Hi all,
Since being elected as one of the fellowship representatives, I've been looking at various ways to perform this role effectively.
For people who joined FSFE through the FSFE fellowship program, the fellowship representatives are the most senior elected representatives designated in the FSFE constitution[1] and therefore it would appear logical to me that as the representatives, we would be the ones trusted to make decisions about communication with our constituency. In practice, however, this is not the case and people in various parts of the organization (this was discussed in the GA list) have expressed various concerns (e.g. data protection laws, member expectations) for not empowering the fellowship representatives to communicate directly with the people who voted for us. The original request I sent to the GA is at the bottom of this email.
Personally, I felt these concerns demonstrated a lack of trust and confidence in the fellowship representatives and in fact even a lack of trust and confidence in humanity to organize ourselves democratically. Having served in various representative roles in the past where membership lists were always available to me I actually felt somewhat insulted by these responses and uncertain about whether the fellowship representative role is meant to be only an illusion of representation rather than an active representative.
I put forward a motion for the GA meeting to address this for the future. To maximize the possibility of achieving consensus at the GA meeting (motions are not usually voted on), the motion is not retrospective and does not attempt to clarify the current status of membership data under privacy laws or whatever else, it is only about avoiding further ambiguity in the future.
To ensure the GA can understand how people feel, it would be interesting to get opinions from the community:
- when you join an organization such as FSFE and you provide personal data such as your name and email address, do you expect that office holders and elected representatives would have some access to this data in performing their roles?
- do you feel it is reasonable for people who are in a position of trust to have some discretion in how they use the data as long as they do so in the best interests of the organization, it's mission and it's members? Or do you believe the organization should strive to obfuscate the data so that even office holders can't read it and put systems in place so communications are sent out to members through an opaque process?
- what are the practices you have seen in other community organizations in the free software space and can we learn anything from them in developing best practice?
Proposed motion: The GA recognizes the stark difference between the way FSFE coordinates contributor data and other organizations are doing things. FSFE supporter data is only available to Reinhard, Jones, system-hackers(?), ISP staff and third-parties involved in payment processing. The GA resolves to let supporters choose to be a "silent" supporter who simply donates and expects nothing in return and contributors who choose to volunteer and are identifiable to other contributors through a PGP keyring, directory or other means. Where somebody chooses to be in the former category, their personal data will remain under a somewhat default data protection regime (need-to-know access only) whereas if they choose to be in the latter category, they will be informed that a less stringent data protection policy is in effect. Where somebody in the latter category (contributor) provides information that is only required to process a donation (credit card billing address, payment card details, etc), that information will remain under strict privacy controls.
Background to this motion: In Debian, for example, all trusted contributors are identified in a publicly distributed PGP keyring and many more contributors are identified through resources like contributors.debian.org and the Ultimate Debian Database. Many people feel that a de-centralized organization like this is more appropriate for robustness and for empowering volunteers.
Regards,
Daniel
1. https://fsfe.org/about/legal/constitution.en.html
-------- Forwarded Message -------- Subject: improving fellowship communication Date: Mon, 14 Aug 2017 10:53:27 +0200 From: Daniel Pocock daniel@pocock.pro To: ga@fsfeurope.org
Hi all,
As I've been elected as a fellowship representative, I feel it is important
a) to know who I am representing
b) to be able to communicate with them directly
I've asked Erik if he could provide contact details for the fellowship and he stated that data protection prevents this and requires all communication to go through Reinhard.
It is standard practice for just about any other elected representative to have this basic data. For example, when I was elected as employee representative on a pension committee, I was given a full list of all members. In most countries people who run for public office are given a list of all the people registered to vote at the deadline, this also helps with transparency and detecting errors.
I feel it is important for FSFE to address this.
Personally, I would like to email a report about my own activities to fellows from time to time, probably using a reply-to header set to the discussion list.
I would not object to signing a confidentially agreement, committing to store the data securely, limiting my use of any such data to FSFE purposes and committing not to use the data to promote myself or endorse any future candidates in fellowship elections.
Regards,
Daniel
Daniel Pocock daniel@pocock.pro wrote:
- when you join an organization such as FSFE and you provide personal
data such as your name and email address, do you expect that office holders and elected representatives would have some access to this data in performing their roles?
Yes, some access.
- do you feel it is reasonable for people who are in a position of
trust to have some discretion in how they use the data as long as they do so in the best interests of the organization, it's mission and it's members? Or do you believe the organization should strive to obfuscate the data so that even office holders can't read it and put systems in place so communications are sent out to members through an opaque process?
The organisation should log all access to the data and limit use privileges. For example, the representatives should be able to use it somehow, such as sending emails out to the email addresses, but they should not be able to download it in bulk to a memory stick and leave it in a pub car park[1]. 1: http://news.bbc.co.uk/1/hi/uk/7704611.stm
- what are the practices you have seen in other community
organizations in the free software space and can we learn anything from them in developing best practice?
