Changes between Initial Version and Version 1 of org/meetings/2018MexicoCity/Notes/GDPR


Ignore:
Timestamp:
Sep 30, 2018, 8:31:21 PM (9 months ago)
Author:
dkg
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2018MexicoCity/Notes/GDPR

    v1 v1  
     12018-09-30 14:44:08-0500
     2------------------------
     3
     4Julius leads a discussion about Tor and the GDPR
     5
     6notetaker: dkg
     7
     8----------------
     9
     10
     11 * You have to use state-of-the-art tech for privacy
     12
     13 * You can sue your competitor if they don't use it
     14
     15(can we imagine a future where competitors sue each other for not
     16including Tor in their products?)
     17
     18
     19Whenever you process user personal data, you need explicit consent of
     20the owner of the data, and you can only use the data within the scope
     21of that consent.
     22
     23
     24Unclear exactly what "owner" means here.
     25
     26How does GDPR affect Tor?
     27
     28 * an organization has to document where it processes personal data of
     29   humans.
     30
     31   e.g., TPI uses a payroll service.  They transmit employee
     32   information to the payroll service.
     33
     34   The result is that we need to create a directory of all the places
     35   where they store data
     36
     37 * TPI is an American organization, but it processes data about
     38   Europeans, so GDPR is probably still relevant
     39
     40 * We don't see a high likelihood of risk -- no competitors looking to
     41   sue tor
     42
     43 * But we could be using this process out of best-practices anyway.
     44
     45What are the steps TPI could take?
     46
     47 * make a directory
     48
     49 * write down specific guidelines (e.g. never transmit cleartext data,
     50   weekly backups, deleted at specific time, hardware shredded in some
     51   other way)
     52
     53 * enforce these guidelines among staff
     54
     55what does TPI have?
     56
     57 * Donors
     58 * revision control
     59 * payroll
     60 * HR
     61 * Meeting logistics
     62
     63What about non-TPI impacts on the Tor community?
     64
     65 * exoneraTor
     66 * metrics
     67 * relay operators
     68 * consensus
     69
     70You need processes for deleting data under right to be forgotten
     71(RTBF).  do we even have a process for someone to ask for removal?
     72
     73 * policies about website operation?
     74
     75 * double-opt-in for newsletters?
     76
     77 * mailing lists?
     78
     79 * how are we constraining addresses gained in one channel from use in
     80   another channel?
     81
     82 * Companies need to name a specific privacy officer.  What does this
     83   entail?  What kinds of liability do they have to assume?  Is this
     84   required of an American company?
     85
     86 * if an official privacy officer isn't necessary, is it still a
     87   position we want to have?
     88
     89 * Roger has been asked regularly for a privacy policy about Tor
     90   software itself.
     91
     92what about ContactInfo, as published by the directory authorities?
     93
     94"safe logging policy" keeps nothing, compared with EFF's logging policy which exposes data in the past 24 hours.
     95
     96 * Services that we run on torproject hosts
     97
     98  - backups for services?
     99 
     100  - backups of end-user devices?
     101
     102  - blog, including comments -- who hosts the blog? it's a friend
     103    hosting it on pantheon.
     104
     105  - bridgedb -- internal logs for maintenance or debugging?  we talked
     106      earlier in the meeting about how important it is to get good
     107      logs from bridgedb
     108
     109  - build hosts
     110
     111  - network scanner, bandwidth scanner (check)
     112
     113  - consensus
     114
     115  - CRM, donor.torproject.org
     116
     117  - deb.torproject.org
     118
     119  - fp -- submits browser attribute information
     120
     121  - e-mails to gettor@torproject.org -- how is that inbox cleared?
     122    is there an @gmail address?
     123
     124  - some non-technical staff forward their @torproject.org e-mails to
     125    gmail.  this might be an issue for donors, hr, etc.
     126
     127  - git
     128
     129  - helpdesk
     130
     131  - support database?
     132
     133  - rt queue -- previous policy was to keep all helpdesk requests,
     134    people wanted to get rid of it, but that process stalled.
     135
     136  - jabber server, contains registration information, but it uses LDAP
     137    for login.  some recent attempts to use it failed.  can we turn it
     138    off?
     139
     140  - jenkins CI
     141
     142  - jumphost
     143
     144  - kvm hosts
     145
     146  - mailservers for forwarding -- do they use TLSRPT, MTA-STS?
     147
     148  - mailing lists
     149
     150  - schleuder installations
     151
     152  - metrics: this might be diametrically opposed to the kind of
     153    minimization we're talking about.
     154
     155  - nagios
     156
     157  - nameservers
     158
     159  - onionbalance
     160
     161  - onionperf
     162
     163  - *OONI needs its own GDPR meeting* -- they might also use a lot of
     164     3rd party services like slack, etc.
     165
     166  - people.torproject.org -- more websites
     167
     168  - puppetmaster
     169
     170  - sandstorm, which has lots of info about meetings, etc.
     171
     172  - shell server
     173
     174  - staff and contractor database -- note: how do we handle job
     175    applications?  Julius sas that some stuff there needs to be
     176
     177meeting information, and employee spreadsheets have been found in
     178google docs.
     179
     180need a data retention policy.
     181
     182Clearly needed more time.  Erin Wyatt will drive this discussion
     183forward within TPI.