[Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention

Philippe Beaudette pbeaudette at wikimedia.org
Sat Oct 26 06:10:16 UTC 2013


Hi George -

I can tell you that I was in the room as this was being discussed
today. I'm fairly sure that Michelle is going to be following up on
this question shortly. It wasn't being ignored - we are just in that
territory where lawyers like to be certain that when they answer
clarifying queries like yours, they aren't accidentally muddying the
waters further. More soon.

pb

—————————
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc



> On Oct 25, 2013, at 9:19 PM, George Herbert <george.herbert at gmail.com> wrote:
>
> Again I ask:
>
> Can the WMF either publicly or privately provide enough detailed assurance
> as to the digital medium storage plan for these IDs?
>
> This is or should be a no-go for requiring IDs (or at least allowing them
> to be transferred that way).
>
> I would be happy to contribute a free independent security audit to a plan,
> if there is a detailed plan to audit.  And do so under confidentiality
> agreement if you need that, as long as you let me share a non-exploitable
> summary with the community...
>
>
>
>
> On Wed, Oct 23, 2013 at 4:21 PM, George Herbert <george.herbert at gmail.com>wrote:
>
>> Going back to the 2011 discussions on otrs lists, a flag was raised that
>> challenged whether the WMF had sufficiently secure servers to host copies
>> of ID documents that might be electronically submitted, including
>> sufficient firewalling and/or airgapping, internal access controls, etc.
>>
>> My impression was that once that was raised as a detailed concern, the
>> push died off rapidly, but I may be misremembering.
>>
>> Let me now ask - Can the WMF either publicly or privately (I live in the
>> SF Bay Area and can come over and talk) provide enough detailed assurance
>> as to the digital medium storage plan for these IDs?
>>
>> This is enough data for someone to do an identity theft with.  The
>> physical handling is relatively easy to ensure is proper (locked cabinet or
>> the like requires a physical office intrusion).  The electronic...
>>
>>
>>
>> On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 <rschen7754.wiki at gmail.com>wrote:
>>
>>> Speaking for myself, I have no problems with the overall idea, and I
>>> doubt that a lot of the others who have signed the petition do either.
>>>
>>> The problem is in the details of how it is implemented, and that
>>> appropriate safeguards are not written into place to protect the privacy
>>> and legal rights of those who (re)identify. I know some European users have
>>> raised concerns about how the overall policy does not work for them and/or
>>> would cause them to break the law. I don't believe that they should have to
>>> stand alone.
>>>
>>> Thanks,
>>>
>>> Rschen7754
>>> rschen7754.wiki at gmail.com
>>>
>>>
>>>
>>>> On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier <marc at uberbox.org> wrote:
>>>>
>>>>> On 10/23/2013 07:01 PM, Newyorkbrad wrote:
>>>>> (I myself can
>>>>> think of one and only one, but am curious if there are others.)
>>>>
>>>> I can also think of exactly one off the cuff (and it is almost certainly
>>>> the same); but I can think of a couple of scenarios where the dissuasive
>>>> effect alone might have made a difference.
>>>>
>>>> But my understanding is that this is prompted by a more serious focus on
>>>> accountability than over any particular incident.
>>>>
>>>> -- Marc
>>>>
>>>>
>>>> _______________________________________________
>>>> Wikimedia-l mailing list
>>>> Wikimedia-l at lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>>
>>> _______________________________________________
>>> Wikimedia-l mailing list
>>> Wikimedia-l at lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>
>>
>>
>> --
>> -george william herbert
>> george.herbert at gmail.com
>
>
>
> --
> -george william herbert
> george.herbert at gmail.com
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>



More information about the Wikimedia-l mailing list