WMF resolution on access to non-public data passed

classic Classic list List threaded Threaded
71 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Matthew Brown-5
Thanks for your answers, Brad, and I appreciate that you can only
speak for the situation before your leaving.

A lot of what I'm getting at, I guess, is wondering how seriously the
privacy policy will be enforced and whether this information will be
common knowledge in the office (and thus easily accidentally
disclosed) or whether it will be checked by someone and then placed
somewhere secure and not generally known by everyone who works in the
office.

My concerns are also that security breaches may be swept under the
carpet, and ignored or denied as the easier option.

Thank you for the clarification as to Florida law and the likely
policy the Foundation would follow if they received a legal request
for the information.  While I realize that the Foundation may not be
in the position of an iron-clad guarantee about anything, I would hope
at least that the correct procedure to follow will be decided upon in
advance and that the standard procedure include notifying the subject
of any subpoena/investigation/discovery if that is possible.

I know under certain circumstances such a notification is prohibited
and that the Foundation may not be able to contact someone, but my
concern is that if what to do in that circumstance is not considered
in advance, policy may be made up on-the-fly in a panic and my
experience is that poor decisions are sometimes made in such
circumstances.

As I said, my own identity is by no means considered a secret, though
my real name is sufficiently frequent that it's not enough to obtain
positive identification.  I'm asking more out of a feeling that some
of these things need to be raised in advance of problems.

Thanks,

-Matt

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Effe iets anders
In reply to this post by Andrew Whitworth
Would it be possible to let the parents of the "minors" authorize it?
Especially for the OTRS team I assume that is a reasonable way of
working. Of course selection policy should show that these people (the
minors) add an extra value to the team, but I know quite a few who do
their work very well, and are probably in their mind already mature
enough, although their passport disagrees. I think that sean might be
a good example for this, but also on my home project (nl.wp) I know
some of them, and I think you all know some of those fellows like
"noooo, you're joking, you can't be 16, you're at least 30!" because
they are such a lot more mature then some of the people who are
fighting around on the wiki's.

I would really appreciate it if the possibility of letting the parents
sign a document that they are OK with it would be taken into
consideration. I know this might hand some extra work to the Office,
but please consider that this will lower the workload in the long run.
Thank you.

Lodewijk

2007/5/1, Andrew Whitworth <[hidden email]>:

> I'm wondering what kinds of hoops need to be jumped through in order to be
> granted an exception to this resolution? The final provision does mention
> that exceptions can be made by the board. en.wikibooks has an enthusiastic,
> highly-motivated, and very professional vandal fighter who had been a
> candidate for checkuser (a very popular candidate), and who cannot now be
> given those tools because of his age. I would be a fool if i did not at
> least inquire about the possibility of this individual being granted such an
> exception.
>
> --Andrew Whitworth
>
> _________________________________________________________________
> Exercise your brain! Try Flexicon.
> http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapril07
>
>
> _______________________________________________
> foundation-l mailing list
> [hidden email]
> http://lists.wikimedia.org/mailman/listinfo/foundation-l
>

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Effe iets anders
In reply to this post by Matthew Brown-5
Another, maybe not *that* important, question might be: Will the
foundation be willing to remove the information out of the records if
the person resigns from the positions? Not that I care a very lot
about it, but I am somehow curious anyway :)

Lodewijk

2007/5/1, Matthew Brown <[hidden email]>:

> Thanks for your answers, Brad, and I appreciate that you can only
> speak for the situation before your leaving.
>
> A lot of what I'm getting at, I guess, is wondering how seriously the
> privacy policy will be enforced and whether this information will be
> common knowledge in the office (and thus easily accidentally
> disclosed) or whether it will be checked by someone and then placed
> somewhere secure and not generally known by everyone who works in the
> office.
>
> My concerns are also that security breaches may be swept under the
> carpet, and ignored or denied as the easier option.
>
> Thank you for the clarification as to Florida law and the likely
> policy the Foundation would follow if they received a legal request
> for the information.  While I realize that the Foundation may not be
> in the position of an iron-clad guarantee about anything, I would hope
> at least that the correct procedure to follow will be decided upon in
> advance and that the standard procedure include notifying the subject
> of any subpoena/investigation/discovery if that is possible.
>
> I know under certain circumstances such a notification is prohibited
> and that the Foundation may not be able to contact someone, but my
> concern is that if what to do in that circumstance is not considered
> in advance, policy may be made up on-the-fly in a panic and my
> experience is that poor decisions are sometimes made in such
> circumstances.
>
> As I said, my own identity is by no means considered a secret, though
> my real name is sufficiently frequent that it's not enough to obtain
> positive identification.  I'm asking more out of a feeling that some
> of these things need to be raised in advance of problems.
>
> Thanks,
>
> -Matt
>
> _______________________________________________
> foundation-l mailing list
> [hidden email]
> http://lists.wikimedia.org/mailman/listinfo/foundation-l
>

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Matthew Brown-5
On 5/1/07, effe iets anders <[hidden email]> wrote:
> Another, maybe not *that* important, question might be: Will the
> foundation be willing to remove the information out of the records if
> the person resigns from the positions? Not that I care a very lot
> about it, but I am somehow curious anyway :)

While I can't speak for the foundation, I can't see why they would be
willing.  After all, they don't necessarily know if you've done
anything wrong with your access until later.

