[Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention

George Herbert george.herbert at gmail.com
Sat Oct 26 06:20:11 UTC 2013


Ok.  As long as it wasn't missed, in all the other topics.

Thanks, I will be patient.


On Fri, Oct 25, 2013 at 11:10 PM, Philippe Beaudette <
pbeaudette at wikimedia.org> wrote:

> Hi George -
>
> I can tell you that I was in the room as this was being discussed
> today. I'm fairly sure that Michelle is going to be following up on
> this question shortly. It wasn't being ignored - we are just in that
> territory where lawyers like to be certain that when they answer
> clarifying queries like yours, they aren't accidentally muddying the
> waters further. More soon.
>
> pb
>
> —————————
> Philippe Beaudette
> Director, Community Advocacy
> Wikimedia Foundation, Inc
>
>
>
> > On Oct 25, 2013, at 9:19 PM, George Herbert <george.herbert at gmail.com>
> wrote:
> >
> > Again I ask:
> >
> > Can the WMF either publicly or privately provide enough detailed
> assurance
> > as to the digital medium storage plan for these IDs?
> >
> > This is or should be a no-go for requiring IDs (or at least allowing them
> > to be transferred that way).
> >
> > I would be happy to contribute a free independent security audit to a
> plan,
> > if there is a detailed plan to audit.  And do so under confidentiality
> > agreement if you need that, as long as you let me share a non-exploitable
> > summary with the community...
> >
> >
> >
> >
> > On Wed, Oct 23, 2013 at 4:21 PM, George Herbert <
> george.herbert at gmail.com>wrote:
> >
> >> Going back to the 2011 discussions on otrs lists, a flag was raised that
> >> challenged whether the WMF had sufficiently secure servers to host
> copies
> >> of ID documents that might be electronically submitted, including
> >> sufficient firewalling and/or airgapping, internal access controls, etc.
> >>
> >> My impression was that once that was raised as a detailed concern, the
> >> push died off rapidly, but I may be misremembering.
> >>
> >> Let me now ask - Can the WMF either publicly or privately (I live in the
> >> SF Bay Area and can come over and talk) provide enough detailed
> assurance
> >> as to the digital medium storage plan for these IDs?
> >>
> >> This is enough data for someone to do an identity theft with.  The
> >> physical handling is relatively easy to ensure is proper (locked
> cabinet or
> >> the like requires a physical office intrusion).  The electronic...
> >>
> >>
> >>
> >> On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 <rschen7754.wiki at gmail.com
> >wrote:
> >>
> >>> Speaking for myself, I have no problems with the overall idea, and I
> >>> doubt that a lot of the others who have signed the petition do either.
> >>>
> >>> The problem is in the details of how it is implemented, and that
> >>> appropriate safeguards are not written into place to protect the
> privacy
> >>> and legal rights of those who (re)identify. I know some European users
> have
> >>> raised concerns about how the overall policy does not work for them
> and/or
> >>> would cause them to break the law. I don't believe that they should
> have to
> >>> stand alone.
> >>>
> >>> Thanks,
> >>>
> >>> Rschen7754
> >>> rschen7754.wiki at gmail.com
> >>>
> >>>
> >>>
> >>>> On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier <marc at uberbox.org>
> wrote:
> >>>>
> >>>>> On 10/23/2013 07:01 PM, Newyorkbrad wrote:
> >>>>> (I myself can
> >>>>> think of one and only one, but am curious if there are others.)
> >>>>
> >>>> I can also think of exactly one off the cuff (and it is almost
> certainly
> >>>> the same); but I can think of a couple of scenarios where the
> dissuasive
> >>>> effect alone might have made a difference.
> >>>>
> >>>> But my understanding is that this is prompted by a more serious focus
> on
> >>>> accountability than over any particular incident.
> >>>>
> >>>> -- Marc
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Wikimedia-l mailing list
> >>>> Wikimedia-l at lists.wikimedia.org
> >>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> ,
> >>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> >>>
> >>> _______________________________________________
> >>> Wikimedia-l mailing list
> >>> Wikimedia-l at lists.wikimedia.org
> >>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> >>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> >>
> >>
> >>
> >> --
> >> -george william herbert
> >> george.herbert at gmail.com
> >
> >
> >
> > --
> > -george william herbert
> > george.herbert at gmail.com
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>



-- 
-george william herbert
george.herbert at gmail.com


More information about the Wikimedia-l mailing list