GPCA Information Access Policy
This policy establishes guidelines for different levels of access to documents of the GPCA. See the Introduction for details.
All Standing Group coordinators should read this policy and consider how it applies to the Groups' work.
This policy was created by the IT Group and approved by the Coordinating Committee on Nov. 19, 2001.
The GPCA Information Technology group has been gathering GPCA information and putting it on the web as part of it's efforts to use the internet as the wonderful organizing tool that it is. It's become clear that as we grow, we'll need a policy for both online and offline use that helps us protect and secure our sensitive information while at the same time making information more accessible to it's intended audiences.
For now, we propose a 3-tiered policy that divides information into three categories: public, internal and private. Our online and offline implementation of this policy will be less than perfect due to a shortage of technical volunteer hours and internet savvy in the Green Party in general, however, it will be a big step in the right direction and can be revisited in 6 months, when these issues will be of more importance.
- The internet is invaluable for organizing efforts. It's in our best interest to use the internet to the fullest possible extent. It's an extremely inexpensive and effective way to connect people quickly and globally, distribute information, do outreach and public relations, etc.
- We can reasonably secure and protect the most sensitive Green Party information on the internet (for example, the credit card numbers of our donors are currently online in a secure area that only our treasurer and his volunteers can access).
- The policy for information online (websites, email lists) should be the same as for offline (printouts, meetings). This suggests that parts of the current informal offline policy should be clarified.
- Security through obscurity is not effective due to our size and should not be used.
- This policy does not address the CC email list or closed CC meetings.
- For the purposes of this proposal, we'll use the term 'information' to refer to any piece of information created or maintained by the Green Party of California, including documents, drafts, minutes, emails and email lists, progress reports or status, strategy, etc. Not all information is necessarily 'published', meaning actively distributed (posted on email lists or websites, printed and handed out, etc). We'll use the term 'active Greens' to refer to the group of people who identify themselves to us as Green Party members, volunteers or organizers. We're not easily able to maintain a complete and accurate list of registered Greens and self-identified active Greens is a reasonable approximation.
- We already know this proposal is not completely perfect, however it's an excellent step forward and a reasonable working solution given our limited resources and volunteer hours. We also know it's impossible for us to move from where we are today directly to an ideal solution, as we don't have the technical infrastructure or internet knowledge among the Greens.
- Any piece of Green Party information will fall into one of three access levels: public, internal or private.
- Public information will be freely available to everyone.
- Internal information will be reasonably restricted to the broad audience of self-identified active Greens.
- Private information will be highly restricted to specific lists of people. This access level will have many small overlapping sub-groups.
- Each piece of information should be assigned an access level by the group that created or maintains it and should be labeled appropriately (see guidelines below).
- Whenever possible, a piece of information should be publicly available. A group can choose a default access level, based on the criteria below, rather than individually considering every single piece of information. For example, if a group produces mostly public or mostly internal information, they would choose that as their default and then choose a different access level for those pieces of information that are the exception to the default. We recommend that each group choose a default access level at the January, 2002 plenary.
- Access to information should be restricted accordingly if making it public:
- is against the law (example: voter registration database)
- causes it to lose significant value as a party asset (example: campaign strategy or party plans which depend on some secrecy or surprise for their success)
- is in draft form, i.e. it has not yet been approved by the responsible group
- violates someone's reasonable expectation of privacy and restricted distribution (example: home addresses, plenary registration database)
- violates the conditions under which the information was obtained (example: Nader campaign volunteer lists)
- This policy will be reviewed and updated in 6 months.
- Public information that merits publication and distribution will be posted on the GPCA website, posted on appropriate email lists, indexed in search engines and distributed far and wide.
- Internal information will be posted in internal sections of the GPCA website that are distinguished by directory and url (example: www.cagreens.org/ccwg/internal). All the internal sections will share the same username and password, which has been and will continue to be distributed to all known active Greens. Access cannot be retracted on a person-to-person basis, however the password for all users can be changed if necessary.
- Private information will be posted in highly secure areas of the GPCA website that use SSL encryption and access will be given to specific lists of people, each of whom will need to use a GPCA username and password to access that information. Access can be retracted on a person-to-person basis at any time. Anyone who wants to participate in these secure areas online must have an email address and access to an internet connection and must be web-savvy enough to use a browser that accepts cookies, web page forms and a website username and password. The expectation is that each individual will not share their GPCA username and password with anyone else, however we can't prevent this.
- The IT group will continue to help any wg/sc post information and maintain their section of the GPCA website. Many wg/sc websites already have both public and internal sections for their use and private areas can be set up as needed.
- The username and password for the internal sections will be disclosed to new active Greens who volunteer for locals or for the state in person or through the website and to anyone who comes to a plenary. Requiring a username and password is a barrier to access that will keep out search engines and surfers, however it doesn't 100% restrict access to only Green Party members or sympathizers, since there's no way for us to verify the "greenness" of an individual or easily determine if they're registered Green. Despite this shortcoming, it's a big improvement over what we have now and it's at least as good as our current offline policy.
- Email aliases can be set up for all GPCA contacts and forms that hide the recipient's email address can be used so that email addresses can be listed and used publicly without exposing personal contact information.
Labeling Guidelines & Expectations
Information should be labeled with the date, author and intended audience to help set distribution expectations and prevent unintended circulation. Drafts, proposals and work in progress should be labeled as such. Internal and private sections of the website should be labeled as such and have distribution guidelines posted. The distribution of the internal username and password should be accompanied by an expectation that the recipients won't redistribute the username and password or any information protected by them.
This policy is public information
K. Markle, J. Stauffer; Nov. 2001