Request a clarification on usage of non-church owned websites

Some discussions just don't fit into a well defined box. Use this forum to discuss general topics and issues revolving around the Church and the technology offerings we use and share.
Post Reply
User avatar
mkmurray
Senior Member
Posts: 3266
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

#51

Post by mkmurray »

lajackson wrote:Bishops and stake presidents have this already, as do mission presidents. I agree, though, that it would be helpful if others had this, as well.
Well, the other part of boomerbubba's point was that it could also be secure and encrypted in some way, that is if the email is delivered across the net in any way. Otherwise, if the "email" service (even if it's more of a PM service) were hosted completely in-house, then the username and password would be all that's needed (from a communication standpoint).
rmrichesjr
Community Moderators
Posts: 3829
Joined: Thu Jan 25, 2007 11:32 am
Location: Dundee, Oregon, USA

#52

Post by rmrichesjr »

mkmurray wrote:Well, the other part of boomerbubba's point was that it could also be secure and encrypted in some way, that is if the email is delivered across the net in any way. Otherwise, if the "email" service (even if it's more of a PM service) were hosted completely in-house, then the username and password would be all that's needed (from a communication standpoint).
It appears there might be a bit of confusion over whether we're talking about conventional email vs. web-based access to something that looks like web-based email. Conventional email is delivered via SMTP and is usually rather unsecure. Web-based message communication, where the message stays on one central server (or server farm), can be made quite secure. It sounds to me that boomerbubba is referring to the latter.
RossEvans
Senior Member
Posts: 1345
Joined: Wed Jun 11, 2008 9:52 pm
Location: Austin TX
Contact:

#53

Post by RossEvans »

rmrichesjr wrote:It appears there might be a bit of confusion over whether we're talking about conventional email vs. web-based access to something that looks like web-based email. Conventional email is delivered via SMTP and is usually rather unsecure. Web-based message communication, where the message stays on one central server (or server farm), can be made quite secure. It sounds to me that boomerbubba is referring to the latter.

I think we are on the same page, but maybe not. I am not suggesting a total SMTP/POP configuration, but a central email server with a web intereface that would look rather like Yahoo or GMail to the user.. (My own ISP provides both interfaces for the same underlying server, which is also possible.) But I do think the system hosted by CHQ would still be email, not just a specialized messaging system. That way, leaders could still exchange non-confidential email with rank-and-file members using their lds.org address.

But for confidential email to/from other leaders within the system, the only email server involved would belong to the Church.

So it would function rather like the email server at my employer. So long as I am exchanging email with other employees, no third-party servers are involved. Only email I send or receive to outside communicants would sit on a third-party server.

An https web server could supply all the encryption needed because SSL is end-to-end with the client browsers. Users would need no special software beyond their browsers, which have built-in support for SSL. That is good enough for online banking.

For routine private ward communications, I think that level of security would suffice. It would be far beyond what ward leaders have today.
User avatar
Mikerowaved
Community Moderators
Posts: 4734
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

#54

Post by Mikerowaved »

boomerbubba wrote:An https web server could supply all the encryption needed because SSL is end-to-end with the client browsers. Users would need no special software beyond their browsers, which have built-in support for SSL. That is good enough for online banking.

For routine private ward communications, I think that level of security would suffice. It would be far beyond what ward leaders have today.
I have to point out though, that with any security measures proposed, the real questions are, what is it we are trying to protect, who are we trying to protect it from, and are we really accomplishing that?

For example, a Bishop sends an email to the RS Pres regarding some special needs for Sis Jones in the Ward. She is reading the email when the Home Teachers knock on her door, and because (being a good Mom) she has placed the family computer in a predominant place in her home, the Home Teachers get a free look at the message as she rounds up the rest of the family. Oops.

