Simplified HT Reporting Site

[srweight]

I think that's a stretch. I've seen nothing about to not use email, only to not upload to 3rd party servers (and not to use email lists which I understand to be things like yahoo groups, not "lists"/groups that one stores in one's own email client).

I'd agree that this route has not been approved, but I think to say it's banned is extending the original statements a bit.

I do have some issues about what can and should be discussed via email, since family members other then the intended recipient may be able to read it. But then one can say the same thing about the printed lists that are handed out too.

What about the existing "email broadcasts" in LUWS.

[frog-p40]

Regardless of whether the proposed solution is covered by Church policies, I believe that an e-mail solution is far less secure than what we have discussed before. I know it may not be against Church policy and I know that everyone probably does it, but sending confidential information around in clear text via e-mail is the most likely way for that information to get into the wrong hands.

In my opinion, an SSL secured website is the best option for functionality and security.

Brad O.

Maybe you're on to something. Maybe sensitive information should just never go across the internet, but should only be exchanged over the telephone. Oh, wait, taping phone lines isn't all that hard. Is snail-mail any more secure? Probably not--and its much slower. Plus you leave a paper trail. And everyone can see smoke signals. Hmmm. Face-to-face is the only way to go....unless you suspect the other guy of recording it in his journal....

--Sarcasm over, sorry, but it was fun to write and I mean no offense--

You are probably right that an SSL secured website *may* be the best option for functionality and security. But it sounds like, at least for now, it is just plain not an option. And IMHO people often think of SSL as a comforting security blanket. Don't be deceived, SSL is only a very *small* part of protecting sensitive data. If this were only about SSL, the church would probably have granted permission years ago.

Anyhow, I'm looking for a solution that would work right now. Email seems the best option. And I think you could take steps to keep the most sensitive information out of email. Usually a phone call is warranted in sensitive situations anyhow.

[brado426]

Maybe you're on to something. Maybe sensitive information should just never go across the internet, but should only be exchanged over the telephone. Oh, wait, taping phone lines isn't all that hard. Is snail-mail any more secure? Probably not--and its much slower. Plus you leave a paper trail. And everyone can see smoke signals. Hmmm. Face-to-face is the only way to go....unless you suspect the other guy of recording it in his journal....

--Sarcasm over, sorry, but it was fun to write and I mean no offense--

You are probably right that an SSL secured website *may* be the best option for functionality and security. But it sounds like, at least for now, it is just plain not an option. And IMHO people often think of SSL as a comforting security blanket. Don't be deceived, SSL is only a very *small* part of protecting sensitive data. If this were only about SSL, the church would probably have granted permission years ago.

Anyhow, I'm looking for a solution that would work right now. Email seems the best option. And I think you could take steps to keep the most sensitive information out of email. Usually a phone call is warranted in sensitive situations anyhow.

I fully realize that nothing is 100% secure. But there is a huge difference between transmitting plain text e-mails through public smtp gateways as opposed to using a security method that is adopted by most banks (SSL).

I still believe that some things should either be done right or not done at all. I believe that an e-mail only system would not provide much value and be far less secure than an SSL Website solution. If the Church's policies are causing people to look at less secure and less functional methods of getting something done, the policy should probably be modified to be even more restrictive. If we're not allowed to store confidential data on a secured website, we certainly shouldn't be allowed to transmit confidential data via clear text e-mail. It just makes logical sense.

Brad O.

[frog-p40]

Maybe I'm missing something. I just don't see the harm in sending an email--something like the following. What exactly is so confidential, that it must be transfered fully encrypted? Maybe if I understand the issue better, I'll see your side of things.


Hi Joe

You HT assignments are:

Bill
123 Parkway Ave
555-555-5555

Tim
321 Waypark Rd
555-555-5556

Please report you HT numbers by the 31st. Call me or reply to this email.

Please do not send confidential information in this email. Rather, call me at 555-555-5557.

Last month we had 67% HT. Keep up the good work.


EQ

[brado426]

Maybe I'm missing something. I just don't see the harm in sending an email--something like the following. What exactly is so confidential, that it must be transfered fully encrypted? Maybe if I understand the issue better, I'll see your side of things.


Hi Joe

You HT assignments are:

Bill
123 Parkway Ave
555-555-5555

Tim
321 Waypark Rd
555-555-5556

Please report you HT numbers by the 31st. Call me or reply to this email.

Please do not send confidential information in this email. Rather, call me at 555-555-5557.

Last month we had 67% HT. Keep up the good work.


EQ

This SSL secured website actually requires less data than you mentioned above.... and it is not allowed by the Church: http://tech.lds.org/forum/showthread.php?t=502

Brad O.

[frog-p40]

This SSL secured website actually requires less data than you mentioned above.... and it is not allowed by the Church: http://tech.lds.org/forum/forumdisplay.php?f=28

Brad O.

Well, that seems to me like a completely separate issue. When you start hosting a general purpose global site, and that site has home teaching records and information for every member of the church, security becomes so much more than SSL. One small security hole and everything is exposed on a global scale. One lost password, one malicious user, etc... How many people do you think might choose "lds" as their password into the system. My wife probably would.