-Matt

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Mohamed Magdy-2
In reply to this post by Andrew Gray
Andrew Gray wrote:

> On 02/05/07, Mohamed Magdy <[hidden email]> wrote:
>  
>> Kat Walsh wrote:
>>    
>>> In addition, all users
>>> holding these positions must be 18 or older, and also of the age of
>>> majority in whichever jurisdiction they live in.
>>>
>>>
>>>      
>> Ahem... the resolution says "explicitly over the age at which they are
>> capable to act without the consent of their parent in the jurisdiction
>> in which they reside"
>>
>> That clearly says (implies) that it means over the Age of Consent[1] NOT
>> the Age of Majority[2]...it is either that you wrote it wrong or it was
>> wrote wrongly in the wiki.
>>    
>
> No, the age at which you can legally make a binding decision
> independent of parental (etc) consent is indeed the age of majority.
> The age of consent relates to the the capacity of the individual to
> consent to sexual activity, and really doesn't factor in here much...
> I really don't see how that can be interpreted as "must be over the
> age of consent" unless you squint really hard.
>
>  
;) pardon me then..sorry...

i guess i was in sort of a robot mode, find consent in the paragraph
then its age of consent..

but wouldn't adding 'age of majority' to the resolution's text be clearer?

#alnokta

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

KIZU Naoko
In reply to this post by Sean Whitton (Xyrael)
On 5/2/07, Sean Whitton <[hidden email]> wrote:

> Whoops, gmail keyboard shortcuts can be too good at times... here is the rest:
>
> ... others, I think that there is perhaps a way for the Foundation to
> get round the issue in order to keep volunteers. I know that I handle
> a good deal of private information for freenode as part of the group
> registration process, but we are getting round this by using a
> Non-Consent Agreement - this will allow us to all handle data
> regardless of age as we are still legally bound. Why would we escape
> this legally just for being under 18? I'm sure that the law still
> places a degree of liability upon minors.

Yes but not a total degree. I feel need to add that both parents and
minors can cancel the deed of minors if the parents give no explicit
consent retrospective, even after the minor reached adulthood. It
would be an idea to ask their parents a consent in a paper, but I
don't know if WMF can handle enourmous paperwork currently in addition
to all confirmation process of other people.


--
KIZU Naoko
  Wikiquote: http://wikiquote.org
  * habent enim emolumentum in labore suo *

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

phoebe ayers-3
In reply to this post by Brad Patrick
On 5/1/07, Brad Patrick <[hidden email]> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> <snip>
> offer.  Any other statement is hogwash.  If your identity is so secret
> that you can't let it be shared, then don't share it.  That is your
> decision, and no one elses.  For example, I appreciate what sannse is
> saying, and I hold her in very high regard, but I think her opposition
> to the policy is misguided.  People *do* already know who she is.  The
> point is that the Foundation cannot risk letting people no Foundation
> person has shaken hands with, spoken to on the phone, etc., from having
> the capacity to expose confidential information.  One word: Essjay.

<snip>

While appreciating that Brad doesn't speak for the Foundation, and noting
that I don't disagree with the proposed policy and am happy to provide my ID
to the WMF, etc.... I do find this statement about someone that "no
Foundation person has shaken hands with..." curious in light of the actual
resolution.

There is, as SJ hints at, a big difference between being personally
trustworthy -- online or off -- and having your identity confirmed. To take
myself as an example: I've met in person, shaken hands with and spoken on
the phone to many of the Foundation people; and I have a position of trust
(OTRS) that comes under this resolution. In short: I hope I'm considered
personally trustworthy, or at least personally known. That doesn't mean any
of you necessarily know my exact age, or my middle name, or the fact that I
really do have a California driver's license, or where I live, or that I
really work at a university, or any of the other specific details that a
positive ID could provide. Furthermore, if none of you had ever met or
interacted with me, any number of government IDs couldn't confirm that I'm a
trustworthy and competent person, that I'm not going to take all the
personal information I've ever come in contact with and share it far and
wide on teh interweb, etc. -- all they could confirm is those morally
anonymous personal details.

It clearly takes some combination of the two -- positive ID and personal
knowledge of someone's work -- to obtain what it seems like the policy is
getting at, that is, knowing that volunteers with access to sensitive
information must be both mature and over the age of consent, trustworthy and
truthful in their identity, respectful of both Foundation policies and
personal privacy rights, and possessed of good common and moral sense.

As I said, I'm all in favor of this goal. So far, volunteers for trusted
positions have them mainly because other people think they're trustworthy
from onwiki interactions. The resolution seems like it is  filling in the
gap of also getting a positive ID for people, so that as Kat says the
Foundation can "ensure that volunteers can be held accountable for their own
actions." It would be nice to clarify though if this in the only purpose or
if there is a larger assumption being made about what these positive IDs
will achieve.

cheers,
phoebe
_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Stephen Bain
On 5/2/07, phoebe ayers <[hidden email]> wrote:
>
> The resolution seems like it is  filling in the
> gap of also getting a positive ID for people, so that as Kat says the
> Foundation can "ensure that volunteers can be held accountable for their own
> actions." It would be nice to clarify though if this in the only purpose or
> if there is a larger assumption being made about what these positive IDs
> will achieve.