In the above situation, it would not have mattered in the least if the message was delivered by the securest means possible. Once the final destination is reached and the message unencrypted, all bets are off. Here's my point. Even if the email WAS intercepted along the way and read by a 3rd party, they would have no clue WHO Sis Jones was (nor would they care).

How often are we emailing people's personally identifiable information? Things like date of birth, mother's maiden name, membership number, etc. I would say it's extremely rare in the day to day dealings between Ward leaders. So if the information has no value whatsoever to anyone outside the Ward, then what's the point of securing it from them? Of course, leaders must be cautioned about accidentally revealing sensitive information entrusted to them (like in the above example), but that's not what this discussion is about.
So we can better help you, please edit your Profile to include your general location.
tortdog
Member
Posts: 165
Joined: Mon Jul 28, 2008 8:00 am
Location: Austin, Texas

#55

Post by tortdog »

lajackson wrote:It is one thing to use software, and quite another to use a website, I would think. I am not sure this answer will fly at our next stake presidency meeting, at least for our stake.
I'm thinking that you are drawing a distinction where most non-technical people would not. I'm not sure how technical savvy Br. Pack is, but since ymyw.org is not a software package but a Internet site I don't think that he was making such a distinction. He was familiar with ymyw.org and did not suggest that the Intenet site would be off limits.

Yes, I understand that you can take the programs on ymyw.org and save them to a local server and run them there without the Internet, but I think that's taking it WAY beyond what Br. Pack meant.
tortdog
Member
Posts: 165
Joined: Mon Jul 28, 2008 8:00 am
Location: Austin, Texas

#56

Post by tortdog »

Mikerowaved wrote:Once the final destination is reached and the message unencrypted, all bets are off. Here's my point. Even if the email WAS intercepted along the way and read by a 3rd party, they would have no clue WHO Sis Jones was (nor would they care).

How often are we emailing people's personally identifiable information? Things like date of birth, mother's maiden name, membership number, etc. I would say it's extremely rare in the day to day dealings between Ward leaders. So if the information has no value whatsoever to anyone outside the Ward, then what's the point of securing it from them? Of course, leaders must be cautioned about accidentally revealing sensitive information entrusted to them (like in the above example), but that's not what this discussion is about.
Exactly. No matter how secure the Church were to make it, it is only as secure as the end user. And you KNOW that local leaders would be redirecting LDS e-mail to a personal e-mail account (though the Church could make that difficult). But with the Church failing to quickly move forward on other technical issues, I really don't see this being a priority, e.g., how hard would it be to implement ymyw.org but it hasn't.

Is what it is.

I think the key is to keep communication innately useless except for the intended users, e.g., by leaving out the identifiable information, using initials, etc. Notes on paper may be seen if the notebook is left out in the foyer, by chance. But if the notes are taken in a more secure manner (initials, etc.) at least it presents an impediment to potential harm from leaking out.
RossEvans
Senior Member
Posts: 1345
Joined: Wed Jun 11, 2008 9:52 pm
Location: Austin TX
Contact:

#57

Post by RossEvans »

Mikerowaved wrote:I have to point out though, that with any security measures proposed, the real questions are, what is it we are trying to protect, who are we trying to protect it from, and are we really accomplishing that?

For example, a Bishop sends an email to the RS Pres regarding some special needs for Sis Jones in the Ward. She is reading the email when the Home Teachers knock on her door, and because (being a good Mom) she has placed the family computer in a predominant place in her home, the Home Teachers get a free look at the message as she rounds up the rest of the family. Oops.

In the above situation, it would not have mattered in the least if the message was delivered by the securest means possible. Once the final destination is reached and the message unencrypted, all bets are off. Here's my point. Even if the email WAS intercepted along the way and read by a 3rd party, they would have no clue WHO Sis Jones was (nor would they care).

How often are we emailing people's personally identifiable information? Things like date of birth, mother's maiden name, membership number, etc. I would say it's extremely rare in the day to day dealings between Ward leaders. So if the information has no value whatsoever to anyone outside the Ward, then what's the point of securing it from them? Of course, leaders must be cautioned about accidentally revealing sensitive information entrusted to them (like in the above example), but that's not what this discussion is about.

