The MNHQ Moderation Team: Thread 2

[BarrackerBarmer]

Follow on thread regarding the data breach situation:
___

Dear MNHQ

I'm very grateful for the commitment to free speech you've publicly taken, and for Justine's courage this week.

A former disgruntled employee of MN is writing on Twitter about the 'transphobia' of MN staff, and calling you TERFs. She is showing a great deal of bias and intolerance towards women with feminist views, this may well be her honest opinion, which is no big deal I suppose, since she is no longer an employee.

At least, it isn't an issue until she calls a shout out to her
'friends who still work at MN' to report and take down posts by 'transphobic scum', by which she appears to be referring to any poster objecting to being called TERF by her friend.

Regardless of the personal views of the MNHQ staff, who should be as free to hold their own views as I am mine, I am disturbed that there may be a small contingent of employees who are invested in unfair moderation and will not be applying fair-handed principles, at least if the claims of this ex-employee are credible.

Can you please give posters some reassurance that the difficult job of fair-handed moderation isn't being abused by the 'friends' of ex-employees who are 'reporting it all' and taking down posts because any gender criticism means the poster is 'transphobic scum'?

Thank you.

Ha ha, am I the only one who just got a pop-up advertising for a PR executive job at MN? Has Justine resigned?

Fb are responsible for any info you volunteer unprompted. Even if its publicly available. The issue is, in part, due to its relation to what you have hidden from public view.

OTW = One to watch

A thread that has been alerted to admins as having potential to need moderating attention.

is my guess

@KeneftYakimoski

I would actually highlight all of those simply because any post a poster has made mentioning an item from that list is implicitly kept unless the poster has the post or thread withdrawn.

Of course that doesn't preclude retaining deleted messages for a period of time (which may be entirely legit).

The problem here is that when dealing with Sys Admin functions there comes a point that in order to allow people to do their job, you have to give a level of access that fundamentally then relies on their personal integrity and their understanding of the consequences of breaching confidentiality.

Typically - as seems to be the case here, job contracts especially cover the issue of data theft.

Equally you can discriminate against someone for having strong views on an issue.

I understand the points some people are making about phones at desks etc. but as upsetting as this might be, MNHQ is not GCHQ and that level of security just isn't warranted.

My questions to MNHQ are around the following:

• I don't think it's appropriate for interns to have access to sys admin functions. I'd like to see this addressed.

• are staff briefed on information security issues? This should be at induction, departure and at regular intervals during employment.

My general sense is that Emma had a "plan" but was uneducated about the ramifications of her actions.

That's why staff briefings are important.

I'm not leaving MN over this. I wouldn't give the likes of Emma the satisfaction.

She's demonstrated the underhand tactics activists are willing to use and done a disservice to the cause she purports to support.

FYI, today I've just de-registered and re-registered with a new email and new username. The registration process does ask for name and postcode but I didn't give either and it allowed me to register and validate the new account (via the new email).

So presumably you can join MN without givng actual real life data.

No use for the info MN already has though obviously or that EH may have stolen

But I wholeheartedly agree with @Bumblefuddle and I hope that MN will be taking steps to ensure we are better protected in future. Live and learn.

I'm naive and glad that Justine is publicly showing such strength and support for us, but also I hope that in MNHQ they will be strengthening their security measures hundred fold.

If I owned Mumsnet ......

• I would listen to Bumblefuddle and all of the other posters repeatedly telling me that I need to take a data breach seriously.

• I would STOP posting about feelz (“I believe this .... I don’t believe that ...”) and deal only in cold, hard facts.

• I would be googling IT Security Consultancy so quickly, smoke would be coming off my keyboard

• I would then pay top dollar for the kind of advice that doesn’t come cheap but is priceless to any company that wants to be on the right side of the law and any ethical scrutiny

• I would have a stiff drink tonight

Ha ha, am I the only one who just got a pop-up advertising for a PR executive job at MN? Has Justine resigned?

Guess we can look forward to @mimmymum from Mermaids next.

I'm sure mn keeps record of your previous email etc - so what is the point in de registering and re registering?

