[Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention

George Herbert george.herbert at gmail.com
Wed Oct 23 23:40:22 UTC 2013 

Fluff-

When crazies go crazy
> about Wikipedia, they go *very *crazy, and breaking a padlock in an office
> isn't that outlandish for some of them.


It will not happen without staff being fully aware, and an intruder knowing
which cabinet to break into without significant effort is extremely
unlikely, would require either cooperation of an insider and/or office
visits while acting considerably saner (at least; if not much more than
that).

Even if the risk is nonzero, the risk to me that it will happen secretly
(as opposed to, "X broke in but the SFPD arrested them with a handful of
docs including your ID photocopies") is very low.

I am much more worried about accidental unrecognized leaks of digital data.
 MUCH.




On Wed, Oct 23, 2013 at 4:27 PM, Katherine Casey <
fluffernutter.wiki at gmail.com> wrote:

> As far as " The physical handling is relatively easy to ensure is proper",
> well... Considering that some of our less sane problematic users have, if
> I'm remembering correctly, shown up at the WMF office itself and would have
> loved to get their hands on the real-life documents of our
> advanced-privilege users, I'm not all that confident that *any *storage on
> the WMF premises, short of a vault, is adequate. When crazies go crazy
> about Wikipedia, they go *very *crazy, and breaking a padlock in an office
> isn't that outlandish for some of them.
>
> -Fluff
>
>
> On Wed, Oct 23, 2013 at 7:21 PM, George Herbert <george.herbert at gmail.com
> >wrote:
>
> > Going back to the 2011 discussions on otrs lists, a flag was raised that
> > challenged whether the WMF had sufficiently secure servers to host copies
> > of ID documents that might be electronically submitted, including
> > sufficient firewalling and/or airgapping, internal access controls, etc.
> >
> > My impression was that once that was raised as a detailed concern, the
> push
> > died off rapidly, but I may be misremembering.
> >
> > Let me now ask - Can the WMF either publicly or privately (I live in the
> SF
> > Bay Area and can come over and talk) provide enough detailed assurance as
> > to the digital medium storage plan for these IDs?
> >
> > This is enough data for someone to do an identity theft with.  The
> physical
> > handling is relatively easy to ensure is proper (locked cabinet or the
> like
> > requires a physical office intrusion).  The electronic...
> >
> >
> >
> > On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 <rschen7754.wiki at gmail.com
> > >wrote:
> >
> > > Speaking for myself, I have no problems with the overall idea, and I
> > doubt
> > > that a lot of the others who have signed the petition do either.
> > >
> > > The problem is in the details of how it is implemented, and that
> > > appropriate safeguards are not written into place to protect the
> privacy
> > > and legal rights of those who (re)identify. I know some European users
> > have
> > > raised concerns about how the overall policy does not work for them
> > and/or
> > > would cause them to break the law. I don't believe that they should
> have
> > to
> > > stand alone.
> > >
> > > Thanks,
> > >
> > > Rschen7754
> > > rschen7754.wiki at gmail.com
> > >
> > >
> > >
> > > On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier <marc at uberbox.org>
> wrote:
> > >
> > > > On 10/23/2013 07:01 PM, Newyorkbrad wrote:
> > > >> (I myself can
> > > >> think of one and only one, but am curious if there are others.)
> > > >
> > > > I can also think of exactly one off the cuff (and it is almost
> > certainly
> > > > the same); but I can think of a couple of scenarios where the
> > dissuasive
> > > > effect alone might have made a difference.
> > > >
> > > > But my understanding is that this is prompted by a more serious focus
> > on
> > > > accountability than over any particular incident.
> > > >
> > > > -- Marc
> > > >
> > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list
> > > > Wikimedia-l at lists.wikimedia.org
> > > > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > Wikimedia-l at lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> > >
> >
> >
> >
> > --
> > -george william herbert
> > george.herbert at gmail.com
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>



-- 
-george william herbert
george.herbert at gmail.com

More information about the Wikimedia-l mailing list