Most of the examples I have seen have been horrible in one of two ways, which can be caricatured as US-centric organsations don't seem to care for anyone's privacy and publish far too much, while EU-centric organisations seem to tightly control data access even where that harms officer communications. There must be a middle line, mustn't there?
Hope that informs,
Hello,
On Mon, Oct 02, 2017 at 10:10:53AM +0200, Daniel Pocock wrote: ...
To ensure the GA can understand how people feel, it would be interesting to get opinions from the community:
- when you join an organization such as FSFE and you provide personal data
such as your name and email address, do you expect that office holders and elected representatives would have some access to this data in performing their roles?
No.
- do you feel it is reasonable for people who are in a position of trust
to have some discretion in how they use the data as long as they do so in the best interests of the organization, it's mission and it's members? Or
No, as there is no way for me to check if my trust is justified. And the "as long as they do" part scares me too.
do you believe the organization should strive to obfuscate the data so that even office holders can't read it and put systems in place so communications are sent out to members through an opaque process?
This sounds rather that you don't trust this opaque process than see your means to communicate with the electorate at stake.
In that case, I'd rather make that opaque process more transparent instead of giving access to the entire supporter database to a yet another person every single year.
Proposed motion:
...
default data protection regime (need-to-know access only) whereas if they choose to be in the latter category, they will be informed that a less stringent data protection policy is in effect. Where somebody in
When you sign up, there is a check-box "Are you fine that a local coordinator may contact you" (or something similar), we could generalize this to "local coordinator and fellowship representative" or provide a second check-box just for the representative.
This still requires the coordinators and representatives to trust that the opaque process you mentioned indeed reaches all fellows that are meant to be reached.
-------- Forwarded Message --------
Subject: improving fellowship communication Date: Mon, 14 Aug 2017 10:53:27 +0200 From: Daniel Pocock [2]daniel@pocock.pro To: [3]ga@fsfeurope.org
...
I would not object to signing a confidentially agreement, committing to store the data securely, limiting my use of any such data to FSFE purposes and committing not to use the data to promote myself or endorse any future candidates in fellowship elections.
What if you (or any of your successors) violate the agreement anyhow? Will you be liable for any damages? What if you don't have the means to compensate? Who will ever run for that position again, knowing that this could turn out very costly and troublesome?
I wish you all a fun and productive GA!
Greetings,
Guido
Hi,
2017-10-02 10:10 GMT+02:00 Daniel Pocock daniel@pocock.pro:
- when you join an organization such as FSFE and you provide personal data
such as your name and email address, do you expect that office holders and elected representatives would have some access to this data in performing their roles?
Yes, some access would be ok with me.
- do you feel it is reasonable for people who are in a position of trust
to have some discretion in how they use the data as long as they do so in the best interests of the organization, it's mission and it's members? Or do you believe the organization should strive to obfuscate the data so that even office holders can't read it and put systems in place so communications are sent out to members through an opaque process?
The organization should strive to obfuscate the data so that even office holders can't read it.
- what are the practices you have seen in other community organizations in
the free software space and can we learn anything from them in developing best practice?
Sorry, don't know any could example.
Hope I could help and thank you very much for your dedication.
Regards, Christian
hi daniel,
sorry for the late reply, i was on holidy and only partly checked mails for the last two weeks, but i wanted to clear a few things up here... On Mon, Oct 02, 2017 at 10:10:53AM +0200, Daniel Pocock wrote: ...
Personally, I felt these concerns demonstrated a lack of trust and confidence in the fellowship representatives and in fact even a lack of trust and confidence in humanity to organize ourselves democratically. Having served in various representative roles in the past where membership lists were always available to me I actually felt somewhat insulted by these responses and uncertain about whether the fellowship representative role is meant to be only an illusion of representation rather than an active representative.
as i on ga@: no, it's not distrust. however i strongly believe on only giving access where there is no need for the data. yes, you are entitled to be able to communicate with fellows/contributres/sustaining members/... there are multiple ways already: * multiple mailling lists where active and intrested people subscribe * the (given a bit unusual way) via the fellowship database where you currently need human intervention, however it is still possible to send signed mails, so i see no trust issues on if the mails where altered. ...
- when you join an organization such as FSFE and you provide personal
data such as your name and email address, do you expect that office holders and elected representatives would have some access to this data in performing their roles?
as i said before, no...no direct access if it is not neccesary or cannot currently prevented. ...
