Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Review security and privacy implications of the current data flow with service providers and third-parties #147

Open
ricola opened this issue Aug 10, 2017 · 0 comments

Comments

@ricola
Copy link

commented Aug 10, 2017

馃帺 Description

Based on the analysis of the data flow of the current implementation and hosting of decidim.barcelona (#141), we should check its privacy and security implications, especially related to third-parties and service providers.

The Plan de Privacidad raises the following concerns:

  • Does the current platform comply with the legal requirements to manipulate sensitive personal data like DNI? (搂2.3.2 y 搂2.3.3)
  • Would it be possible to ensure that the data is only stored and processed in Europe? (搂2.3.2, 搂2.3.3 and 搂3.2)
  • Are the relevant privacy and security options enabled on all service providers? (搂2.4.9)
  • Are there any risks associated with the structure of the database? (搂2.3.3)
  • Would it make sense to put in place data dissociation techniques? (搂2.3.3)

In addition to the analysis done in the Plan de Privacidad of the IP serving decidim.barcelona on 2016-12-02, as of today (2017-08-10) the platform seems to be served by a Content Delivery Network (CDN) of 8 IP addresses:

$ host decidim.barcelona
decidim.barcelona has address 54.228.197.50
decidim.barcelona has address 46.137.108.231
decidim.barcelona has address 54.247.97.70
decidim.barcelona has address 176.34.104.161
decidim.barcelona has address 54.247.88.150
decidim.barcelona has address 54.217.215.80
decidim.barcelona has address 54.228.198.113
decidim.barcelona has address 176.34.235.230
decidim.barcelona mail is handled by 0 mail.decidim.barcelona.

Out of which 3 are outside of Europe (in the USA): 54.228.197.50, 54.217.215.80 and 54.228.198.113. This probably means that DNIs, along with user names and email addresses are already processed outside of Europe. Someone more knowledgeable than me about how TLS works on Heroku and Amazon CDNs should verify this claim.

After this issue has been solved, we should reconsider what should be explained to the user.

馃搶 Related issues

@ricola ricola changed the title Review security and privacy implications of the current data flow Review security and privacy implications of the current data flow with service providers and third-parties Aug 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can鈥檛 perform that action at this time.