The email idea would decentralize everything. Each presidency would have the option of running it on their own computer for their quorum/group/society. The only information in the system is names, phone numbers, and addresses. No logging in, no passwords. If someone decides to hack in, well fine. That's all they get. One super small subset of data. Could have just used a phone book.

Or if you're looking to do something direct from lds.org, that will work too. Not decentralized, but you're not adding any additional security needs (just a bunch more email being sent). No new ways for someone to hack in. I think I would prefer running a program from my home computer though.

I fully understand why the SSL secured website is a questionable idea. I haven't figured out why email would be.

[thedqs]

From what I gathered because your email could connect the church in a legal battle over loss of personal information (ie that the person is a member of the church) if someone got ahold of your email. In addition, the church doesn't have direct control over that information. That was the problem with websites and could be applied to email.

Of course being that strict could severly limit current communication that uses these channels and until we here something from tomw or the church I think it is up to you what you do, just realize that the church could halt your program for the same reasons that brad's site was offlined.

[russellhltn]

Well, that seems to me like a completely separate issue. When you start hosting a general purpose global site, and that site has home teaching records and information for every member of the church, security becomes so much more than SSL. One small security hole and everything is exposed on a global scale. One lost password, one malicious user, etc... ...

The email idea would decentralize everything. Each presidency would have the option of running it on their own computer for their quorum/group/society. The only information in the system is names, phone numbers, and addresses. No logging in, no passwords. If someone decides to hack in, well fine. That's all they get. One super small subset of data. Could have just used a phone book.

Yes. When one thinks about security, one has to ask "secure from what". I think we tend to focus too much on interception and not think about the other risks. Another issue with a server is that only the person putting up the server knows the real reason for doing so. We have no way of knowing that a non-church server's intentions are good and there's no secret agenda.

Right now I think one of our wards is sending MLS HT printouts converted to PDF though email. Can someone show me where that's not allowed? The ability is there now. I'm sure that out there somewhere there are wards and stakes doing the same thing - sending information via email and nothing has come out about it. So I don't see any problem with the small step of automating the emails.

[WelchTC]

From what I gathered because your email could connect the church in a legal battle over loss of personal information (ie that the person is a member of the church) if someone got ahold of your email. In addition, the church doesn't have direct control over that information. That was the problem with websites and could be applied to email.

Of course being that strict could severly limit current communication that uses these channels and until we here something from tomw or the church I think it is up to you what you do, just realize that the church could halt your program for the same reasons that brad's site was offlined.

I've intentionally been silent as there is no further official guidance other than what has been discussed. Could any system be breached by someone trying to do bad things? Absolutely. There is no absolutely perfect method of securing data other than sealing it in a capsule and sending it off to space. Data is no good if we cannot gain access to it. So this is not JUST a security issue. The Church spends a great amount of effort to ensure that policies, rules, local, national, and international laws are followed with our Web sites. 3rd party entities that do not know about such laws don't and probably cannot monitor data the way we have to.

Let me paint the picture another way. Let's say I create a cool web site that tracks family pictures for the ward. I export / import data from MLS into my web site so that I have a ward database pre-populated with member information. Now this web sites purpose is for people to update their family information on my database with individual pictures of their family members. In wards with a lot of new move ins, this would be a cool site. Now let's pretend that my bishop in Sacrament meeting encourages everyone in the ward to update their pictures on the web site. I make my web site secure and I also allow people to "opt out" if they choose. It is easy to say that this is following all rules and what could possibly go wrong. However, if this data were to be compromised (someone tells someone else their login name/password, there is a bug in the software, etc) the Church could be exposed BECAUSE the Bishop asked members to use the site. The Bishop, acting in his ecclesiastical position could bring liability to the Church. Everyone was well intentioned but these things do happen. Now you may be saying, isn't the Church already have exposure if someone shares their LDS.org account info and people get into the official Church system? Of course there is exposure but we are trying to limit this exposure by controlling the # of ways to be exposed.

I have to drive my car, it is a necessity of life. However if I follow rules, limit my driving, don't speed, don't drive recklessly, don't drive while sleepy, I can limit the chance that I will get in an accident. I cannot eliminate it but I can limit it. It is the same concept here.

Many many people use email in their Church callings. We use it at the Church. So no one should interpret the existing policy as a ban against all email for Church purposes. We all have to choose, given the amount of information that we have, what we will do. What we do know is that the Church has asked us NOT to have Web sites for official church business.

Tom

[nbflint]

Tom - thank you for the additional guidance. It's encouraging to me to see the community have these discussions because this is the only way we'll find a solution that will work.

Several programs have been discussed on this forum, including one of Tom's, which store sensitive data on a locally run machine. Another is the Emergency Preparedness project. As far as I know these projects are still active.

This makes me think that a system that stored Home Teaching assignments locally and presented that information in a variety of ways would be fine. The only difference I see between me copy/pasting this information into an e-mail and clicking send and using a program to automate it is that the amount of time the task takes would be dramatically cut.

If the church decides that sending information exported from MLS is a security risk, they will ask us not to do so, we'll comply, and we'll look for another solution. I'm game.