The whole discussion arose in the context of the third-party servers. Some questioned whether policy precludes using email since email is commonly hosted on third-party servers. My suggestion is intended to avoid that risk.

The hypothetical example of the RS president who fails to secure confidential information emailed to her could equally be posed for failure to protect printouts or files handed off by sneakernet, or even overheard conversations. It is up to the RS president to protect that confidential information, no matter the source. It's a matter of teaching people correct principles and letting them govern themselves.

You question whether there is significant need to communicate confidential information. I think there is a large need, and wards are already using conventional email in ways that are outside the bounds of tomw's simple example of welfare. That generalizes to other topics. Many communications that a bishop might have with the RSP, EQP, Welfare Committee, etc., would be held behind closed doors if conducted in person. And many -- including tomw above -- say such content should not be transmitted by email because it is insecure.

But I know that in my ward -- and I suspect in thousands of others -- such restrictive practices would impede the ordinary flow of need-to-know information that already occurs via email. The tradeoff is inherent. If you restrict communications to personal meetings or phone tag, not as much gets done or details don't get written down. If there were a secure channel available, most of that risk could be ameliorated.
User avatar
mkmurray
Senior Member
Posts: 3266
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

#58

Post by mkmurray »

So I think the gist of all of this is that most local leaders are using conventional, 3rd party email solutions to communicate within the ward and to communicate with other units around the Church. The current solution still has issues with "leaving the email window open" when guests come to your house.

At least with boomerbubba's solution, it would be housed on a secure Church server and the email address names could be something very predictable. I guess the rest of the argument is whether it will be worth the effort to implement and whether there would be a significant amount of security achieved to justify the effort.
tortdog
Member
Posts: 165
Joined: Mon Jul 28, 2008 8:00 am
Location: Austin, Texas

#59

Post by tortdog »

Along the lines of what Boomer says, the whole reason I brought this up was in my quest to find consistency in policy:

* if we restrict non-LDS.org sites from hosting confidential information then
* don't we have to restrict all non-LDS.org e-mail servers as well

But the Church probably will never take that second step, so why attempt to prevent the first (as long as it is just as secure as the e-mail servers).

So my view would be that if we recognize that confidential information will be sent via non-LDS.org e-mail (and it will) albeit with some security (https for online e-mail, password protection, etc.), then shouldn't we be able to similarly use non-LDS.org servers that are password protected and commercially available for similar purposes, e.g., keep notes on a password-protected Google notebook, or an invitation-only network site?

I'm looking to treat non-LDS.org hosted application servers consistently with non-LDS.org email servers.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#60

Post by russellhltn »

tortdog wrote:Along the lines of what Boomer says, the whole reason I brought this up was in my quest to find consistency in policy:

* if we restrict non-LDS.org sites from hosting confidential information then
* don't we have to restrict all non-LDS.org e-mail servers as well

But the Church probably will never take that second step, so why attempt to prevent the first (as long as it is just as secure as the e-mail servers).
I think consistency can be found in the concerns. The first question is "what is confidential" when we're talking 3rd party servers? Outside of the church, no one cares about who's getting welfare.

I think the big concern is the harvesting of church membership data for marketing purposes. Email isn't a concern for that since there's far too much "noise" for anyone to reasonably exploit. But if I throw up a server offering a service then I can con people into uploading the information in a form I can sell to advertisers. THAT is what I think the concern is - the uploading of information from MLS to "outsiders" - the possibility of taking information that was to be for "church purposes only" and risk having it fall into other's hands.

Personally I see a bigger consistancy issue in that on one hand we've been asked not to upload information to 3rd party servers and yet a stake has received permission to use the ymyw.org website.
Post Reply

Return to “General Discussions”