@gmail.comwrote: Going back to the 2011 discussions on otrs lists, a flag was raised that challenged whether the WMF had sufficiently secure servers to host copies of ID documents that might be electronically submitted, including sufficient firewalling and/or airgapping, internal access controls, etc. My impression was that once that was raised as a detailed concern, the push died off rapidly, but I may be misremembering. Let me now ask - Can the WMF either publicly or privately (I live in the SF Bay Area and can come over and talk) provide enough detailed assurance as to the digital medium storage plan for these IDs? This is enough data for someone to do an identity theft with. The physical handling is relatively easy to ensure is proper (locked cabinet or the like requires a physical office intrusion). The electronic... On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 rschen7754.w...@gmail.com wrote: Speaking for myself, I have no problems with the overall idea, and I doubt that a lot of the others who have signed the petition do either. The problem is in the details of how it is implemented, and that appropriate safeguards are not written into place to protect the privacy and legal rights of those who (re)identify. I know some European users have raised concerns about how the overall policy does not work for them and/or would cause them to break the law. I don't believe that they should have to stand alone. Thanks, Rschen7754 rschen7754.w...@gmail.com On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier m...@uberbox.org wrote: On 10/23/2013 07:01 PM, Newyorkbrad wrote: (I myself can think of one and only one, but am curious if there are others.) I can also think of exactly one off the cuff (and it is almost certainly the same); but I can think of a couple of scenarios where the dissuasive effect alone might have made a difference. But my understanding is that this is prompted by a more serious focus on accountability than over any particular incident. -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- -george william herbert george.herb...@gmail.com ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Fluff- When crazies go crazy about Wikipedia, they go *very *crazy, and breaking a padlock in an office isn't that outlandish for some of them. It will not happen without staff being fully aware, and an intruder knowing which cabinet to break into without significant effort is extremely unlikely, would require either cooperation of an insider and/or office visits while acting considerably saner (at least; if not much more than that). Even if the risk is nonzero, the risk to me that it will happen secretly (as opposed to, X broke in but the SFPD arrested them with a handful of docs including your ID photocopies) is very low. I am much more worried about accidental unrecognized leaks of digital data. MUCH. On Wed, Oct 23, 2013 at 4:27 PM, Katherine Casey fluffernutter.w...@gmail.com wrote: As far as The physical handling is relatively easy to ensure is proper, well... Considering that some of our less sane problematic users have, if I'm remembering correctly, shown up at the WMF office itself and would have loved to get their hands on the real-life documents of our advanced-privilege users, I'm not all that confident that *any *storage on the WMF premises, short of a vault, is adequate. When crazies go crazy about Wikipedia, they go *very *crazy, and breaking a padlock in an office isn't that outlandish for some of them. -Fluff On Wed, Oct 23, 2013 at 7:21 PM, George Herbert george.herb...@gmail.com wrote: Going back to the 2011 discussions on otrs lists, a flag was raised that challenged whether the WMF had sufficiently secure servers to host copies of ID documents that might be electronically submitted, including sufficient firewalling and/or airgapping, internal access controls, etc. My impression was that once that was raised as a detailed concern, the push died off rapidly, but I may be misremembering. Let me now ask - Can the WMF either publicly or privately (I live in the SF Bay Area and can come over and talk) provide enough detailed assurance as to the digital medium storage plan for these IDs? This is enough data for someone to do an identity theft with. The physical handling is relatively easy to ensure is proper (locked cabinet or the like requires a physical office intrusion). The electronic... On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 rschen7754.w...@gmail.com wrote: Speaking for myself, I have no problems with the overall idea, and I doubt that a lot of the others who have signed the petition do either. The problem is in the details of how it is implemented, and that appropriate safeguards are not written into place to protect the privacy and legal rights of those who (re)identify. I know some European users have raised concerns about how the overall policy does not work for them and/or would cause them to break the law. I don't believe that they should have to stand alone. Thanks, Rschen7754 rschen7754.w...@gmail.com On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier m...@uberbox.org wrote: On 10/23/2013 07:01 PM, Newyorkbrad wrote: (I myself can think of one and only one, but am curious if there are others.) I can also think of exactly one off the cuff (and it is almost certainly the same); but I can think of a couple of scenarios where the dissuasive effect alone might have made a difference. But my understanding is that this is prompted by a more serious focus on accountability than over any particular incident. -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- -george william herbert george.herb...@gmail.com ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- -george william herbert george.herb...