From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-project+bounces-7885-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id ED4F7138334
	for <garchives@archives.gentoo.org>; Wed, 20 Jun 2018 11:42:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 5FA8DE088B;
	Wed, 20 Jun 2018 11:42:12 +0000 (UTC)
Received: from mail-pg0-f49.google.com (mail-pg0-f49.google.com [74.125.83.49])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 136F9E0877
	for <gentoo-project@lists.gentoo.org>; Wed, 20 Jun 2018 11:42:11 +0000 (UTC)
Received: by mail-pg0-f49.google.com with SMTP id w8-v6so1372668pgp.7
        for <gentoo-project@lists.gentoo.org>; Wed, 20 Jun 2018 04:42:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=9joNUSVRZJwpYKThKTfgPhD9QLLeJNx8MmN0dXfAipg=;
        b=VFSqtZ59QII02+6bzoeobZbXZ3jn3Owfj4mpramANHWGF/iUq/Cl81/WxFaY7C2koT
         nBAYw4Q9x4/wnNb7bX/Q+OujC74Jg6JZnma+DOV+KLjLlBIKimVybNPtH4H458w0ckjf
         QQ6Cz1bdd+wsmQoyf0SF1nghV+9H4nhl4OOCtCP7g0AS2TaBL3fZ4+eyWdygiK6jsdpW
         7XQGy6See/RwcWsl+vSzi8obM71mdGVl9bEfotKSWM1HMrutFsDp4aDXL6gjvPGUL0il
         hyPXfHgovDjgayz+7ZtP5zJn3xMlj8vNklmnvgmc1MD0USaHXqeesULx6Ed7Z2H/4Nck
         ie3Q==
X-Gm-Message-State: APt69E0+QGT0+3GqN6u3IylPAv6ONku/+ZH2ozxoi9qkaxPsbLUPwND3
	bqioYcXZN+KjE37Dv9xZcYGu5SR8Z4IIu6vw9D65ETZh
X-Google-Smtp-Source: ADUXVKKJxKXPRvYXlwhiDRbMtWC9P2W9o1B7h+87NRPCBC8DMwKN5ejbe/Mhm95LY/OOq6QG6XUtRaO46EUdksf0CB0=
X-Received: by 2002:a62:d97:: with SMTP id 23-v6mr22547828pfn.202.1529494930654;
 Wed, 20 Jun 2018 04:42:10 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-project@lists.gentoo.org>
List-Help: <mailto:gentoo-project+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-project+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-project+subscribe@lists.gentoo.org>
List-Id: Gentoo Project discussion list <gentoo-project.gentoo.org>
X-BeenThere: gentoo-project@lists.gentoo.org
Reply-To: gentoo-project@lists.gentoo.org
MIME-Version: 1.0
References: <1529482561.2506.17.camel@gentoo.org> <756a345e-0209-9643-c94f-1cf94321eb2a@gentoo.org>
 <1529483543.2506.23.camel@gentoo.org> <CAGfcS_m0MZsqPTEH87mnP4f8ACgyUoOU5_C5modaUd5UwHbbWA@mail.gmail.com>
 <29af132e-824d-3be5-9d11-3c80880ce9be@gentoo.org>
In-Reply-To: <29af132e-824d-3be5-9d11-3c80880ce9be@gentoo.org>
From: Rich Freeman <rich0@gentoo.org>
Date: Wed, 20 Jun 2018 07:41:59 -0400
Message-ID: <CAGfcS_n2WpZGsG4SvDYhRFRZyrGv8Dpf6YhicvbW+mc1k6hrvQ@mail.gmail.com>
Subject: Re: [gentoo-project] Date-of-birth in developer applications
To: Kristian Fiskerstrand <k_f@gentoo.org>
Cc: gentoo-project <gentoo-project@lists.gentoo.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 70052e5d-9d16-4dde-8b75-7abb0ae0760e
X-Archives-Hash: 7cf9a17a5176152e5b6f6dea214713d3

On Wed, Jun 20, 2018 at 7:12 AM Kristian Fiskerstrand <k_f@gentoo.org> wrot=
e:
>
> On 06/20/2018 12:52 PM, Rich Freeman wrote:
> > On Wed, Jun 20, 2018 at 4:32 AM Micha=C5=82 G=C3=B3rny <mgorny@gentoo.o=
rg> wrote:
> >>
> >> Please tell me, how many times did we have to disambiguate two
> >> developers using the same name?  Even if we ever have to do that, do y=
ou
> >> really think we'd use one's birthday all over the place?
> >
> > Even if we've had two people from the same location with the same
> > name, WHY would we ever have to use their date of birth to identify
> > them?  We already have their nicks which is what we use internally,
> > and those are always unique.
>
> One morbid example would be someone getting a stone in the back of their
> head, at which point the nick will likely not help much... But the
> underlying need is likely to arise more due to other circumstances for
> needing to contact, say a retired dev needs to provide evidence in a
> copyright case and we need to track them down to get said statement.

The "underlying need" is what I'm getting at.  Do we REALLY need to
track developers post-retirement?  If we do, is DOB really the best
way to do this?

And what are we going to do when some retired developer asks us to
forget about them?  I don't think legally we need to go retract
published info, but that DOB seems very much the sort of thing that
would be risky to hold on to if somebody explicitly told us they don't
want us to retain it.  We'd probably need justification to do so.

> >
> > As far as I'm aware, under most privacy laws and policies I've seen,
> > name+DOB is just as sensitive as a government ID number.  If
> > collecting the latter makes you recoil in horror, then you should be
> > just as concerned about DOB collection.
>
> I'm not, but views of truestees might differ on that; we have reasons to
> collect it, it is part of recruiting process known to developer, so the
> legal matter wouldn't be on the collecting part but the storage part,
> and here they differ quite a lot in practice (although it shouldn't as
> even SSN is just a Primary Key in theory).

WP has what appears to be a decent article, and it lists DOB as
explictly personally-identifying:
https://en.wikipedia.org/wiki/Personally_identifiable_information

The US law explicitly lists DOB (cited there):
Information which can be used to distinguish or trace an individual's
identity, such as their name, social security number, biometric
records, etc. alone, or when combined with other personal or
identifying information which is linked or linkable to a specific
individual, such as date and place of birth, mother=E2=80=99s maiden name,
etc.

It goes on to cite the EU:
Article 2a: 'personal data' shall mean any information relating to an
identified or identifiable natural person ('data subject'); an
identifiable person is one who can be identified, directly or
indirectly, in particular by reference to an identification number or
to one or more factors specific to his physical, physiological,
mental, economic, cultural or social identity;

You brought up the scenario of tracking somebody down in the real
world.  It seems to me that if we actually collect enough info to be
able to do this, then by definition we fall directly in the crosshairs
of both.

I'd start with the underlying issue: do we need to identify specific
individuals and retain this identity?  What exactly do we need
(starting from zero), and what is the least amount of info we need to
collect to get there?

My understanding is that these are the basic principles of most modern
privacy law, and if we stick to those we'll probably be fairly safe as
these laws change (assuming we sufficiently protect the info we do
need to collect).

The principles cited in that article actually raise other thorny
issues as well, such as name+location if the name is unique enough.  I
couldn't begin to tell you whether half of Oslo are named
Fiskerstrand, or if you're the only one in the phone book.

--=20
Rich