Systemspace Network List
Network Enhancement Idea 8
Quintuplicate
29 July 2021
PROPOSED DATA HANDLING POLICY
0. Preliminary Note
To safely expand, SSN-l needs a clear data handling policy so its members know what can and can not be disclosed. This NEI (I) states the principles guiding the proposal; (II) proposes a data handling policy; and (III) explains the proposal.

I. General Principles
A data handling policy should be guided by the principle that members of the community it applies to have a right to know about what will or can affect them, except where outsiders could abuse this right to harm them.

The exception is much broader for us than it is for many other free software communities and open protocol working groups. There are no Ubuntu partisans bent on overthrowing the hegemony of Debian by force and violence, nor does SSL need to defend itself from the sectarian denomination of TLS. Yet both are very much real for us.

The administrative interests of (A) security and (B) privacy compel transparency to members of the public to be restricted, and to members of the community to be tailored, to information whose publication poses no risk to these interests, or one which is less than their legitimate need to know, arising from the community interests in (C) certainty and (D) supervision. 

A. Security
We have to keep our people safe. Information that might compromise this goal should not be disclosed unless a legitimate need to know requires it.

B. Privacy
The members of the community, including ones who are no longer members, have a right to reasonably expect the privacy of their personal data and information. Unless absolutely and imminently necessary for the community's or its members' safety, any personal information pertaining to a current or former member of the community that falls into our knowledge should not be disclosed.

C. Certainty
The community has an important need to know what is allowed and what is not. Certainty prevents those who intend to contribute to the community from unknowingly offending, and those who willfully disrupt it from hiding in doubt. Accordingly, while evidence of rule violations should not be disclosed, all punitive actions should be explained so that justice is not only done, but seen to be done. 

D. Supervision
The community has an important need to hold its leaders accountable to it. Supervision means that the community has an opportunity to scrutinize official actions and the basis for them.

II. Proposed Data Handling Policy
a. The following data shall be disclosed:
(1) Network Enhancement Ideas.
(2) Proposals for rules, unless the rules are urgently needed for security and privacy.
(3) Making and interpretation of rules and policies.
(4) Punitive or other official actions and their rationale, unless inconsistent with security and privacy.
(5) Where required by a court order.

b. The following data may or may not be disclosed:
(1) Routine and uncontroversial actions pursuant to established rules.
(2) Internal instructions and guidelines.

c. The following data shall not be disclosed:
(1) SSN-l logs, except where required to explain an official action.
(2) Real names, geographical locations below the metropolitan area level.
(3) IP and email addresses, unless absolutely and imminently necessary for the community's or its members' safety.
(4) Intelligence relating to SSN security that is not publicly available.

d. The status of data not belonging to these classes is determined by balancing the interests listed in part I.
III. Explanation
The subparts of this part correspond to classes of data listed in part II. The letters correspond to administrative and community interests listed in part I.

A. Data which Must Be Disclosed
1. NEI's
Required by C and D.

2. Proposals for rules
Required by D, can be outweighed by A or B. Example: "proposal for rule" - "It is proposed to ban account sharing to make sure we can vet everybody who uses SSN. Please comment by December 20." "urgently needed" - a rule to prevent unauthorized access to nonpublic information, when there is no time to seek community feedback and input.

3. Rule making and interpretation
Required by C and D. Example: "making of a rule" - "child pornography is banned"; "interpretation of a rule" - "an image of a naked ten-year-old is child pornography." The image itself does not have to (and probably should not) be disclosed.

4. Announcements of official actions
Required by D, can be outweighed by A or B. "Punitive actions" means actions taken for the enforcement of rules, and "other official actions" includes all other actions taken for the benefit of the community by the administration. Example: "punitive action" - "X was banned for posting an image of a naked 10 year old boy, which violates the rule banning child pornography."; "other official action" - "Starting January 1 an IRC bridge will be opened. This will make it more convenient for IRC users."; "inconsistent with security or privacy" - a sting to catch a spy suspected of passing information to Apollo.

5. Court order
Needless to say, we have to follow the law.

B. Data which May Be Disclosed
1. Routine and uncontroversial actions
Examples: deleting spam messages when there is a well-established rule banning spam; banning sockpuppets of banned users.

2. Internal instructions
Examples: "The rule against spamming SHOULD NOT be applied when the text sent amounts to less than 2,000 characters."; "Trolls MAY be warned or kicked in lieu of being banned for a first offense." These are merely advisory, and not class A-3 or A-4 because they do not "interpret" the rules they discuss.

C. Data which Must Not Be Disclosed
1. SSN-l logs
Required by A, can be outweighed by C or D (such as having to disclose class A-3 or A-4 info). Example: "Here's the talk we had in SSN-l about banning X with emails omitted."

2. Real names and locations
Required by B. Example: "X's real name is John Smith and he lives on 1234 Main Street, Anytown, USA." By contrast, "X is from South Australia" would not fall into this class.

3. IP and emails
Required by B, can be outweighed by A. Example: "X was banned for soliciting sex with an underage member. X lives in the Greater Toronto Area and X's IP address and email are 278.784.525.673 and i-love-kiddy-diddlin@example.com." Appropriate authorities would receive more specific information, but this treatment would not be appropriate for someone banned for simple trolling and spamming.

4. Nonpublic intelligence
Required by A and B.