[Wikimedia-l] New access to non-public information policy, re-ID requirements and data retention

Sat Oct 26 14:00:25 UTC 2013

As for I, I have totally given up with the idea of preservation of 
confidential data when the US are somehow involved (if the NSA is 
already involved in recording German president phone conversations or 
French diplomatic department communications, who are we to hope that our 
every steps can be private anyway ?).

My trust in WMF ability to provide security to our private information 
also dramatically dropped with the password leak a couple of months ago.

So what are the risks left ? I see mostly three main ones

1) that a digital version of my passport get in the hands of scammers. 
We know some of the risks associated to this, one of which being 
identity theft. Collection of a bunch of private data (name, email, 
phone number, postal address...) is one thing. Preservation of official 
identity paper is another.
I think that's a non-acceptable risk.

2) that WMF disclose private information about us (OTRS member for 
example) volunteers to other volunteers, who may not even be identified 
in the least (as in "arbitration committee members").
Main risk associated imho would go from mild online bullying to severe 
irl mishandling. I have very acute memory of this sick person sending me 
emails threatening my life and the life of my own kids when I was Chair 
of WMF. I was happy he was in the USA and me in France. I was not happy 
he knew of my postal address. And I was scared when I met him at the WMF 
doors irl.
Disclosing private information about us to a lawyer or a policeman is 
one thing. Disclosing private information about us to an "unknown" 
wikimedia member not bound by similar rules related to private data is 
unacceptable.

3) last, that WMF disclose private information about us without having 
the obligation to inform us it did so.
The draft proposes that The Wikimedia Foundation will not share 
submitted materials with third parties, unless such disclosure is (A) 
permitted by a non-disclosure agreement approved by the Wikimedia 
Foundation’s legal department; (B) required by law; (C) needed to 
protect against immediate threat to life or limb; or (D) needed to 
protect the rights, property, or safety of the Wikimedia Foundation, its 
employees, or contractors.
This is vague enough that it may happen that our private data is 
disclosed to about whoever (who will access our private data thanks to 
this "permitted by a non-disclosure agreement approved by the Wikimedia 
Foundation’s legal department" ???), possibly without us knowing.
Consequences may be various (being citing in a legal case without even 
knowning; having personal information disclosed to spammers or scammers; 
being sued by an "unhappy customer" after we failed to fix his case on 
otrs etc.)
A good part of benefit of this agreement would be that covered person 
better feel accountable.
I think a fitting balance would be that WMF agree to mandatorily inform 
ANY covered person WHEN and to WHOM his/her information has been disclosed.

Florence

On 10/26/13 8:20 AM, George Herbert wrote:
> Ok.  As long as it wasn't missed, in all the other topics.
>
> Thanks, I will be patient.
>
>
> On Fri, Oct 25, 2013 at 11:10 PM, Philippe Beaudette <
> pbeaudette at wikimedia.org> wrote:
>
>> Hi George -
>>
>> I can tell you that I was in the room as this was being discussed
>> today. I'm fairly sure that Michelle is going to be following up on
>> this question shortly. It wasn't being ignored - we are just in that
>> territory where lawyers like to be certain that when they answer
>> clarifying queries like yours, they aren't accidentally muddying the
>> waters further. More soon.
>>
>> pb
>>
>> —————————
>> Philippe Beaudette
>> Director, Community Advocacy
>> Wikimedia Foundation, Inc
>>
>>
>>
>>> On Oct 25, 2013, at 9:19 PM, George Herbert <george.herbert at gmail.com>
>> wrote:
>>>
>>> Again I ask:
>>>
>>> Can the WMF either publicly or privately provide enough detailed
>> assurance
>>> as to the digital medium storage plan for these IDs?
>>>
>>> This is or should be a no-go for requiring IDs (or at least allowing them
>>> to be transferred that way).
>>>
>>> I would be happy to contribute a free independent security audit to a
>> plan,
>>> if there is a detailed plan to audit.  And do so under confidentiality
>>> agreement if you need that, as long as you let me share a non-exploitable
>>> summary with the community...
>>>
>>>
>>>
>>>
>>> On Wed, Oct 23, 2013 at 4:21 PM, George Herbert <
>> george.herbert at gmail.com>wrote:
>>>
>>>> Going back to the 2011 discussions on otrs lists, a flag was raised that
>>>> challenged whether the WMF had sufficiently secure servers to host
>> copies
>>>> of ID documents that might be electronically submitted, including
>>>> sufficient firewalling and/or airgapping, internal access controls, etc.
>>>>
>>>> My impression was that once that was raised as a detailed concern, the
>>>> push died off rapidly, but I may be misremembering.
>>>>
>>>> Let me now ask - Can the WMF either publicly or privately (I live in the
>>>> SF Bay Area and can come over and talk) provide enough detailed
>> assurance
>>>> as to the digital medium storage plan for these IDs?
>>>>
>>>> This is enough data for someone to do an identity theft with.  The
>>>> physical handling is relatively easy to ensure is proper (locked
>> cabinet or
>>>> the like requires a physical office intrusion).  The electronic...
>>>>
>>>>
>>>>
>>>> On Wed, Oct 23, 2013 at 4:15 PM, Rschen7754 <rschen7754.wiki at gmail.com
>>> wrote:
>>>>
>>>>> Speaking for myself, I have no problems with the overall idea, and I
>>>>> doubt that a lot of the others who have signed the petition do either.
>>>>>
>>>>> The problem is in the details of how it is implemented, and that
>>>>> appropriate safeguards are not written into place to protect the
>> privacy
>>>>> and legal rights of those who (re)identify. I know some European users
>> have
>>>>> raised concerns about how the overall policy does not work for them
>> and/or
>>>>> would cause them to break the law. I don't believe that they should
>> have to
>>>>> stand alone.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Rschen7754
>>>>> rschen7754.wiki at gmail.com
>>>>>
>>>>>
>>>>>
>>>>>> On Oct 23, 2013, at 4:07 PM, Marc A. Pelletier <marc at uberbox.org>
>> wrote:
>>>>>>
>>>>>>> On 10/23/2013 07:01 PM, Newyorkbrad wrote:
>>>>>>> (I myself can
>>>>>>> think of one and only one, but am curious if there are others.)
>>>>>>
>>>>>> I can also think of exactly one off the cuff (and it is almost
>> certainly
>>>>>> the same); but I can think of a couple of scenarios where the
>> dissuasive
>>>>>> effect alone might have made a difference.
>>>>>>
>>>>>> But my understanding is that this is prompted by a more serious focus
>> on
>>>>>> accountability than over any particular incident.
>>>>>>
>>>>>> -- Marc
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Wikimedia-l mailing list
>>>>>> Wikimedia-l at lists.wikimedia.org
>>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> ,
>>>>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>>>>
>>>>> _______________________________________________
>>>>> Wikimedia-l mailing list
>>>>> Wikimedia-l at lists.wikimedia.org
>>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>>>
>>>>
>>>>
>>>> --
>>>> -george william herbert
>>>> george.herbert at gmail.com
>>>
>>>
>>>
>>> --
>>> -george william herbert
>>> george.herbert at gmail.com
>>> _______________________________________________
>>> Wikimedia-l mailing list
>>> Wikimedia-l at lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>
>> _______________________________________________
>> Wikimedia-l mailing list
>> Wikimedia-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>>
>
>
>