Election Data

seth vidal skvidal at fedoraproject.org
Sun Jul 27 00:25:47 UTC 2008


On Sat, 2008-07-26 at 20:05 -0400, Josh Boyer wrote:
> On Sat, 2008-07-26 at 12:11 -0600, Stephen John Smoogen wrote:
> > On Sat, Jul 26, 2008 at 11:55 AM, Josh Boyer <jwboyer at gmail.com> wrote:
> > > On Fri, 2008-07-25 at 21:08 -0400, seth vidal wrote:
> > >> On Fri, 2008-07-25 at 17:05 -0400, David Woodhouse wrote:
> > >> > I'd be very disappointed if we refused to release _anonymised_ vote data
> > >> > purely on the basis that we think there might be some nutter out there
> > >> > who wouldn't come out from under his table for a few days if we did so.
> > >>
> > >> I'd be disappointed if we were yet another data point of groups who do
> > >> not handle their users information w/care.
> > >>
> > >> It's such a cliche.
> > >
> > > Can you explain how it wouldn't be handled with care if it was
> > > anonymized?
> > >
> > 
> > The issue is that the board is the steward of the data. How long does
> > the data get kept (what is Fedora's data retention policy?) and who is
> > allowed access to it is something the board should consider. Not just
> > for useful research, but fishing expeditions by some British Ministry
> > to see if David Woodhouse was voting or going to the Dr on such a date
> > and can be held for an additional 40 days because he forgot to mention
> > that when questioned.  [Now David may think thats an ok situation, but
> > I would lose some sleep over it.. and I am just being selfish here.]
> 
> Explain to me releasing ANONYMOUS voting data would implicate anyone.
> 
> > People may also have some 'legal' expectation of privacy unless told
> > otherwise by banners and signed agreements (updated CLA's). This would
> > also affect whether the board could give the data out (or have to do
> > some such thing that any member who comes from Netherlands can't have
> > their data aggregated with sets given out unless they were told it was
> > going to be done).
> 
> Again, how is privacy lost if the data is anonymous.
> 

Sufficient anonymization would mean the data would end up being:

AAA:BBBBBBBB:CCC

Seriously, there's no good way to anonymize it enough w/o making it
useless.

More to the point, no one would believe it was sufficiently anonymized.

-sv






More information about the advisory-board mailing list