As for I, I have totally given up with the idea of preservation of
confidential data when the US are somehow involved (if the NSA is
already involved in recording German president phone conversations or
French diplomatic department communications, who are we to hope that our
every steps can be private anyway ?).
My trust in WMF ability to provide security to our private information
also dramatically dropped with the password leak a couple of months ago.
So what are the risks left ? I see mostly three main ones
1) that a digital version of my passport get in the hands of scammers.
We know some of the risks associated to this, one of which being
identity theft. Collection of a bunch of private data (name, email,
phone number, postal address...) is one thing. Preservation of official
identity paper is another.
I think that's a non-acceptable risk.
2) that WMF disclose private information about us (OTRS member for
example) volunteers to other volunteers, who may not even be identified
in the least (as in "arbitration committee members").
Main risk associated imho would go from mild online bullying to severe
irl mishandling. I have very acute memory of this sick person sending me
emails threatening my life and the life of my own kids when I was Chair
of WMF. I was happy he was in the USA and me in France. I was not happy
he knew of my postal address. And I was scared when I met him at the WMF
doors irl.
Disclosing private information about us to a lawyer or a policeman is
one thing. Disclosing private information about us to an "unknown"
wikimedia member not bound by similar rules related to private data is
unacceptable.
3) last, that WMF disclose private information about us without having
the obligation to inform us it did so.
The draft proposes that The Wikimedia Foundation will not share
submitted materials with third parties, unless such disclosure is (A)
permitted by a non-disclosure agreement approved by the Wikimedia
Foundation’s legal department; (B) required by law; (C) needed to
protect against immediate threat to life or limb; or (D) needed to
protect the rights, property, or safety of the Wikimedia Foundation, its
employees, or contractors.
This is vague enough that it may happen that our private data is
disclosed to about whoever (who will access our private data thanks to
this "permitted by a non-disclosure agreement approved by the Wikimedia
Foundation’s legal department" ???), possibly without us knowing.
Consequences may be various (being citing in a legal case without even
knowning; having personal information disclosed to spammers or scammers;
being sued by an "unhappy customer" after we failed to fix his case on
otrs etc.)
A good part of benefit of this agreement would be that covered person
better feel accountable.
I think a fitting balance would be that WMF agree to mandatorily inform
ANY covered person WHEN and to WHOM his/her information has been disclosed.
Florence
On 10/26/13 8:20 AM, George Herbert wrote:
Ok. As long as it wasn't missed, in all the other topics.
Thanks, I will be patient.
On Fri, Oct 25, 2013 at 11:10 PM, Philippe Beaudette <
pbeaude...@wikimedia.org> wrote:
Hi George -
I can tell you that I was in the room as this was being discussed
today. I'm fairly sure that Michelle is going to be following up on
this question shortly. It wasn't being ignored - we are just in that
territory where lawyers like to be certain that when they answer
clarifying queries like yours, they aren't accidentally muddying the
waters further. More soon.
pb
—————————
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc
On Oct 25, 2013, at 9:19 PM, George Herbert <george.herb...@gmail.com>
wrote:
Again I ask:
Can the WMF either publicly or privately provide enough detailed
assurance
as to the digital medium storage plan for these IDs?
This is or should be a no-go for requiring IDs (or at least allowing them
to be transferred that way).
I would be happy to contribute a free independent security audit to a
plan,
if there is a detailed plan to audit. And do so under confidentiality
agreement if you need that, as long as you let me share a non-exploitable
summary with the community...
On Wed, Oct 23, 2013 at 4:21 PM, George Herbert <
george.herb...@gmail.com>wrote:
Going back to the 2011 discussions on otrs lists, a flag was raised that
challenged whether the WMF had sufficiently secure servers to host
copies
of ID documents that might be electronically submitted, including
sufficient firewalling and/or airgapping, internal access controls, etc.
My impression was that once that was raised as a detailed concern, the
push died off rapidly, but I may be misremembering.
Let me now ask - Can the WMF either publicly or privately (I live in the
SF Bay Area and can come over and talk) provide enough detailed
assurance
as to the digital medium storage plan for these IDs?
This is enough data for someone to do an identity theft with. The
physical handling is relatively easy to ensure is proper (locked
cabinet or
the like requires a physical office intrusion). The electronic...
On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 <rschen7754.w...@gmail.com
wrote:
Speaking for myself, I have no problems with the overall idea, and I
doubt that a lot of the others who have signed the petition do either.
The problem is in the details of how it is implemented, and that
appropriate safeguards are not written into place to protect the
privacy
and legal rights of those who (re)identify. I know some European users
have
raised concerns about how the overall policy does not work for them
and/or
would cause them to break the law. I don't believe that they should
have to
stand alone.
Thanks,
Rschen7754
rschen7754.w...@gmail.com
On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier <m...@uberbox.org>
wrote:
On 10/23/2013 07:01 PM, Newyorkbrad wrote:
(I myself can
think of one and only one, but am curious if there are others.)
I can also think of exactly one off the cuff (and it is almost
certainly
the same); but I can think of a couple of scenarios where the
dissuasive
effect alone might have made a difference.
But my understanding is that this is prompted by a more serious focus
on
accountability than over any particular incident.
-- Marc
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
<mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
--
-george william herbert
george.herb...@gmail.com
--
-george william herbert
george.herb...@gmail.com
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
