Email discussions section

Email forgery protections

Apologies if I'm inappropriately posting; please delete or move.

First, it is possible, although not necessarily easy, to make email highly resistant to forgery and other security attacks (e.g., replaying the same legitimate message to affect a poll). In general, these techniques are based on digital signatures.

Just as one example, one of the reasons that US medical practices have been reluctant to use email communications is the possibility of fraud. One workaround is to require patients to use the practice's own email client, accessed through their webpage, and with as strong authentication as possible. Invisible from the user is that it create a digital signature of the message.

A step more challenging is to accept mails from user email clients, which carry the appropriate digital signature. Signing plugins are available for most clients, although the free ones aren't necessarily easy to install.

So, it is possible to create a forgery-resistant email.

If it comes to it, there are also computer forensic methods that are less certain, but can strongly suggest the authenticity of email given a set containing multiple emails, possibly using other contemporaneous communications (e.g., Forum posts).

Dave MacQuigg and Sandy Harris are very knowledgable in these areas as well. Howard C. Berkowitz 15:01, 31 October 2010 (UTC)

Yes, you are allowed to post here.

For all practical purposes, this would only attempt to resolve the effects of "email forgery." It does not address the other issues of "private vs public discussions" and "informed consent". Even if we were to effectively eliminate the issue of potential forgery, we still would have issues related to reading private discussions. However, if everyone accepts that when using cz-resources their discussions are considered public, we can overcome those thresholds. Otherwise, every conversation that you have with anyone can be construed to being public and subject to professionalism guidelines. Then, you say, that we don't have to be as strict because it is not really public and to that I say we get to a point where there are diminishing returns for the constabulary to be wasting time reading and risking their real lives reading personal emails when they aren't going to do anything other than a slap on the wrist. The occasional stalker needs to be reported to the police, because we have no way of protecting anyone. D. Matt Innis 16:01, 31 October 2010 (UTC)

I wasn't trying to deal with the other problems in this post, but only to set aside the issue of dismissing emails because they were easy to forge. A cryptographically authenticated email is not.

In other words, I was supporting the idea of CZ-resources being a viable and secure approach, especially if digital signing was added.

What is your opinion about the ideas that Councils, the Constabulary, etc., must be required to use CZ-based email for communications that go to the entire group(s)? I can't really reconcile an act involving a restricted-access group, available only to the group members (elected or appointed) with any concept of personal privacy. It's much like a corporate or military network where there is substantial authority of the resource owner. At least in U.S. case law, the trend is that there cannot be an expectation of privacy from the resource owner. It gets very complex in situations where there are other expectations of privacy, such as when a hospital owns the resource but it's handling HIPAA-protected information. Military networks can be extremely private in one respect, such as TOP SECRET/SPECIAL ACCESS REQUIRED/POLO STEP over JWICS, but personal privacy isn't a major concern -- security officials routinely monitor, or, in the most sensitive cases, audit when properly requested.

The two cases, about which I am most concerned, dealt with the communications of one elected body member to all the other members. Had those been CZ mailing lists and hosted on CZ servers, the concerns I have raised would be quite within Constabulary oversight. Going forward, I really think our (MC?) policy should require email to be CZ-hosted. It would be nice, Matt, if we could agree on this principle and submit it to the MC.Howard C. Berkowitz 16:48, 31 October 2010 (UTC)

My obligaton is to perform the duties that the elected officials place into policy. Currently, the charter gives the councils authority to make their own rules. Even the MC can't make a rule contrary to the charter. I'd have to look at that first. RIght now, I'm just trying to document what I am planning to do to protect Citizendium, its resources and its citizens under the laws already on the books. D. Matt Innis 17:27, 31 October 2010 (UTC)

Would you prefer, then, that I simply prepare a proposal for the MC? I'd certainly welcome your input but if you think that's inappropriate, fine. Howard C. Berkowitz 17:43, 31 October 2010 (UTC)

How about making a proposal and I'll add my input then. I'm still working on getting the constabulary up to speed. D. Matt Innis 23:07, 31 October 2010 (UTC)

Sanctioning on the fora section

This is for Sanctioning of the fora section

As I've suggested before, I think that there's need to supplement Constabulary Blocking Procedures with more specific examples. Incomplete list:

• Discuss policy, not people. It is unacceptable to announce what someone believes if you cannot know.
• If you want to claim something is legal or illegal, at least identify the pertinent legal authority.
• Characterizations of mental illness, manipulative strategies, or incompetence unless documented are never appropriate.

