RE: [gnso-ff-pdp-may08] Regarding private/sensitive information
- To: <gaaron@xxxxxxxxxxxx>, "'Fast Flux Workgroup'" <gnso-ff-pdp-May08@xxxxxxxxx>
- Subject: RE: [gnso-ff-pdp-may08] Regarding private/sensitive information
- From: "Mike O'Connor" <mike@xxxxxxxxxx>
- Date: Wed, 16 Jul 2008 11:23:58 -0500
Sorry about the sluggish reply -- today is a travel day for me, so
I'm hopping from place to place.
Certainly the private wiki is available to all, and editable by all
-- just add a page and have at it. But it has the drawback that
there's no legal remedy if somebody chooses to disclose that
information to the world.
Liz pinged me off-list -- she and Glen are working this, but ICANN
may not be able to support us in the near term. Thanks Liz and Glen!
So here's another thought for a speedy/interim solution.
What if we;
- built a private Forum on one of my personal servers (I can set one
up in about 10 minutes, and the incremental cost to me is effectively
- somebody (Rodenbaugh?) writes a Terms of Service Agreement that we
all have to accept before we can gain access to the forum (which has
language that prohibits us from sharing the information on the board
and, if I could be so bold, limits my liability)
I also thought of using a Yahoo Group -- but I like the idea of being
able to write our own TOS agreement.
Thoughts? As I said, if we could have a good TOS, I can get the rest
going in a heartbeat.
At 09:24 AM 7/16/2008, Greg Aaron wrote:
This is a security-related group, the very nature of which requires a
mechanism to share certain select info in a private forum. The group
discussed this need in our first meeting in Paris, and there was general
I do not think the issue is trust in the group members. I have faith in the
members not to copy stuff off the private wiki and disseminate it outside
We have the same issue with the docs in process on the wiki, which are
designated private. No one is saying shut the wiki down.... What I'm
saying is that we already have a private mechanism, we are comfortable with
it, and we know there is no fool-proof way of preventing all leakage.
So can the wiki be updated to provide pages on which we can conduct private
From: Mike O'Connor [mailto:mike@xxxxxxxxxx]
Sent: Wednesday, July 16, 2008 10:05 AM
To: gaaron@xxxxxxxxxxxx; 'Fast Flux Workgroup'
Subject: RE: [gnso-ff-pdp-may08] Regarding private/sensitive information
Hi Greg n'Mike,
I don't really find it satisfactory either, but I don't see a way to
arrive at a secure solution (and figuring one out is outside the
scope of our endeavor). The puzzler with the private wiki is that
we don't really have a mechanism to keep that information
private. None of us are under any kind of constraint when it comes
to reposting that information elsewhere (either to our public
lists/wiki, or to friends and associates). That's what I was
referring to when I mentioned the problems associated with becoming
the "leak police."
So again, I would discourage people from sharing sensitive
information with this particular group -- we're really not
constructed to protect it.
Sorry to be the bearer of bad news, but I just don't see a practical
solution. Contracts or non-disclosure agreements? Ugh, too hard,
too slow, too distracting. Not to mention alien to the open nature
of ICANN conversations.
It seems like what we could do is suggest topics for a study that was
conducted by an easier-to-secure group of people, at some future
date. But I'm pretty convinced that the best course for *us* is a
If anybody's got a practical solution to this puzzler, I'm all ears though.
At 08:55 AM 7/16/2008, Greg Aaron wrote:
>I don't feel that solution is satisfactory. The info I mailed was of
>interest to the entire group, and solicited the collective expertise of the
>Perhaps we should work on making the private wiki a more conducive place
>posting threads of this nature? We need a place where sensitive
>is visible to the entire group. And may be counterproductive to have
>totally offline, side conversations that miss someone who may have
>pertinent to say.
>[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Mike O'Connor
>Sent: Wednesday, July 16, 2008 9:01 AM
>To: Fast Flux Workgroup
>Subject: [gnso-ff-pdp-may08] Regarding private/sensitive information
>I've had a chance to sleep on the puzzler of maintaining private
>*and* public conversations for the working group.
>I've arrived at the following. Given the nature of our group, I
>think private-list conversation isn't really feasible. So I'd like
>to propose the following;
>- Posts to the group are public
>- Private/sensitive information can be exchanged between individuals,
>off-list, based on individual trust relationships
>- Conclusions from those private conversations can be sanitized and
>posted to the public list
>Simple, no? I've had several off-list conversations about this and
>have concluded that handling "leak containment" is beyond me. :-)
>So -- don't post sensitive information to the list.
>No virus found in this incoming message.
>Checked by AVG - http://www.avg.com
>Version: 8.0.138 / Virus Database: 270.4.11/1554 - Release Date:
>7/15/2008 6:03 PM
No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.4.11/1554 - Release Date:
7/15/2008 6:03 PM