Proposed motion: The GA recognizes the stark difference between the way FSFE coordinates contributor data and other organizations are doing things. FSFE supporter data is only available to Reinhard, Jones, system-hackers(?), ISP staff and third-parties involved in payment processing. The GA
hmm...i don't completly get where you get that list from, you never asked who has access if i remeber correctly. currently: * reinhard * the three people who are running the main systems (that includes me and jonas)
and that's it when it comes to the main database.
yes, of course if you use a third party payment provider, they will get some data (but they still have no access to stuff like your home address), however if you want to avoid that: we had people paying in cash at booths before...(including myself for a time)
as for ISP staff: why do you think that any isp staff has access? the DB is run on hardware owned by the fsfe, so unless they play games like pulling out the disks, they have no acess. ...
b) to be able to communicate with them directly
as stated above and before, there are ways to do that, but sofar you have not tried them, so saying that they don't work is a bit strange...
regards, albert
Hallo Daniel! Have you succeeded? Was the meeting held? I understnad this year was election of new president. Did you candidate? It seems many think new leadership is needed:
http://lists.spi-inc.org/pipermail/spi-general/2017-October/003779.html
Regards, Cornelia
-------- Original Message -------- Subject: improving fellowship communication (GA motion) Local Time: October 2, 2017 8:10 AM UTC Time: October 2, 2017 8:10 AM From: daniel@pocock.pro To: FSFE Discussion discussion@fsfeurope.org FSFE General Assembly ga@fsfeurope.org
Hi all,
Since being elected as one of the fellowship representatives, I've been looking at various ways to perform this role effectively.
For people who joined FSFE through the FSFE fellowship program, the fellowship representatives are the most senior elected representatives designated in the FSFE constitution[1] and therefore it would appear logical to me that as the representatives, we would be the ones trusted to make decisions about communication with our constituency. In practice, however, this is not the case and people in various parts of the organization (this was discussed in the GA list) have expressed various concerns (e.g. data protection laws, member expectations) for not empowering the fellowship representatives to communicate directly with the people who voted for us. The original request I sent to the GA is at the bottom of this email.
Personally, I felt these concerns demonstrated a lack of trust and confidence in the fellowship representatives and in fact even a lack of trust and confidence in humanity to organize ourselves democratically. Having served in various representative roles in the past where membership lists were always available to me I actually felt somewhat insulted by these responses and uncertain about whether the fellowship representative role is meant to be only an illusion of representation rather than an active representative.
I put forward a motion for the GA meeting to address this for the future. To maximize the possibility of achieving consensus at the GA meeting (motions are not usually voted on), the motion is not retrospective and does not attempt to clarify the current status of membership data under privacy laws or whatever else, it is only about avoiding further ambiguity in the future.
To ensure the GA can understand how people feel, it would be interesting to get opinions from the community:
when you join an organization such as FSFE and you provide personal data such as your name and email address, do you expect that office holders and elected representatives would have some access to this data in performing their roles?
do you feel it is reasonable for people who are in a position of trust to have some discretion in how they use the data as long as they do so in the best interests of the organization, it's mission and it's members? Or do you believe the organization should strive to obfuscate the data so that even office holders can't read it and put systems in place so communications are sent out to members through an opaque process?
what are the practices you have seen in other community organizations in the free software space and can we learn anything from them in developing best practice?
Proposed motion: The GA recognizes the stark difference between the way FSFE coordinates contributor data and other organizations are doing things. FSFE supporter data is only available to Reinhard, Jones, system-hackers(?), ISP staff and third-parties involved in payment processing. The GA resolves to let supporters choose to be a "silent" supporter who simply donates and expects nothing in return and contributors who choose to volunteer and are identifiable to other contributors through a PGP keyring, directory or other means. Where somebody chooses to be in the former category, their personal data will remain under a somewhat default data protection regime (need-to-know access only) whereas if they choose to be in the latter category, they will be informed that a less stringent data protection policy is in effect. Where somebody in the latter category (contributor) provides information that is only required to process a donation (credit card billing address, payment card details, etc), that information will remain under strict privacy controls.
Background to this motion: In Debian, for example, all trusted contributors are identified in a publicly distributed PGP keyring and many more contributors are identified through resources like contributors.debian.org and the Ultimate Debian Database. Many people feel that a de-centralized organization like this is more appropriate for robustness and for empowering volunteers.
Regards,
Daniel
-------- Forwarded Message -------- Subject: improving fellowship communication Date: Mon, 14 Aug 2017 10:53:27 +0200 From: Daniel Pocock [daniel@pocock.pro](mailto:daniel@pocock.pro)
To: ga@fsfeurope.org
Hi all,
As I've been elected as a fellowship representative, I feel it is important
a) to know who I am representing
b) to be able to communicate with them directly
I've asked Erik if he could provide contact details for the fellowship and he stated that data protection prevents this and requires all communication to go through Reinhard.
It is standard practice for just about any other elected representative to have this basic data. For example, when I was elected as employee representative on a pension committee, I was given a full list of all members. In most countries people who run for public office are given a list of all the people registered to vote at the deadline, this also helps with transparency and detecting errors.
I feel it is important for FSFE to address this.
Personally, I would like to email a report about my own activities to fellows from time to time, probably using a reply-to header set to the discussion list.
I would not object to signing a confidentially agreement, committing to store the data securely, limiting my use of any such data to FSFE purposes and committing not to use the data to promote myself or endorse any future candidates in fellowship elections.
Regards,
Daniel