[IAEP] Sugar network / School Network

[Dave Crossland]

Hi Sam

On 17 May 2016 at 13:55, Samuel Greenfeld <samuel at greenfeld.org> wrote:

> I think there may be a difference between research studies and privacy law
> related to collecting general user statistics.
>

I assert there is :)


> This might be untested though, and for Sugar, both studies on how children
> use it as well generic statistics straight from the application(s) may be
> useful.
>

I'm sure they are.


> I'm not interested in age/grade, or their specific IP addresses :)
>>
>> What information do you think is safe to collect?
>>
>
> At this point in time, I'm not going to speculate.  It's too easy to take
> multiple identifiers (such as Name and Zip/Postal Code) and uniquely
> identify someone the vast majority of the time.
>

Sure, I wouldn't want to collect either of those.


> IP Addresses, Serial numbers, GUIDS/UUIDs, etc. all could be considered
> uniquely or near-uniquely identifying of a person depending on the country.
>

Yep, if those can not be avoided in transmission (eg IPs) then they should
not be retained.


> Leah at OLPC might be able to tell you some things.  But at the same time
> she likely would have to point out she isn't your lawyer and cannot provide
> you or Sugar Labs legal advice.
>

I couldn't find her contact details from a quick search; please ping me how
can I contact her offline :)


> If you want to know the gritty details of how this all works, you really
> need to speak to a compliance specialist (which the Conservancy might be
> able to point Sugar Labs to), and not ask for legal advice in a public
> forum :)
>

I am not worried nor very interested in the details; since so many of you
appear to be worried, I think it is worth following your advice to speak
with a lawyer.


> I want to understand which activities are used, in which languages, and in
>> which countries. None of the above is needed for that.
>>
>
> As long as you don't care about which machine(s) calls in how often and
> carefully toss away (& don't log) anything which could identify a user, I
> believe this is feasible.
>

Great!


> What the criteria would be in order to get an application that calls home
> in various distros would gave to be determined, although many distros have
> things like Firefox which do this already.
>

Exactly :)


> There would be some bias the results based on how well any particular
> user/country has Internet access.
>

I think that's easy to design around: the usage data can be logged locally
and then exported from an XO in an offline deployment to a USB drive/SD
card and make its way over the sneakernet to Sugar Labs.


> How this gets disclosed to users would have to be determined.
>

Since you have a clear idea about this, please draft something :)


> Sugar already asks for user's grade and gender on first boot even if no
> statistics engine is in place, so there may have to be some sort of privacy
> policy or other explanation of what's going on
>

Where can I read more about that from the time it was introduced?

-- 
Cheers
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/iaep/attachments/20160517/7116cade/attachment.html>