Data Safety/Data Safety Consultation Meeting Notes/2011-09-28
From MozillaWiki
Data Safety Consultation Meeting Details
- Tuesday, 28 September 2011,
- Location: <place>
Project(s) for Review: Metrics Data Ping
Contents
Agenda
- Review prior Metrics Data Ping to-do items. Determine Action Items.
Action Items
Start-Dt | Owner | Action Item | Due-Dt | Status | Comment |
28-Sep | Metrics Team | Produce a more legible version of this information (see #3 below), for side-by-side comparison in a spreadsheet. | |||
28-Sep | Metrics Team | Add a documentation link to the top of the JSON blob. That link should yield a human-readable page, including retention period. | |||
28-Sep | DS Team | Look at sample data/JSON and map to 11 requested items. | |||
28-Sep | Metrics Team | Document access and logging policy and security, with Coates. | |||
28-Sep | DS & Metrics Teams | Plan a future policy. | |||
28-Sep | Metrics Team | Add enhancement: about:metrics to show ping data, and retention period | |||
28-Sep | Sid Stamm | Requirement: Sign off on the UX implementation in a bug. |
Discussion Details
Data Safety Review - Metrics Data Ping
We believe that, contingent on the recommendations below, the proposed Opt-Out Metrics Data Ping feature fits Mozilla Values and Privacy Principles. Active development of this feature should proceed, with regular checkins with the Data Safety Team (fka User Data Committee (UDC)).
Prior Metrics To-dos:
- Provide a layman's rationale for opt-out vs. opt-in.
- This should specify a user benefit rather than a Mozilla benefit
[ See https://wiki.mozilla.org/MetricsDataPing#Opt-in_vs._Opt-out. Please note this contains community/contributor debate following the Metrics proposal.]
- This should specify a user benefit rather than a Mozilla benefit
- Immediately determine and document identifier strategy (e.g., installation UUID).
- We chose to go with installation UUID, no sync, changes when opt-out/opt-in.
[See https://wiki.mozilla.org/MetricsDataPing#Submission_ID]
- We chose to go with installation UUID, no sync, changes when opt-out/opt-in.
- Catalog all data elements across all Telemetry/Metrics pings. Determine data paths, retention policies, and data destruction strategies for all of these. Highlight overlaps in data collection.
- Ping description is at: <https://metrics.etherpad.mozilla.org/8>.
- Action: Metrics to produce a more legible version of this information, for side-by-side comparison in a spreadsheet.
[See https://docs.google.com/spreadsheet/ccc?key=0AtdL1GrYQUbldFBBUUNkbTBKNjZTd3dTeTZ0QUhaNXc ] - Aside from DE: Want Metrics/Telemetry to be the canonical place for data collection. Other pings should eventually be deprecated.
[This is mentioned in http://people.mozilla.org/~sguha/mozilla/mdp/BrownBag-metrics-data-ping.pdf] - Action: Metrics to add a documentation link to the top of the JSON blob. That link should yield a human-readable page, including retention period.
[The about:metrics has a description of the elements of the JSON blob. See #5.] - Action:
UDCData Safety to look at sample data/JSON and map to 11 requested items.
- Determine a policy and potentially access-control mechanisms for use of the collected data: who gets access to what?
- Action: Metrics to document access and logging policy and security, with Coates.
[Review for Bagheera, the back end server that receives and stores user data: https://bugzilla.mozilla.org/show_bug.cgi?id=655746] - Action:
UDCData Safety & Metrics to plan a future policy. - Short term, metrics team promise not to be evil.
[Metrics has a mission statement for privacy and data usage at https://wiki.mozilla.org/Friends/Metrics] - Note: retention period is up to 6 months.
- Action: Metrics to document access and logging policy and security, with Coates.
- Begin to determine a plan for giving users access to the data that we collect.
- Enhancement: about:metrics to show ping data, and retention period.
[ See https://bugzilla.mozilla.org/show_bug.cgi?id=719484]
- Enhancement: about:metrics to show ping data, and retention period.
- Explore and document use cases for the collected data beyond the immediate ones described.
- Users perhaps to be able to compare themselves to the group
- Privacy has questions regarding some of the fields to finish the privacy review, plus the opt-out experience. Privacy will follow up with specific questions that the Metrics team should address.
- A Security review of the architecture should be performed and kept up-to-date. Infrasec will follow up with specifics that the Metrics team should address.
[Some discussion: https://wiki.mozilla.org/Security/Reviews/MetricsDataPing. Client code security review in progress: https://bugzilla.mozilla.org/show_bug.cgi?id=718067. For back end security review, see the Bagheera review: https://bugzilla.mozilla.org/show_bug.cgi?id=655746 .] - Propose UX implementation
- Requirement:
UDCData Safety (Sid) to sign off on the UX implementation in a bug.
[See https://bugzilla.mozilla.org/show_bug.cgi?id=707970]
- Requirement:
Follow-up Discussions
Attendees
Sid Stamm, Ben Adida, Tom Lowenthal, Alex Fowler, Gilbert FitzGerald (Metrics Data Ping)
Declined