Howard C. Berkowitz 17:47, 31 October 2010 (UTC)

I think we can do the mental illness one with the rules that we have now. Bring the others up to the MC. D. Matt Innis 23:19, 31 October 2010 (UTC)

Defamation, defined as claiming a Citizen is incompetent even in an aspect of field in which he demonstrably makes a living, would seem pretty clear under Blocking Procedures Section 1.3, Point 3. Howard C. Berkowitz 23:30, 31 October 2010 (UTC)

I agree. Avoid making such claims. D. Matt Innis 02:17, 5 March 2011 (UTC)

Ombudsman decision?

I'm rather confused by your citing an Ombudsman decision as authority. What Charter article authorizes the Ombudsman to make binding decisions outside the context of a requested mediation?

Interim decision authority is specifically given to the Managing Editor, but I do not know of any Article that gives such authority to the Ombudsman. Howard C. Berkowitz 02:10, 5 March 2011 (UTC)

The charter doesn't say that the Ombudsman can't make interim decisions. Right now it's the only one that I have. Is there something that you don't agree with? I'll let you hash that out with whoever you think is supposed to handle that.

I suspect that the Managing Editor can intercede if he chooses, but until we hear from either council or the Managing Editor, the Ombudsman's interpretation of the charter is better than mine alone. The fact that I agree with the interpretation makes it even more tenable. It is on that authority that I will act, regardless of whether we call it an interim decision or Gareth's effort to fix the problem. The constabulary looks forward to creating an environment where everyone can enjoy mutual respect and growth. D. Matt Innis 02:40, 5 March 2011 (UTC)

The starting point of that with which I do not agree is that any member of governance unilaterally can give an interpretation of the Charter. It would be difficult enough for a Council to do so within its areas of competence -- and I would note that no areas of competence, except mediation, are defined as roles for the Ombudsman.

Both your actions encroach on the authority of the EC, which is actively considering motions about the roles and responsibilities of Editors. It is my belief that both of you, consistent with your view of Citizendium, want to reduce greatly the fundamental role of Editors. There's little I can say, I suspect, that will limit your actions; you've unilaterally decided what you want to do. Daniel, at least, offered discussion before issuing policy decisions.

As far as I can tell, your belief is that not hurting feelings is more important than having accurate content. I, and other Editors, had no support from the Constabulary when we tried to give gentle guidance and an Author argued. Then, when rulings were made, you and Gareth have said they rarely should be made -- but Editors report to the EC, not either of you. Howard C. Berkowitz 03:00, 5 March 2011 (UTC)

I'm not trying to hurt your feelings, Howard. But, I do see this as a behavior decision; one that you've been asking for.

Like you, I am looking for the creation of accurate content through collaboration rather than winning a point via bully intimidation. If you don't intend to bully, then you have nothing to worry about.

The whole editor qualifications issue is another thing altogether.

D. Matt Innis 03:35, 5 March 2011 (UTC)

I repeat, and I suggest that I am not the only Citizen, that I do not feel supported when guiding. There is no Constabulary support when an Author is unreasonably defensive about the slightest questioning of accuracy, sourcing, etc. The rulings come only after there is a sense of being ignored by an Author, who constantly complains about the terrible things Editors do.

I do not bully, but I am being unfairly accused of it. In fact, I will claim attempted intimidation on the part of an author, which you and Gareth appear to abet. Howard C. Berkowitz 03:58, 5 March 2011 (UTC)

Again, Howard, everyone will be okay as long as they follow the guidelines. The next step is to figure out the editorial qualification requirements which I am sure will be a lot more important and won't have anything to do with the constabulary. D. Matt Innis 04:45, 5 March 2011 (UTC)

{unindent}Neither Gareth or Matt favor any particular author. What they do favor is following established Citizendium guidelines and fairness to all. In particular I have been very impressed with Gareth's positive, thoughtful approach as Ombudsman. As to Matt, he is the model of what every Constable (Admin) should be. I admire them both. In fact, Howard I greatly respect your contributions to Citizendium where we differ is some of the editorial decisions you have made. Mary Ash 04:58, 5 March 2011 (UTC)

Rules that cannot be interpreted are not rules that can be enforced. In explaining how officers interpret the rules we are merely being transparent, and providing an opportunity for the MC and EC to clarify their rules if our interpretation is not as they intend. Unless they give alternative guidance, we will follow the interpretation as given.Gareth Leng 12:34, 5 March 2011 (UTC)