RE: [gnso-ff-pdp-may08] Regarding private/sensitive information

["Mike O'Connor" <mike@xxxxxxxxxx>]

Sorry about the sluggish reply -- today is a travel day for me, so 
I'm hopping from place to place.
Certainly the private wiki is available to all, and editable by all 
-- just add a page and have at it.  But it has the drawback that 
there's no legal remedy if somebody chooses to disclose that 
information to the world.
Liz pinged me off-list -- she and Glen are working this, but ICANN 
may not be able to support us in the near term.  Thanks Liz and Glen!
So here's another thought for a speedy/interim solution.

What if we;

- built a private Forum on one of my personal servers (I can set one 
up in about 10 minutes, and the incremental cost to me is effectively 
zero), and
- somebody (Rodenbaugh?) writes a Terms of Service Agreement that we 
all have to accept before we can gain access to the forum (which has 
language that prohibits us from sharing the information on the board 
and, if I could be so bold, limits my liability)
I also thought of using a Yahoo Group -- but I like the idea of being 
able to write our own TOS agreement.
Thoughts?  As I said, if we could have a good TOS, I can get the rest 
going in a heartbeat.
m


At 09:24 AM 7/16/2008, Greg Aaron wrote:

> Dear Mike:
>
> This is a security-related group, the very nature of which requires a
> mechanism to share certain select info in a private forum.  The group
> discussed this need in our first meeting in Paris, and there was general
> agreement.
>
> I do not think the issue is trust in the group members.  I have faith in the
> members not to copy stuff off the private wiki and disseminate it outside
> the group.
>
> We have the same issue with the docs in process on the wiki, which are
> designated private.  No one is saying shut the wiki down....  What I'm
> saying is that we already have a private mechanism, we are comfortable with
> it, and we know there is no fool-proof way of preventing all leakage.
>
> So can the wiki be updated to provide pages on which we can conduct private
> discussions?
>
> All best,
> --Greg
>
>
>
> -----Original Message-----
> From: Mike O'Connor [mailto:mike@xxxxxxxxxx]
> Sent: Wednesday, July 16, 2008 10:05 AM
> To: gaaron@xxxxxxxxxxxx; 'Fast Flux Workgroup'
> Subject: RE: [gnso-ff-pdp-may08] Regarding private/sensitive information
>
> Hi Greg n'Mike,
>
> I don't really find it satisfactory either, but I don't see a way to
> arrive at a secure solution (and figuring one out is outside the
> scope of our endeavor).   The puzzler with the private wiki is that
> we don't really have a mechanism to keep that information
> private.  None of us are under any kind of constraint when it comes
> to reposting that information elsewhere (either to our public
> lists/wiki, or to friends and associates).  That's what I was
> referring to when I mentioned the problems associated with becoming
> the "leak police."
>
> So again, I would discourage people from sharing sensitive
> information with this particular group -- we're really not
> constructed to protect it.
>
> Sorry to be the bearer of bad news, but I just don't see a practical
> solution.  Contracts or non-disclosure agreements?  Ugh, too hard,
> too slow, too distracting.  Not to mention alien to the open nature
> of ICANN conversations.
>
> It seems like what we could do is suggest topics for a study that was
> conducted by an easier-to-secure group of people, at some future
> date.  But I'm pretty convinced that the best course for *us* is a
> public conversation.
>
> If anybody's got a practical solution to this puzzler, I'm all ears though.
>
> m
>
> At 08:55 AM 7/16/2008, Greg Aaron wrote:
> >Dear Mike:
> >
> >I don't feel that solution is satisfactory.  The info I mailed was of
> >interest to the entire group, and solicited the collective expertise of the
> >group.
> >
> >Perhaps we should work on making the private wiki a more conducive place
> for
> >posting threads of this nature?  We need a place where sensitive
> information
> >is visible to the entire group.  And may be counterproductive to have
> >totally offline, side conversations that miss someone who may have
> something
> >pertinent to say.
> >
> >Thanks,
> >--Greg
> >
> >
> >
> >-----Original Message-----
> >From: owner-gnso-ff-pdp-may08@xxxxxxxxx
> >[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Mike O'Connor
> >Sent: Wednesday, July 16, 2008 9:01 AM
> >To: Fast Flux Workgroup
> >Subject: [gnso-ff-pdp-may08] Regarding private/sensitive information
> >
> >
> >Dear all,
> >
> >I've had a chance to sleep on the puzzler of maintaining private
> >*and* public conversations for the working group.
> >
> >I've arrived at the following.  Given the nature of our group, I
> >think private-list conversation isn't really feasible.  So I'd like
> >to propose the following;
> >
> >- Posts to the group are public
> >
> >- Private/sensitive information can be exchanged between individuals,
> >off-list, based on individual trust relationships
> >
> >- Conclusions from those private conversations can be sanitized and
> >posted to the public list
> >
> >Simple, no?  I've had several off-list conversations about this and
> >have concluded that handling "leak containment" is beyond me.  :-)
> >
> >So -- don't post sensitive information to the list.
> >
> >onward,
> >
> >m
> >
> >
> >voice: 651-647-6109
> >fax: 866-280-2356
> >
> >web: www.haven2.com
> >
> >
> >
> >
> >
> >No virus found in this incoming message.
> >Checked by AVG - http://www.avg.com
> >Version: 8.0.138 / Virus Database: 270.4.11/1554 - Release Date:
> >7/15/2008 6:03 PM
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.138 / Virus Database: 270.4.11/1554 - Release Date: 
> 7/15/2008 6:03 PM