@gmail.com ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Marc A. Pelletier wrote: Seriously, however, I can understand why some current holders of rights might have reservations about a policy that tightens greatly how private information is handled and how much vetting is done on who does the handling; but that tightening does very much need to take place. Says who? I've been trying to get a clear answer to this question for the past few days. The access to non-public info policy is the Board's creation and the Board's prerogative. Is the Board interested in updating this policy? If not, then politely: why are we having this conversation? If so, why and in what ways would the Board like to see the policy updated? MZMcBride ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Tomasz W. Kozlowski wrote: The discussion is taking place at https://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_info_policy and I invite every interested person (with a special invitation to people holding advanced user rights on any Wikimedia wiki) to take an active part in it. This discussion... isn't going great. There's now a talk page section devoted to users signing a pledge that should the policy, as written, be enacted by the Board, they'll resign their advanced privileges (steward access, CheckUser access, etc.). It's up to eight signatories. Reading through some of the discussion, I have two questions for the Wikimedia Foundation Board (copied on this e-mail): * Is the Board interested in updating its 2007 access to nonpublic data policy? * Has there been any consideration of removing volunteers from these types of roles and relying solely on staff? On a typical site, paid staff would deal with problematic users. There's a lot of hoopla being put in place (confidentiality pledges, etc.) that would be much easier to implement if everyone with this type of access were simply paid staff members or contractors. (Though contractors can still leak, heh.) But this seems like a legitimate enough question in the context of the current discussion: should volunteers be filling these roles or should they be focused more purely on education content creation? MZMcBride ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Thanks for the notice about this discussion. I knew it was to be a part of the new privacy policy, but I wasn't aware of the talk page. On Mon, Oct 14, 2013 at 2:11 PM, Tomasz W. Kozlowski tom...@twkozlowski.net wrote: We already went through a similar discussion two and a half years ago, when the WMF planned to make all OTRS agents re-identify to them by sending a copy (or a scan) of their ID to a secure e-mail address (or by using another option provided). This isn't 100% correct. The idea was to have agents who had not already identified do so, since OTRS agents have access to a massive amount of non-public information. For those interested in the result, it was posting a public list of OTRS agent usernames on meta. There is no current requirement for agents to ID. not wearing OTRS admin hat, just sayin' -- ~Keegan https://en.wikipedia.org/wiki/User:Keegan ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On Tue, Oct 15, 2013 at 3:14 AM, Tomasz W. Kozlowski tom...@twkozlowski.net wrote: Keegan Peterzell wrote: This isn't 100% correct. �The idea was to have agents who had not already identified do so, since OTRS agents have access to a massive amount of non-public information. �For those interested in the result, it was posting a public list of OTRS agent usernames on meta. �There is no current requirement for agents to ID. Not really. The discussion on the OTRS wiki clearly states that the intention was for all OTRS volunteers to [be] identified just like CheckUsers, Oversights, and Stewards in accordance with the non-public data and privacy policies. which, at that time required people to satisfactorily identify themselves to the Foundation (and they still do), which in effect means that they need to send a copy of their ID to the WMF. The discussion, as I was clarifying, was about requiring agents that had not Identified to do so. There was no re-identifying require, which is th point that I was making. The posting of a public list of OTRS agents usernames was result of an entirely different discussion, which was only started in January 2013; the one I was referring to took place in February 2011 (and later on). The two are related. Both measures seek transparency, one to the WMF and one to the community. The fact that the community side has worked is interesting when there is pushback to private transparency. -- ~Keegan https://en.wikipedia.org/wiki/User:Keegan ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Keegan Peterzell wrote: The discussion, as I was clarifying, was about requiring agents that had not Identified to do so. There was no re-identifying require, which is th point that I was making. Oh yes, that's right. Thanks for the clarification, Keegan; I'm sorry about the confusion. The two are related. Both measures seek transparency, one to the WMF and one to the community. The fact that the community side has worked is interesting when there is pushback to private transparency. The community side, as you call it, has received its share of comments, criticism, and suggestions from OTRS volunteers when the issue was brought to their (our) attention. There have been many voices opposing the publication or at least concerned about the possible implications of the change, just as there are some voices expressing concerns about the apparent lack of details and deeper thought behind some parts of the policy. I don't think this is something new or interesting per se; people usually tend to ask tough questions when it comes to their privacy, and I can only hope we will be able to work out the details, and that the WMF will be able to respond to people's concerns. Tomasz ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Keegan Peterzell, 15/10/2013 10:24: The two are related. Both measures seek transparency, one to the WMF and one to the community. The fact that the community side has worked is interesting when there is pushback to private transparency. This is an interesting point, thanks for making it. I would never have considered the identification via private means something relating to transparency, but it's clear that – as you say – people are more likely to accept a transparency which benefits the public. Nemo ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
