Could someone provide a link to the discussed security review of
LimeSurvey? I've been unable to find it.
Considering that the currently open UCoC survey using Google Forms has
quoted WMF terms and conditions, which imply a special agreement with
Google, was there a security review for this solution including the
asserted legal requirement on Google to ask permission from WMF Legal
before releasing data to authorities in the USA, such as the FBI or
NSA? It's not clear to me that Google would do this for anyone else.
It would be helpful for all organizations that plan to do surveys on
the Wikimedia community of volunteers, if the WMF could release a list
of security assessments done for all survey tools they have used in
the past, especially if this is now going to be asked of WMF
Affiliates who will no doubt wish to save donor's money by not
repeating the security assessments already published.
On Tue, 23 Feb 2021 at 02:51, K. Peachey <p858snake(a)gmail.com> wrote:
On Tue, 23 Feb 2021, 7:18 am Valerio Bozzolan via Wikimedia-l,
Apologies for my TL;DR
Interesting topic. I'm recently working on making ethical surveys more and more
widespread, starting from here:
Personal and confidential, please do not circulate or re-quote.
Every hand is welcome.
Did WMIT do any sort of security review before deploying lime?
Security issues were found the previous two times wmf looked at from my understanding and
that was without doing a full security review process....
Have any sort of privacy impact assessment (PIA) since surveys could potentially collect
personally identifiable data (PIDs)