wiki:org/meetings/2018MexicoCity/Notes/GDPR

2018-09-30 14:44:08-0500


Julius leads a discussion about Tor and the GDPR

notetaker: dkg


  • You have to use state-of-the-art tech for privacy
  • You can sue your competitor if they don't use it

(can we imagine a future where competitors sue each other for not including Tor in their products?)

Whenever you process user personal data, you need explicit consent of the owner of the data, and you can only use the data within the scope of that consent.

Unclear exactly what "owner" means here.

How does GDPR affect Tor?

  • an organization has to document where it processes personal data of humans.

e.g., TPI uses a payroll service. They transmit employee information to the payroll service.

The result is that we need to create a directory of all the places where they store data

  • TPI is an American organization, but it processes data about Europeans, so GDPR is probably still relevant
  • We don't see a high likelihood of risk -- no competitors looking to sue tor
  • But we could be using this process out of best-practices anyway.

What are the steps TPI could take?

  • make a directory
  • write down specific guidelines (e.g. never transmit cleartext data, weekly backups, deleted at specific time, hardware shredded in some other way)
  • enforce these guidelines among staff

what does TPI have?

  • Donors
  • revision control
  • payroll
  • HR
  • Meeting logistics

What about non-TPI impacts on the Tor community?

  • exoneraTor
  • metrics
  • relay operators
  • consensus

You need processes for deleting data under right to be forgotten (RTBF). do we even have a process for someone to ask for removal?

  • policies about website operation?
  • double-opt-in for newsletters?
  • mailing lists?
  • how are we constraining addresses gained in one channel from use in another channel?
  • Companies need to name a specific privacy officer. What does this entail? What kinds of liability do they have to assume? Is this required of an American company?
  • if an official privacy officer isn't necessary, is it still a position we want to have?
  • Roger has been asked regularly for a privacy policy about Tor software itself.

what about ContactInfo, as published by the directory authorities?

"safe logging policy" keeps nothing, compared with EFF's logging policy which exposes data in the past 24 hours.

  • Services that we run on torproject hosts
  • backups for services?

  • backups of end-user devices?
  • blog, including comments -- who hosts the blog? it's a friend hosting it on pantheon.
  • bridgedb -- internal logs for maintenance or debugging? we talked

earlier in the meeting about how important it is to get good logs from bridgedb

  • build hosts
  • network scanner, bandwidth scanner (check)
  • consensus
  • CRM, donor.torproject.org
  • deb.torproject.org
  • fp -- submits browser attribute information
  • e-mails to gettor@… -- how is that inbox cleared? is there an @gmail address?
  • some non-technical staff forward their @torproject.org e-mails to gmail. this might be an issue for donors, hr, etc.
  • git
  • helpdesk
  • support database?
  • rt queue -- previous policy was to keep all helpdesk requests, people wanted to get rid of it, but that process stalled.
  • jabber server, contains registration information, but it uses LDAP for login. some recent attempts to use it failed. can we turn it off?
  • jenkins CI
  • jumphost
  • kvm hosts
  • mailservers for forwarding -- do they use TLSRPT, MTA-STS?
  • mailing lists
  • schleuder installations
  • metrics: this might be diametrically opposed to the kind of minimization we're talking about.
  • nagios
  • nameservers
  • onionbalance
  • onionperf
  • *OONI needs its own GDPR meeting* -- they might also use a lot of

3rd party services like slack, etc.

  • people.torproject.org -- more websites
  • puppetmaster
  • sandstorm, which has lots of info about meetings, etc.
  • shell server
  • staff and contractor database -- note: how do we handle job applications? Julius sas that some stuff there needs to be

meeting information, and employee spreadsheets have been found in google docs.

need a data retention policy.

Clearly needed more time. Erin Wyatt will drive this discussion forward within TPI.

Last modified 2 months ago Last modified on Sep 30, 2018, 8:31:21 PM