This is directed at the Wikimedia legal team, whom I have cc'd: Even though the pace of contributions to the discussion page of the policy has picked up in the last couple of days, no one from the legal team has commented in about a month. I think it would help the discussion if the legal team would engage while members of the community are also engaged, so that it is truly a discussion and not people talking past each other at different moments in time. Nathan ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Hi Nathan, My apologies for the delay. We will begin responding asap. -Michelle On Tue, Oct 15, 2013 at 9:33 AM, Nathan nawr...@gmail.com wrote: This is directed at the Wikimedia legal team, whom I have cc'd: Even though the pace of contributions to the discussion page of the policy has picked up in the last couple of days, no one from the legal team has commented in about a month. I think it would help the discussion if the legal team would engage while members of the community are also engaged, so that it is truly a discussion and not people talking past each other at different moments in time. Nathan -- Michelle Paulson Legal Counsel Wikimedia Foundation 149 New Montgomery Street, 6th Floor San Francisco, CA 94105 mpaul...@wikimedia.org 415.839.6885 ext. 6608 (Office) 415.882.0495 (Fax) NOTICE: *This message might have confidential or legally privileged information in it. If you have received this message by accident, please delete it and let us know about the mistake. For legal reasons, I may only serve as an attorney for the Wikimedia Foundation. This means I may not give legal advice to or serve as a lawyer for community members, volunteers, or staff members in their personal capacity.* ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
[Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Hi, I would like to bring your attention to yet another discussion that's currently taking place, namely the one about the new privacy policy, and the related access to non-public information policy. The privacy policy consultation is obviously important to all of us. but I'm personally more interested in the draft access to non-public information policy, which influences my daily work as an oversighter on Commons, and also the not-so-regular work as an OTRS agent. It seems that the Wikimedia Foundation is planning to require users with access to non-public information to re-identify to them, this time with the intention to retain copies of the submitted IDs, for as long as those users have access to such information, and additional three years. We already went through a similar discussion two and a half years ago, when the WMF planned to make all OTRS agents re-identify to them by sending a copy (or a scan) of their ID to a secure e-mail address (or by using another option provided). This time, the new requirements are going to concern /all/ users with access to non-public information (such as OTRS agents, checkusers, oversighters, and stewards), and their IDs are planned to be kept by the Foundation, something which was never required before. The discussion is taking place at https://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_information_policy and I invite every interested person (with a special invitation to people holding advanced user rights on any Wikimedia wiki) to take an active part in it. Thanks, Tomasz ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Thanks for the pointer, Tomasz. I made a couple of points I'll reiterate here: 1) Under Secure and Confidential Storage this is a sentence describing how the WMF will share / release the information submitted by volunteers. Part A allows the WMF to disclose the information to third parties with a WMF-approved non-disclosure agreement, without limitation. Part D allows it to disclose the information to third parties to protect the rights and property of the WMF, contractors and employees. Both of these parts need to be substantially tightened, in my opinion, to limit the purpose for which information is disclosed and the circumstances under which any recipient of the information can retain copies. 2) The policy really doesn't make an effort to justify the data retention. Data is retained for three years in case an Arbitration Committee (project undefined, no limitations expressed) needs to see it? Honestly, I'm struggling to understand why any ArbCom would need access to the preserved copy of a government issued ID to begin with. ArbComs are evidently on the need to know list for access to stored IDs? That's concerning. I think the policy needs to make a strong argument for why this type of data retention is necessary and useful, and it needs to consist of more than convenience for the WMF. 3) The process for data destruction is pretty weak. It doesn't mention anything about data that has been shared (nowhere in the document is it discussed how and in what form the data will be shared), the process it describes doesn't currently exist, and it relies on the actions of volunteers. Destroying data at the end of the retention period ought to be a WMF responsibility, assigned to an employee, and treated with the seriousness it deserves. Overall I don't know that the legal team has taken into account the likely reaction of European functionaries in particular; those countries have very popular, and very strict, rules and expectations around the use and retention of private information. Given the conditions set by all the surveillance revelations recently... I'd hate to see an exodus of advanced users on our non-English projects because of this policy. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
Federico Leva (Nemo) wrote: Just checking: considering that this is a rather limited set of users, I assume they've all been notified by the WMF via email or talk page about the discussion? You must be new here. Tomasz ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention
On 14 October 2013 16:39, Tomasz W. Kozlowski tom...@twkozlowski.netwrote: Federico Leva (Nemo) wrote: Just checking: considering that this is a rather limited set of users, I assume they've all been notified by the WMF via email or talk page about the discussion? You must be new here. That made me smile. :) In answer to Tomasz's question: Not unless they suddenly forgot my email address, and that of every other checkuser, oversighter, or steward that I know. I was well aware of the ongoing discussion of the revised draft privacy policy, and I was aware that there was *going* to be a discussion about access to non-public information; however, I was unaware that the latter discussion had started. Risker ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe