Could someone provide a link to the discussed security review of LimeSurvey? I've been unable to find it.
Considering that the currently open UCoC survey using Google Forms has quoted WMF terms and conditions, which imply a special agreement with Google, was there a security review for this solution including the asserted legal requirement on Google to ask permission from WMF Legal before releasing data to authorities in the USA, such as the FBI or NSA? It's not clear to me that Google would do this for anyone else.
It would be helpful for all organizations that plan to do surveys on the Wikimedia community of volunteers, if the WMF could release a list of security assessments done for all survey tools they have used in the past, especially if this is now going to be asked of WMF Affiliates who will no doubt wish to save donor's money by not repeating the security assessments already published.
Thanks, Fae
On Tue, 23 Feb 2021 at 02:51, K. Peachey p858snake@gmail.com wrote:
On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l, wikimedia-l@lists.wikimedia.org wrote:
Hello everyone,
Apologies for my TL;DR
Interesting topic. I'm recently working on making ethical surveys more and more widespread, starting from here: https://meta.wikimedia.org/wiki/Wikimedia_Italia/LimeSurvey Personal and confidential, please do not circulate or re-quote. Every hand is welcome.
Warm wishes!
--
[[User:Valerio Bozzan]]
Did WMIT do any sort of security review before deploying lime?
Security issues were found the previous two times wmf looked at from my understanding and that was without doing a full security review process....
Have any sort of privacy impact assessment (PIA) since surveys could potentially collect personally identifiable data (PIDs)
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae