[+Advocacy advisors]
On Sun, Jul 7, 2013 at 2:05 AM, Tobias church.of.emacs.ml@googlemail.comwrote:
Three weeks ago, the foundation asked for community input on the surveillance program PRISM (and perhaps similar programs that have surfaced since).
https://meta.wikimedia.org/wiki/PRISM
To quote from that page: "We will consider all feedback, but, because events are moving quickly, we feel we need to make a decision on this by June 21, 2013."
Has there been any response yet? Surely evaluating all the feedback cannot take longer than two weeks...?
It did take time. The feedback was quite inconclusive, and many of the options for action had a variety of flaws, so trying to decide what to do next was difficult.
On Friday, we gave a quick summary on the talk page: https://meta.wikimedia.org/wiki/Talk:PRISM#Update
I'll probably post some more details on the talk page in the next day or two, but suffice to say that we continue to listen for options that are aligned with our values and likely to have an impact on the discussion.
Luis
Luis Villa wrote:
... I'll probably post some more details on the talk page in the next day or two, but suffice to say that we continue to listen for options that are aligned with our values and likely to have an impact on the discussion.
Luis, could you please help us understand the specific reasons that the proposed options (which seemed to be favored roughly 8 to 3 at the meta feedback page) aren't considered to be aligned with the values you're referring to?
Would publicizing these free and open secure alternatives to commercial applications known to be under surveillance -- https://prism-break.org/ -- be sufficiently aligned with out values?
On Mon, Jul 8, 2013 at 11:07 PM, James Salsman jsalsman@gmail.com wrote:
Luis Villa wrote:
... I'll probably post some more details on the talk page in the next day or two, but suffice to say that we continue to listen for options that are aligned with our values and likely to have an impact on the discussion.
Luis, could you please help us understand the specific reasons that the proposed options (which seemed to be favored roughly 8 to 3 at the meta feedback page) aren't considered to be aligned with the values you're referring to?
I discussed this a bit yesterday in the talk page and will flesh that out more, but the specific concern (raised here, on the blog, and in the talk page) is that stopwatching is too US-focused. When counting those concerns as anti-stopwatching votes, the ratio appears more balanced (and the numbers are quite small, as well).
Would publicizing these free and open secure alternatives to
commercial applications known to be under surveillance -- https://prism-break.org/ -- be sufficiently aligned with out values?
Those are international in application so it would not have the same particular problem. (I'm frankly skeptical that any particular set of tools can protect someone from a determined government, so I have not looked very hard at prism-break, but at least conceptually it would seem to be aligned.)
Luis
On 09/07/13 12:41 PM, Luis Villa wrote:
I discussed this a bit yesterday in the talk page and will flesh that out more, but the specific concern (raised here, on the blog, and in the talk page) is that stopwatching is too US-focused. When counting those concerns as anti-stopwatching votes, the ratio appears more balanced (and the numbers are quite small, as well).
While I'm hardly likely to be accused of being an interventionist, how does "Don't be US-centric" equate with "Don't do anything"?
Amgine
On Tue, Jul 9, 2013 at 1:55 PM, Amgine amgine@wikimedians.ca wrote:
On 09/07/13 12:41 PM, Luis Villa wrote:
I discussed this a bit yesterday in the talk page and will flesh that out more, but the specific concern (raised here, on the blog, and in the talk page) is that stopwatching is too US-focused. When counting those concerns as anti-stopwatching votes, the ratio appears more balanced (and the numbers are quite small, as well).
While I'm hardly likely to be accused of being an interventionist, how does "Don't be US-centric" equate with "Don't do anything"?
It does not! I think it is more like:
1. Don't sign stopwatching.us, or do anything else too US-focused. 2. Internally, do be careful with (or as necessary improve) WMF's own privacy processes. 3. Externally, do (unspecified something).
For #2, see the discussion on the privacy policy revision: https://meta.wikimedia.org/wiki/Privacy_policy/Call_for_input_%282013%29
For #3, we're still very open to doing that unspecified something. We just don't see any consensus on what the unspecified something is, other than "not something US-focused".
So please, we're definitely open to anything around #3 that can get consensus, like (say) James' suggestion that we promote prism-break. We would actively *like* to do that (several people here have signed various petitions as individuals, for example). We just don't see what that is yet.
Hope that helps clarify- Luis
-- Luis Villa Deputy General Counsel Wikimedia Foundation 415.839.6885 ext. 6810
NOTICE: *This message may be confidential or legally privileged. If you have received it by accident, please delete it and let us know about the mistake. As an attorney for the Wikimedia Foundation, for legal/ethical reasons I cannot give legal advice to, or serve as a lawyer for, community members, volunteers, or staff members in their personal capacity.*
On 09/07/13 02:52 PM, Luis Villa wrote:
It does not! I think it is more like:
- Don't sign stopwatching.us, or do anything else too US-focused.
- Internally, do be careful with (or as necessary improve) WMF's own
privacy processes. 3. Externally, do (unspecified something).
For #2, see the discussion on the privacy policy revision: https://meta.wikimedia.org/wiki/Privacy_policy/Call_for_input_%282013%29
For #3, we're still very open to doing that unspecified something. We just don't see any consensus on what the unspecified something is, other than "not something US-focused".
So please, we're definitely open to anything around #3 that can get consensus, like (say) James' suggestion that we promote prism-break. We would actively *like* to do that (several people here have signed various petitions as individuals, for example). We just don't see what that is yet.
