What do you think of the idea of limiting information to the names of living people? If our database of people was large enough, then there will be quite a few people with the same names, but they are actually different people. If we do not publish extra information, such as date/place of birth etc, it would be impossible to find the right person, so the inclusion of his mothers maiden name will not pose such serious concerns.
On 01/04/06, Ray Saintonge saintonge@telus.net wrote:
Benjamin Webb wrote:
On 01/04/06, Robert Scott Horning robert_horning@netzero.net wrote:
Yourself, perhaps. I understand in part that you want to show a full family tree starting with yourself and going to your ancestors (or decendants if you are older). The problem here is that this information is all going to be publicly available for anybody to use and have access. Indeed, a very, very common "security question" used to help prevent identity theft is to ask what your mother's maiden name was. By publishing full geneological links in a public place like on a Wikimedia project, you are inviting fraud, identity theft, and violation of several personal privacy laws. With the Wikimedia Foundation so paranoid about something so insignificant as an IP address connected to a user account and the hyper paranoid (in my opinion) check user policy, this might be enough to kill this whole proposal completely in terms of violating privacy laws.
More important, the suggestion here is that other living relatives may also be listed if a policy like this isn't implemented. They did not give concent to have their information posted in a public forum, even if on a technical level the information is available through public records like birth certificates and driver's license registrations.
I completely agree that this is a sticky issue. I'm just suggesting that some thought needs to go into it and I'm also suggesting what other groups are doing who publish geneological information in a public forum.
I understand the need for being cautious about security and I think that your comment that the subject is something that needs to be thought hard about is exactly right. However, there's one thing that I have been wondering about. You have raised the point that identity theft could be carried out, using the mother's maiden name. As, Rodovid grows and the number of people with the same increases, it will be difficult to link a person whose identity you are trying to steal with someone on the
database.
To do this would mean having other data such as age, place of birth and
so
on, which would probably be as difficult to obtain as the maiden name.
These other data may be as difficult to obtain, but it can be done. If a person is intent on stealing an identity, he is bound to look for what can be done most conveniently and be most suitable to his intents. Just because the guy's a crook doesn't mean he's stupid. A genealogical database where people with the same name are easily confused isn't a very good database, and isn't even worth having for the purposes for which it is intended.
In pre-internet days mother's maiden name was an easy security test, because it was something that most people knew about themselves and were unlikely to mention in ordinary conversation. For a variety of reasons this test may not be as secure as it used to be. In a sensible genealogical database women should conventionally be listed by their birth names; without such a convention it can be far more difficult to connect people.
In any event if this project is going to be viable we need to start with the possible. Initially, at least, a conservative privacy policy should be adopted with the understanding that it could be relaxed in the future when we have a better idea of what information is really public like BDM announcements in newspapers, or newspaper lists of graduation classes.
Putting that issue on the backburner that way would leave us concentrating on the issue of verifiability, so that we can avoid importing and perpetuating the sloppy research of others. I would prefer that whatever we produce not be a companion piece to the Da Vinci Code. :-)
Ec
foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l