That's basically it, as I understand it. It's about ensuring that
volunteers in these positions are legally competent in their
jurisdiction.

--
Stephen Bain
[hidden email]

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Dominic-21
In reply to this post by Brad Patrick
Brad Patrick wrote:

> 3) Will the Foundation fight?  That depends, but the clearest answer you
> will get is, there is no guarantee of security, only the best anyone can
>  offer.  Any other statement is hogwash.  If your identity is so secret
> that you can't let it be shared, then don't share it.  That is your
> decision, and no one elses.  For example, I appreciate what sannse is
> saying, and I hold her in very high regard, but I think her opposition
> to the policy is misguided.  People *do* already know who she is.  The
> point is that the Foundation cannot risk letting people no Foundation
> person has shaken hands with, spoken to on the phone, etc., from having
> the capacity to expose confidential information.  One word: Essjay.
>  
Has anyone ever (and I do mean *ever*) seriously asserted that Essjay in
any way abused oversight, CheckUser, or OTRS access? That seems to me a
serious misrepresentation of what was essentially a PR mishap for the
WMF. If your point is only that he was a pseudonymous user with access
to confidential information, then your one word might as well have been
"Dmcdevit," or dozens of people here:
<http://meta.wikimedia.org/wiki/CheckUser#Current_users_with_access>.
But crying "Essjay" is sensationalizing the issue, and kicking the man
while he's down for no discernible reason.

Dominic

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

David Gerard-2
On 02/05/07, Dmcdevit <[hidden email]> wrote:
> Brad Patrick wrote:

> > 3) Will the Foundation fight?  That depends, but the clearest answer you
> > will get is, there is no guarantee of security, only the best anyone can
> >  offer.  Any other statement is hogwash.  If your identity is so secret
> > that you can't let it be shared, then don't share it.  That is your
> > decision, and no one elses.  For example, I appreciate what sannse is
> > saying, and I hold her in very high regard, but I think her opposition
> > to the policy is misguided.  People *do* already know who she is.  The
> > point is that the Foundation cannot risk letting people no Foundation
> > person has shaken hands with, spoken to on the phone, etc., from having
> > the capacity to expose confidential information.  One word: Essjay.

> Has anyone ever (and I do mean *ever*) seriously asserted that Essjay in
> any way abused oversight, CheckUser, or OTRS access? That seems to me a
> serious misrepresentation of what was essentially a PR mishap for the
> WMF. If your point is only that he was a pseudonymous user with access
> to confidential information, then your one word might as well have been
> "Dmcdevit," or dozens of people here:
> <http://meta.wikimedia.org/wiki/CheckUser#Current_users_with_access>.
> But crying "Essjay" is sensationalizing the issue, and kicking the man
> while he's down for no discernible reason.


Agreed. This is an allegation of malfeasance in use of the tools, and
needs to be substantiated or withdrawn.


- d.

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: WMF resolution on access to non-public data passed

Sean Whitton (Xyrael)
In reply to this post by KIZU Naoko
I believe that such a paper opinion from the parent would be legally
bounding if we worded it right.

> don't know if WMF can handle enourmous paperwork currently in addition
> to all confirmation process of other people.

There aren't *that* many of us working in these areas - correct me if
I'm wrong, but I don't think it'd be a great deal extra :)

Thanks,
Sean

On 02/05/07, Aphaia <[hidden email]> wrote:

> On 5/2/07, Sean Whitton <[hidden email]> wrote:
> > Whoops, gmail keyboard shortcuts can be too good at times... here is the rest:
> >
> > ... others, I think that there is perhaps a way for the Foundation to
> > get round the issue in order to keep volunteers. I know that I handle
> > a good deal of private information for freenode as part of the group
> > registration process, but we are getting round this by using a
> > Non-Consent Agreement - this will allow us to all handle data
> > regardless of age as we are still legally bound. Why would we escape
> > this legally just for being under 18? I'm sure that the law still
> > places a degree of liability upon minors.
>
> Yes but not a total degree. I feel need to add that both parents and
> minors can cancel the deed of minors if the parents give no explicit
> consent retrospective, even after the minor reached adulthood. It
> would be an idea to ask their parents a consent in a paper, but I
> don't know if WMF can handle enourmous paperwork currently in addition
> to all confirmation process of other people.
>
>
> --
> KIZU Naoko
>  Wikiquote: http://wikiquote.org
>  * habent enim emolumentum in labore suo *
>
> _______________________________________________
> foundation-l mailing list
> [hidden email]
> http://lists.wikimedia.org/mailman/listinfo/foundation-l
>


--
—Sean Whitton (seanw)
<[hidden email]>
http://seanwhitton.com/

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
1234