@RefuseToDenounceBiology no point, can't claw back and protect what might have been stolen. But going forward and staying on this site, I feel I've taken steps to anonymise myself (until I next exchange PMs with kindly souls or enter competitions with my address...)

I agree this would be best practice if we were holding what's classed as Personally Sensitive Information (such as financial info or medical records). But that's not the type of info we are collecting on registration etc.

It isn't simply a matter of ticking a list of what is sensitive in terms of individual items. It is the context which often creates the sensitivity.

Lets assume a user joins up and all you can immediately see is the identifiable email and ip address. This maps directly to that poster going on to discuss a medical condition or an abusive home situation, religion/politics/etc.

That combination is extremely sensitive. That combination is what Emma posted.

Even basic identifying data can become sensitive in combination with other details - eg IP address mapping onto a refuge.

Well, the important thing right now is that Justine has reported this to the ICO & the police.

If Emma is involved in LGBTQ Labour, with the professed love that some of them have for "pretty data" that's even more concerning.

I would actually highlight all of those simply because any post a poster has made mentioning an item from that list is implicitly kept

I agree. It's just that as it happens I've not seen much on union activities apart from the UCU thread in Higher Education. I wasn't commenting on sensitivity, just the topics that you would have to be blind not to see every day in AIBU.

I suspect someone has told MN that when people post things to a forum, from a data protection perspective something something something, probably something along the lines of "their copyright, so they are the data controller for their own data", or something equally crazy.

Even if that argument were plausible, and it really isn't, the forum operator is still, definitely and absolutely, a data processor.

Never mind GDPR, let's just look back at the regime of the past ~20 years since DPA 1998: MN is processing sensitive personal data and has available on its own systems sufficient information to de-anonymise it. If they've been doing that since inception while labouring under the misapprehension that they weren't, ie that it was only personal data (and to be honest, that's even weirder: how can you think MN is personal, but not sensitive personal? The argument above about "well, they posted it" would require you argue it wasn't even personal).

MN are in the clear if they can show that data they hold is, while sensitive personal, not identifiable provided the user takes simple measures about "not posting their name". Most postings which aren't trolling are identifiable to the parties involved if they happen to read them, but forums like this function on the assumption that if you google for my real name, my postings here don't come up, and that's "enough". But if you have interns able to link the pieces together, and get email addresses linked to screennames - and most people's email addresses are, unless they are experienced privacy ninjas, google-able and often contain their real name - and post codes (seven character? that's ten houses) then the DPA regime has to cover that. And it sounds scarily like MN don't even see it as an issue, never mind an issue with a solution.

Well, the important thing right now is that Justine has reported this to the ICO & the police.

As a breach of personal data, or of sensitive personal data?

Good question, and you're right - I don't know.

Absolutely @WomanLifeIsGoodish this has to be dealt with factually and it needs to be penalised. And this needs to be known by any future employers. Regardless of her motivation and regardless of what she feels. We didn't care about 'Jeffrey's' age or inexperience or feelz during the last hack.
I'm a DV survivor. Data laws need to be upheld.

I believe Bumble is spot on.

I agree this would be best practice if we were holding what's classed as Personally Sensitive Information (such as financial info or medical records). But that's not the type of info we are collecting on registration etc.

DH's response to this.

"Wow, they need better legal advice. Its not just on registration that its important. Its all information they hold. If they have been told that, then they have been informed incorrectly. Do they need a recommendation?"

You have an issue here Justine.

“It just isn't credible that she had a user info button above every post from someone she considered 'transphobic scum' (most of us, according to her) and that she exerted willpower in not taking a look at the very least.”

Depends if it was access-enabled. Some applications have the full range of possible access displayed, but permissions are needed to use them.

Emma: people of my generation sweated blood in the 60s and 70s to win rights for women - equal pay, equal opportunities, maternity leave, the right to buy property and take loans without male guarantors and so on. Just as my grandmother sweated blood to win the vote and the right for women to graduate from university etc.

And this is how you repay the generations who are responsible for your ability to live, work and campaign freely - tying up with individuals who would trample our rights (even the right to call ourselves women) into the dust.

You should be ashamed of yourself.

Get rid of your "friends". If you lie down with dogs you get fleas.

whoputthecatout No words just You're a