RE: [gnso-ff-pdp-may08] Regarding private/sensitive information

["Greg Aaron" <gaaron@xxxxxxxxxxxx>]

Dear Mike:

This is a security-related group, the very nature of which requires a
mechanism to share certain select info in a private forum.  The group
discussed this need in our first meeting in Paris, and there was general
agreement.

I do not think the issue is trust in the group members.  I have faith in the
members not to copy stuff off the private wiki and disseminate it outside
the group.

We have the same issue with the docs in process on the wiki, which are
designated private.  No one is saying shut the wiki down....  What I'm
saying is that we already have a private mechanism, we are comfortable with
it, and we know there is no fool-proof way of preventing all leakage.  

So can the wiki be updated to provide pages on which we can conduct private
discussions?

All best,
--Greg



-----Original Message-----
From: Mike O'Connor [mailto:mike@xxxxxxxxxx] 
Sent: Wednesday, July 16, 2008 10:05 AM
To: gaaron@xxxxxxxxxxxx; 'Fast Flux Workgroup'
Subject: RE: [gnso-ff-pdp-may08] Regarding private/sensitive information

Hi Greg n'Mike,

I don't really find it satisfactory either, but I don't see a way to 
arrive at a secure solution (and figuring one out is outside the 
scope of our endeavor).   The puzzler with the private wiki is that 
we don't really have a mechanism to keep that information 
private.  None of us are under any kind of constraint when it comes 
to reposting that information elsewhere (either to our public 
lists/wiki, or to friends and associates).  That's what I was 
referring to when I mentioned the problems associated with becoming 
the "leak police."

So again, I would discourage people from sharing sensitive 
information with this particular group -- we're really not 
constructed to protect it.

Sorry to be the bearer of bad news, but I just don't see a practical 
solution.  Contracts or non-disclosure agreements?  Ugh, too hard, 
too slow, too distracting.  Not to mention alien to the open nature 
of ICANN conversations.

It seems like what we could do is suggest topics for a study that was 
conducted by an easier-to-secure group of people, at some future 
date.  But I'm pretty convinced that the best course for *us* is a 
public conversation.

If anybody's got a practical solution to this puzzler, I'm all ears though.

m

At 08:55 AM 7/16/2008, Greg Aaron wrote:
>Dear Mike:
>
>I don't feel that solution is satisfactory.  The info I mailed was of
>interest to the entire group, and solicited the collective expertise of the
>group.
>
>Perhaps we should work on making the private wiki a more conducive place
for
>posting threads of this nature?  We need a place where sensitive
information
>is visible to the entire group.  And may be counterproductive to have
>totally offline, side conversations that miss someone who may have
something
>pertinent to say.
>
>Thanks,
>--Greg
>
>
>
>-----Original Message-----
>From: owner-gnso-ff-pdp-may08@xxxxxxxxx
>[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Mike O'Connor
>Sent: Wednesday, July 16, 2008 9:01 AM
>To: Fast Flux Workgroup
>Subject: [gnso-ff-pdp-may08] Regarding private/sensitive information
>
>
>Dear all,
>
>I've had a chance to sleep on the puzzler of maintaining private
>*and* public conversations for the working group.
>
>I've arrived at the following.  Given the nature of our group, I
>think private-list conversation isn't really feasible.  So I'd like
>to propose the following;
>
>- Posts to the group are public
>
>- Private/sensitive information can be exchanged between individuals,
>off-list, based on individual trust relationships
>
>- Conclusions from those private conversations can be sanitized and
>posted to the public list
>
>Simple, no?  I've had several off-list conversations about this and
>have concluded that handling "leak containment" is beyond me.  :-)
>
>So -- don't post sensitive information to the list.
>
>onward,
>
>m
>
>
>voice: 651-647-6109
>fax: 866-280-2356
>
>web: www.haven2.com
>
>
>
>
>
>No virus found in this incoming message.
>Checked by AVG - http://www.avg.com
>Version: 8.0.138 / Virus Database: 270.4.11/1554 - Release Date: 
>7/15/2008 6:03 PM