[Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention

George Herbert george.herbert at gmail.com
Sat Oct 26 04:18:35 UTC 2013 

Again I ask:

Can the WMF either publicly or privately provide enough detailed assurance
as to the digital medium storage plan for these IDs?

This is or should be a no-go for requiring IDs (or at least allowing them
to be transferred that way).

I would be happy to contribute a free independent security audit to a plan,
if there is a detailed plan to audit.  And do so under confidentiality
agreement if you need that, as long as you let me share a non-exploitable
summary with the community...




On Wed, Oct 23, 2013 at 4:21 PM, George Herbert <george.herbert at gmail.com>wrote:

> Going back to the 2011 discussions on otrs lists, a flag was raised that
> challenged whether the WMF had sufficiently secure servers to host copies
> of ID documents that might be electronically submitted, including
> sufficient firewalling and/or airgapping, internal access controls, etc.
>
> My impression was that once that was raised as a detailed concern, the
> push died off rapidly, but I may be misremembering.
>
> Let me now ask - Can the WMF either publicly or privately (I live in the
> SF Bay Area and can come over and talk) provide enough detailed assurance
> as to the digital medium storage plan for these IDs?
>
> This is enough data for someone to do an identity theft with.  The
> physical handling is relatively easy to ensure is proper (locked cabinet or
> the like requires a physical office intrusion).  The electronic...
>
>
>
> On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 <rschen7754.wiki at gmail.com>wrote:
>
>> Speaking for myself, I have no problems with the overall idea, and I
>> doubt that a lot of the others who have signed the petition do either.
>>
>> The problem is in the details of how it is implemented, and that
>> appropriate safeguards are not written into place to protect the privacy
>> and legal rights of those who (re)identify. I know some European users have
>> raised concerns about how the overall policy does not work for them and/or
>> would cause them to break the law. I don't believe that they should have to
>> stand alone.
>>
>> Thanks,
>>
>> Rschen7754
>> rschen7754.wiki at gmail.com
>>
>>
>>
>> On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier <marc at uberbox.org> wrote:
>>
>> > On 10/23/2013 07:01 PM, Newyorkbrad wrote:
>> >> (I myself can
>> >> think of one and only one, but am curious if there are others.)
>> >
>> > I can also think of exactly one off the cuff (and it is almost certainly
>> > the same); but I can think of a couple of scenarios where the dissuasive
>> > effect alone might have made a difference.
>> >
>> > But my understanding is that this is prompted by a more serious focus on
>> > accountability than over any particular incident.
>> >
>> > -- Marc
>> >
>> >
>> > _______________________________________________
>> > Wikimedia-l mailing list
>> > Wikimedia-l at lists.wikimedia.org
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>
>> _______________________________________________
>> Wikimedia-l mailing list
>> Wikimedia-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>
>
>
>
> --
> -george william herbert
> george.herbert at gmail.com
>



-- 
-george william herbert
george.herbert at gmail.com

More information about the Wikimedia-l mailing list