[Foundation-l] WMF resolution on access to non-public data passed

Brad Patrick bradp.wmf at gmail.com
Tue May 1 20:55:02 UTC 2007

Hash: SHA1

Sorry, can't let this go by unanswered.  My statements are historical
and have no bearing on what is presently being done, as I have nothing
to do with the Foundation anymore.  But:

1) Information obtained by the Foundation is subject to the privacy
policy adopted by the board.  Always.

2) What happens if...?  I don't understand your question.  If there is a
security breach, etc., it's a big problem, like it would be for any
company or organization.

3) Will the Foundation fight?  That depends, but the clearest answer you
will get is, there is no guarantee of security, only the best anyone can
 offer.  Any other statement is hogwash.  If your identity is so secret
that you can't let it be shared, then don't share it.  That is your
decision, and no one elses.  For example, I appreciate what sannse is
saying, and I hold her in very high regard, but I think her opposition
to the policy is misguided.  People *do* already know who she is.  The
point is that the Foundation cannot risk letting people no Foundation
person has shaken hands with, spoken to on the phone, etc., from having
the capacity to expose confidential information.  One word: Essjay.

In practice, persons who are the object of investigation by a third
party usually know someone is after them.  The standard practice
supported by EFF and other free speech organizations, and encouraged
under Florida law, is to advise the individual of the subpoena to allow
them the opportunity to file a motion to quash the subpoena and to seek
to intervene to limit or supply conditions for the discovery.  There is
never a guarantee the information can *never* be turned over.  Under
most normal situations, however, it won't be.

4) Bogus suits are bogus suits, and run afoul of state and federal
rules.  In Florida, you don't get that discovery automatically.

5) What legal relationship do you think changes?

Brad Patrick

Matthew Brown wrote:
> On 5/1/07, David Gerard <dgerard at gmail.com> wrote:
>> Except on those occasions when, as Sannse's case demonstrates, that
>> the Foundation cannot be trusted to keep the personal data secure of
>> someone needing it kept secure.
> Which reminds me to ask: if we have a duty to identify ourselves to
> the Foundation, what duties of confidentiality does the Foundation
> agree to hold itself to?
> What happens if this information is leaked - accidentally, on purpose,
> through security breach or robbery or ... ?
> Will the foundation fight a discovery motion or subpoena or the like
> asking for our personal information, or will it roll over and give up
> the information without a fight, in the hope a potential lawsuit will
> go after us rather than them?  Will the Foundation even notify us in
> this case?  I am concerned that harassing individuals, knowing the
> Foundation has this info on file, will file bogus lawsuits just to get
> their hands on it.
> I'm also curious as to whether this changes our legal relationship
> with the Foundation in other ways.
> Most of this does not personally concern me all that much since I've
> never made that much of an effort to keep my online identity private:
> I am no good at keeping secrets.  But the implications may concern
> others more than I.
> -Matt
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/foundation-l
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the foundation-l mailing list