Monday, January 24, 2011

US Pirate Party's Data Protection Failure

One of the core tenants of the Pirate Party movement, is personal privacy. In fact, to quote Rick Falkvinge, “Five years ago, when I founded the Swedish and first Pirate Party, we set three pillars for our policy: shared culture, free knowledge, and fundamental privacy.”.But what do you do when a Pirate Party doesn't follow those three core principles? That's the question that now occupies the US Pirate Party.


I've been involved with the Pirate Party for many years. I first took part in late 2006, and was running the US party by mid 2007. The core philosophies of the party as I saw them were
  • An increase in personal privacy
  • Increased government transparency and accountability
  • Reform of copyright, Patent, and Trademark (C/P/T) laws for the modern times
In order to push for those sorts of reforms, the party must of course abide by them as well, and it's here that the USPP in recent times has failed.

It's on the subject of privacy that this particular post covers, specifically the privacy of members and volunteers. Details, including names, email addresses, and worst of all – phone numbers, have been sent to people who are not officers, including myself.

Now it's no secret that I left the party as of December 1st – it was widely publicised. I was also asked, on November 30th by the party chairperson, Brittany Phelps, to be sure and have my email cleared out 'by the end of the week'. As she was told, I had not only already done so, but a copy of it had been sent to the records officer for archiving on December 1st.

Session Start: Tue Nov 30 12:47:31 2010
Session Ident: BrittanyPhelps (registered)
[12:47.31] <BrittanyPhelps> I need you to clear out your email by the end of this week.
[13:21.00] <K`Tetch> its already mostly done and a copy sent to brad tomomrow
[13:21.58] <K`Tetch> I deal with things as and when they come up, to keep things done in a timely manner

The matter of email addresses is properly the venue of the promotions officer (specifically the web-team), but at this point there is no promotions officer. Under the party Constitution, the responsibility therefore devolves onto the Vice-Chair, also known as the Operations officer. There is one of those, and his name is Jay Emerson.

On December 1st, as promised, the email archive was sent, and the account could have been closed at any time. Here's the problem though. It wasn't closed. In fact it didn't stp working until the middle of January. That's sheer sloppiness, or would be if that was all. The problem is, despite not being an officer of the party any more, I, and I presume other people as well, were getting emails that we were not entitled to get, specifically ,emails including personal details. Now, I'm not a vindictive person, I also strongly believe in my integrity. The personal details I have been sent, I will do anything maliciously with. However, if I, as a regular person, am getting this information, who else is? THAT is a problem.

People are sending their personal details in, to a political party that has personal privacy as one of it's main pillars, and the personal data is leaking like a sieve. That, is wholly unacceptable.

So, in order to set my conscience to rest, and because I really do believe in the issue of personal privacy (as do most of you, from your submissions), AND also in political transparency, I've emailed the 36 people whose personal details I've been sent, inadvertently, to let them know that I, through an error of the USPP's administration (specifically, the acting Promotions officer, Jay Emerson, who may well have been very poorly advised on the matter of Data Protection by the party's acting legal officer – Jay Emerson) their personal details may be loose.

The officer in question was reprimanded a month ago for his actions and activities (a vote of no confidence was passed against him) and he is also a huge fan of wikileaks (to the point that he is hosting a mirror on a site supposedly for party business). So, in that tradition, the following people have had their data leaked (I'm obscured the data, for privacy reasons, giving only their state, initials, and last 3 digits of their telephone number where provided)







State
Initials
Last 3 digits
of Tel#
California
RS
919
RT
059
JD
800
JL
-
TB
059
WS
-
Colorado
JD
267
JH
900
Florida
MD
349
AB
883
Georgia
LL
255
SH
142
HJ
784
Idaho
JT
011
Illinois
SS
940
JD
453
Indiana
TW
677
Kansas
MC
145
KN
334
Louisiana
EM
099
Maryland
RB
417
Maine
HS
592
JF
384
Michigan
SB
-
Montana
AO
799
New York
RN
194
Ohio
JD
153
NW
828
Pennsylvania
JP
071
WP
820
RV
718
Tennessee
JA
387
Texas
SL
129
SG
560
Washington (state)
MJ
190
Wisconsin
RM
291


What's so disappointing through, is that these volunteers cover 20 states, yet  little is being done, and this is a typical number of submissions for the 6½ weeks in question. It's almost as if, in addition to the information going to people it shouldn't, it's also NOT going to the people it should. If that's the case, there are some REAL problem.

1 comment:

  1. Where people are so focused on themselves and how they themselves look, little ever gets done, because they tend to believe that (as the people in charge) they have to maintain an air of authority instead of one of service.

    Competence would mean treating it as a means of serving the public instead of as a means of having the public serve them.

    ReplyDelete