Tech Forum

Also, for most applications, you'd absolutely need some way to be able to track or collect data on some level. However, if the Church provided an ID for each member that was unique but contained no personally identifiable information, such as an ExternalUsageID integer field, then information tracked by the application (like whether a reminder email was sent or not) could be tied to just that ID so that no personally identifiable information would need to be stored outside of the lds.org directory. That way, member information could be retrieved as needed without risking leakage of membership data.
Of course, on the API side, there's nothing they could do to force developers to not store data that was provided to them (since it would still require trust), but at least an ID like that would keep honest people honest because they wouldn't need to store members' personally identifiable information separately to have reasonable functionality in the application itself.

As I'm thinking about it, if this ExternalUsageID method was implemented, the Church could utilize a machine learning application to automatically code-review or audit member-developer applications to check that they aren't storing any sensitive data, though it wouldn't be perfect, so they would still need a manual review process to deal with false positives for developers who flagged the classification for manual review. However, I'm guessing that it would be unreasonable for me to expect the Church to start a machine learning project like that considering that I've never seen the Church post a job ad for anyone with an AI or machine learning background.

An ExternalUsageID field is still a personal you identifying field as long as it can be exported with other identifying information. It doesn't have to be derived from personal information to qualify as "protected data."

MLS used to have a compromise in the membership export file that gave an integer ID to each member of the unit. It was only unique within the unit, and when a member changed units, she was assigned the next largest unused integer for her ID. This kind of convention would be preferable to a global, church-wide integer system (which is basically what the MRN is anyway)

But frankly, the more discussion I read about how people would utilize this, the less inclined I am to favor it. My interest in having access to the API is so that I can generate slightly more advanced reports for my Ward leaders without having to download CSVs or transcribe data. It's merely a matter of streamlining work flow. Much of what has been discussed here has been qualified with statements like "if the developer..."

I'll be candid, I don't trust amateur developers working on their own time to properly safeguard my personal data. And when you step back and look at the bigger picture, that's ultimately where this ends up--in the hands of someone somewhere that has a good idea and not enough domain expertise to do it correctly. If the only solution to that is organizing some body to review and approve apps, then I don't see how this succeeds.

Did you trust that clerks, bishoprics and RS/EQ presidencies would use the CSV exports from MLS appropriately before? (I did...). This is really no different than that. Nervous church lawyers in the end did not trust local leaders enough to deal with data appropriately, and/or the church wanted people to only use the official viewing tools, so the CSV export feature was pulled, but ultimately the usecases for the JSON API are basically the same as for the CSV exports.

lukeh wrote:Did you trust that clerks, bishoprics and RS/EQ presidencies would use the CSV exports from MLS appropriately before? (I did...). This is really no different than that.

I did not have any issue with leaders using the export file for use in tasks that lived on the local computer. I also don't have any issue with experienced and qualified developers utilizing an API to develop applications. But the reality we face is that the church is a conglomeration of minimally trained volunteers that sometimes have more good intentions than common sense. (I include myself in that description)

The question for me isn't whether or not the data can be secured. It's how you can secure it without establishing some sort of gatekeeper organization to screen and review access to the data to prevent breaches caused by ignorance. Given the limited resources the church has for technology development, I don't see it assuming that responsibility.

lukeh wrote:Nervous church lawyers in the end did not trust local leaders enough to deal with data appropriately,

There's an old saying, "absence of evidence is not evidence of absence." I'd suggest that the absence of reports of past abuses reaching our ears is not evidence that it did not happen. I don't think the export were pulled just because of what lawyers were afraid of, but the decision was based in part on what's actually happened.

I don't have (or at least don't remember) any stories about misuse of data, but I have heard stories about jaw-droppingly bad judgement by leaders. The most memorably being a few stories told by President Monson during a regional leadership meeting. So, I know there's a number of things that happen that don't make it to the ears of the general church population.

Yes, in the past there were exports. Most notiably the "Palm" exports from MIS that could be loaded into a Palm Pilot(tm). That intended use has been replaced by LDS Tools. Of course, those simple CSV exports were used for other things as well - and some of those uses may have prompted their removal.

I wonder how many people would donate to a technology fund if the Church started allowing donations to be provided through lds.org for improving the Church's available software.

I don't want to "develop" anything! I just want to be able to access a phone number for someone who lives less than a quarter of a mile from me, but is in another Stake! There are no "phone books" as we used to have. If you try to get a phone number online, you have to pay a fee to get all kinds of personal information about an individual including whether he has broken the law etc. etc. I am not trying to bother the privacy of anyone! I just have a need to contact a friend who lives in another Stake in the same small town that I live in. If you know of a website that will allow this, please, tell me what it is.

Hi All

Thank you for provoking action on this topic. What was the outcome of API access for development?

Not going to happen.