[Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention

Katherine Casey fluffernutter.wiki at gmail.com
Wed Oct 23 23:27:16 UTC 2013


As far as " The physical handling is relatively easy to ensure is proper",
well... Considering that some of our less sane problematic users have, if
I'm remembering correctly, shown up at the WMF office itself and would have
loved to get their hands on the real-life documents of our
advanced-privilege users, I'm not all that confident that *any *storage on
the WMF premises, short of a vault, is adequate. When crazies go crazy
about Wikipedia, they go *very *crazy, and breaking a padlock in an office
isn't that outlandish for some of them.

-Fluff


On Wed, Oct 23, 2013 at 7:21 PM, George Herbert <george.herbert at gmail.com>wrote:

> Going back to the 2011 discussions on otrs lists, a flag was raised that
> challenged whether the WMF had sufficiently secure servers to host copies
> of ID documents that might be electronically submitted, including
> sufficient firewalling and/or airgapping, internal access controls, etc.
>
> My impression was that once that was raised as a detailed concern, the push
> died off rapidly, but I may be misremembering.
>
> Let me now ask - Can the WMF either publicly or privately (I live in the SF
> Bay Area and can come over and talk) provide enough detailed assurance as
> to the digital medium storage plan for these IDs?
>
> This is enough data for someone to do an identity theft with.  The physical
> handling is relatively easy to ensure is proper (locked cabinet or the like
> requires a physical office intrusion).  The electronic...
>
>
>
> On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 <rschen7754.wiki at gmail.com
> >wrote:
>
> > Speaking for myself, I have no problems with the overall idea, and I
> doubt
> > that a lot of the others who have signed the petition do either.
> >
> > The problem is in the details of how it is implemented, and that
> > appropriate safeguards are not written into place to protect the privacy
> > and legal rights of those who (re)identify. I know some European users
> have
> > raised concerns about how the overall policy does not work for them
> and/or
> > would cause them to break the law. I don't believe that they should have
> to
> > stand alone.
> >
> > Thanks,
> >
> > Rschen7754
> > rschen7754.wiki at gmail.com
> >
> >
> >
> > On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier <marc at uberbox.org> wrote:
> >
> > > On 10/23/2013 07:01 PM, Newyorkbrad wrote:
> > >> (I myself can
> > >> think of one and only one, but am curious if there are others.)
> > >
> > > I can also think of exactly one off the cuff (and it is almost
> certainly
> > > the same); but I can think of a couple of scenarios where the
> dissuasive
> > > effect alone might have made a difference.
> > >
> > > But my understanding is that this is prompted by a more serious focus
> on
> > > accountability than over any particular incident.
> > >
> > > -- Marc
> > >
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > Wikimedia-l at lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> >
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> >
>
>
>
> --
> -george william herbert
> george.herbert at gmail.com
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>


More information about the Wikimedia-l mailing list