Hope that helps clarify- Luis
For me, "don't be US centric" doesn't mean "don't do things oriented toward the USA". It means "don't *only* do things oriented toward the USA". This was also the impression I received reading through the comments; not that one should refuse to engage with US-focused actions, but that one should not *solely* engage with US-focused actions.
YMMV.
Amgine
On Tue, Jul 9, 2013 at 10:24 PM, Amgine amgine@wikimedians.ca wrote:
On 09/07/13 02:52 PM, Luis Villa wrote:
It does not! I think it is more like:
- Don't sign stopwatching.us, or do anything else too US-focused.
- Internally, do be careful with (or as necessary improve) WMF's own
privacy processes. 3. Externally, do (unspecified something).
For #2, see the discussion on the privacy policy revision: https://meta.wikimedia.org/wiki/Privacy_policy/Call_for_input_%282013%29
For #3, we're still very open to doing that unspecified something. We
just
don't see any consensus on what the unspecified something is, other than "not something US-focused".
So please, we're definitely open to anything around #3 that can get consensus, like (say) James' suggestion that we promote prism-break. We would actively *like* to do that (several people here have signed various petitions as individuals, for example). We just don't see what that is
yet.
Hope that helps clarify- Luis
For me, "don't be US centric" doesn't mean "don't do things oriented toward the USA". It means "don't *only* do things oriented toward the USA". This was also the impression I received reading through the comments; not that one should refuse to engage with US-focused actions, but that one should not *solely* engage with US-focused actions.
I should have been more specific and detailed yesterday; I apologize but was crunched for time.
As long as most of the world's internet traffic passes through the US, we will obviously need to do some things that are targeted at the US government. However, there are two ways you can approach the US government (or any government): are we asking a government to protect everyone? Or are we asking the government to protect only their own citizens, and implicitly or explicitly encouraging taking actions against the rest of the world?
That second category is what I think people are (rightly) concerned about. In other words, we want to be very, very careful not to take positions that could be seen as implicitly or explicitly saying it is OK to spy on non-American members of our community.
For example, a letter to the US government focusing on guaranteeing us the right to be completely transparent for everyone would likely fall into the first category and be acceptable; a letter or petition encouraging the US government "not to spy on American citizens" (as some of these have quite literally been phrased) would likely fall into the latter category and so not be acceptable.
That is what I meant by "US-focused" - I hope it clarifies.
Luis
On 11/07/13 10:24 AM, Luis Villa wrote: ...
That is what I meant by "US-focused" - I hope it clarifies.
Luis
We will have to agree to disagree. IMO saying "don't spy on US citizens" does not say, explicitly or implicitly, "go ahead and spy on non-US citizens." It says what it says and nothing more, and there is nothing preventing the Foundation from also saying "don't spy on French citizens" or "don't spy on people who use cell phones" or "don't spy on blue people."
I understand you are in a potential conflict between public perceptions/relations and taking an advocational position on a controversial topic, however there is no possible way to avoid that conflict. By dithering you are also creating a negative public perception.
Be bold.
Amgine
Luis Villa, 09/07/2013 21:41:
I discussed this a bit yesterday in the talk page and will flesh that out more, but the specific concern (raised here, on the blog, and in the talk page) is that stopwatching is too US-focused. [...]
Have WMNYC and WMDC considered supporting it? It's unclear to me what kind of support is needed or useful apart from signing.
Nemo
On Tue, Jul 9, 2013 at 4:07 PM, James Salsman jsalsman@gmail.com wrote:
Would publicizing these free and open secure alternatives to commercial applications known to be under surveillance -- https://prism-break.org/ -- be sufficiently aligned with out values?
Our values? ... Our practise. No.
SSL is mandatory to avoid surveillance, but TOR is also quite important.
The very first entry on prism-break is TOR, which is blocked on Wikimedia projects for editing, by explicit blocks and by the TorBlock extension, which is enabled on all wikis, even Chinese Wikipedia.
https://www.mediawiki.org/wiki/Extension:TorBlock https://zh.wikipedia.org/wiki/Special:Version
The mobile functionality is very unfriendly for privacy.
Loading a non-mobile HTTPS url (e.g. https://en.wikipedia.org/wiki/1984), redirects the reader to the mobile HTTP page. If they clicked on a https link believing that their browsing pattern was not able to be monitored, their reading patterns are in clear text on the internet without them being informed of this. The EFF is pushing solutions to send readers from HTTP to HTTPS sites, and WMF is sending readers from HTTPS to HTTP - transparently.
https://bugzilla.wikimedia.org/show_bug.cgi?id=35215 (reported March 2012, last comment from WMF tech team in April 2013 indicates this may not be fixed soon)
Admins can bypass the Tor block, however logging in on Mobile is not easy. In the mobile search type in special:userlogin. The login screen appears, and the 'sign in' button replies to the user that there was a cookie error.
https://bugzilla.wikimedia.org/show_bug.cgi?id=31045 (reported 2011; closed as INVALID the same day)
When using the Orweb browser (part of the tor solution for Android), trying to log in is even more difficult as you cant go to the Desktop site without tying in a long url that bypasses the mobile site.
https://bugzilla.wikimedia.org/show_bug.cgi?id=51277 (reported by me today)
-- John Vandenberg
publicpolicy@lists.wikimedia.org