30
edits
Data Safety/Data Safety Consultation Meeting Notes/2011-09-28: Difference between revisions
Jump to navigation
Jump to search
Data Safety/Data Safety Consultation Meeting Notes/2011-09-28 (view source)
Revision as of 23:31, 2 March 2012
, 2 March 2012no edit summary
No edit summary |
|||
| Line 38: | Line 38: | ||
=== Data Safety Review - Metrics Ping === | === Data Safety Review - Metrics Ping === | ||
We believe that, contingent on the recommendations below, the proposed Opt-Out Metrics Ping feature fits Mozilla Values and Privacy Principles. Active development of this feature should proceed, with regular checkins with the Data Safety Team (fka User Data Committee (UDC)). | We believe that, contingent on the recommendations below, the proposed Opt-Out Metrics Ping feature fits Mozilla Values and Privacy Principles. Active development of this feature should proceed, with regular checkins with the Data Safety Team (fka User Data Committee (UDC)). | ||
<u>Prior Metrics To-dos:</u> <BR> | <u>Prior Metrics To-dos:</u> <BR> | ||
# Provide a layman's rationale for opt-out vs. opt-in. | # Provide a layman's rationale for opt-out vs. opt-in. | ||
#* ''This should specify a user benefit rather than a Mozilla benefit'' | #* ''This should specify a user benefit rather than a Mozilla benefit''<BR> [ See https://wiki.mozilla.org/MetricsDataPing#Opt-in_vs._Opt-out. Please note this contains community/contributor debate following the Metrics proposal.] | ||
# Immediately determine and document identifier strategy (e.g., installation UUID). | # Immediately determine and document identifier strategy (e.g., installation UUID). | ||
#* ''We chose to go with installation UUID, no sync, changes when opt-out/opt-in.'' | #* ''We chose to go with installation UUID, no sync, changes when opt-out/opt-in.'' <BR>[See https://wiki.mozilla.org/MetricsDataPing#Submission_ID] | ||
# Catalog all data elements across all Telemetry/Metrics pings. Determine data paths, retention policies, and data destruction strategies for all of these. Highlight overlaps in data collection. | # Catalog all data elements across all Telemetry/Metrics pings. Determine data paths, retention policies, and data destruction strategies for all of these. Highlight overlaps in data collection. | ||
#* ''Ping description is at: <https://metrics.etherpad.mozilla.org/8>.'' | #* ''Ping description is at: <https://metrics.etherpad.mozilla.org/8>.'' | ||
#* '''''Action:''''' ''Metrics to produce a more legible version of this information, for side-by-side comparison in a spreadsheet.'' | #* '''''Action:''''' ''Metrics to produce a more legible version of this information, for side-by-side comparison in a spreadsheet.'' <BR>[See https://docs.google.com/spreadsheet/ccc?key=0AtdL1GrYQUbldFBBUUNkbTBKNjZTd3dTeTZ0QUhaNXc ] | ||
#* ''Aside from DE: Want Metrics/Telemetry to be the canonical place for data collection. Other pings should eventually be deprecated.'' | #* ''Aside from DE: Want Metrics/Telemetry to be the canonical place for data collection. Other pings should eventually be deprecated.''<BR>[This is mentioned in http://people.mozilla.org/~sguha/mozilla/mdp/BrownBag-metrics-data-ping.pdf] | ||
#* '''''Action:''''' ''Metrics to add a documentation link to the top of the JSON blob. That link should yield a human-readable page, including retention period.'' | #* '''''Action:''''' ''Metrics to add a documentation link to the top of the JSON blob. That link should yield a human-readable page, including retention period.''<BR>[The about:metrics has a description of the elements of the JSON blob. See #5.] | ||
#* '''''Action:''''' ''<strike>UDC</strike> Data Safety to look at sample data/JSON and map to 11 requested items.'' | #* '''''Action:''''' ''<strike>UDC</strike> Data Safety to look at sample data/JSON and map to 11 requested items.'' | ||
# Determine a policy and potentially access-control mechanisms for use of the collected data: who gets access to what? | # Determine a policy and potentially access-control mechanisms for use of the collected data: who gets access to what? | ||
#* '''''Action:''''' ''Metrics to document access and logging policy and security, with Coates.'' | #* '''''Action:''''' ''Metrics to document access and logging policy and security, with Coates.''<BR>[Review for Bagheera, the back end server that receives and stores user data: https://bugzilla.mozilla.org/show_bug.cgi?id=655746] | ||
#* '''''Action:''''' ''<strike>UDC</strike> Data Safety & Metrics to plan a future policy.'' | #* '''''Action:''''' ''<strike>UDC</strike> Data Safety & Metrics to plan a future policy.'' | ||
#* ''Short term, metrics team promise not to be evil.'' | #* ''Short term, metrics team promise not to be evil.''<BR> [Metrics has a mission statement for privacy and data usage at https://wiki.mozilla.org/Friends/Metrics] | ||
#* ''Note: retention period is up to 6 months.'' | #* ''Note: retention period is up to 6 months.'' | ||
# Begin to determine a plan for giving users access to the data that we collect. | # Begin to determine a plan for giving users access to the data that we collect. | ||
#* '''''Enhancement:''''' ''about:metrics to show ping data, and retention period.'' | #* '''''Enhancement:''''' ''about:metrics to show ping data, and retention period.''<BR>[ See https://bugzilla.mozilla.org/show_bug.cgi?id=719484] | ||
# Explore and document use cases for the collected data beyond the immediate ones described. | # Explore and document use cases for the collected data beyond the immediate ones described. | ||
#* ''Users perhaps to be able to compare themselves to the group'' | #* ''Users perhaps to be able to compare themselves to the group'' | ||
#* ''Privacy has questions regarding some of the fields to finish the privacy review, plus the opt-out experience. Privacy will follow up with specific questions that the Metrics team should address.'' | #* ''Privacy has questions regarding some of the fields to finish the privacy review, plus the opt-out experience. Privacy will follow up with specific questions that the Metrics team should address.'' | ||
# A Security review of the architecture should be performed and kept up-to-date. Infrasec will follow up with specifics that the Metrics team should address. | # A Security review of the architecture should be performed and kept up-to-date. Infrasec will follow up with specifics that the Metrics team should address. <BR>[Some discussion: https://wiki.mozilla.org/Security/Reviews/MetricsDataPing. Client code security review in progress: https://bugzilla.mozilla.org/show_bug.cgi?id=718067. For back end security review, see the Bagheera review: https://bugzilla.mozilla.org/show_bug.cgi?id=655746 .] | ||
# Propose UX implementation | # Propose UX implementation | ||
#* '''''Requirement:''''' ''<strike>UDC</strike> Data Safety (Sid) to sign off on the UX implementation in a bug.'' | #* '''''Requirement:''''' ''<strike>UDC</strike> Data Safety (Sid) to sign off on the UX implementation in a bug.''<BR>[See https://bugzilla.mozilla.org/show_bug.cgi?id=707970] | ||
== Follow-up Discussions == | == Follow-up Discussions == | ||