RE: ISSUE-235 (Auditability requirement for security)


-----Original Message-----
From: David (Standards) Singer [] 
Sent: Wednesday, October 15, 2014 2:31 PM
To: Justin Brookman
Cc: (
Subject: Re: ISSUE-235 (Auditability requirement for security)

I understand the good intentions behind this sentence, and applaud them, but

a) it's not specific:
  i) who by? a court? a SWAT team crashing down your door? the CDT asking nicely? an independent researcher sending email?
  ii) of what? the actual data, and the data flows, or the processes and controls that are in place?
b) it's not testable.

We've said some things must be publicly documented (e.g. in the privacy policy), and that's both testable and clear what is stated (it can only be the process). This is trying to be half-way, sort-of vaguely discoverable under undefined quasi-formal ('audit') conditions.  

(I think I am going to go get a half-way vaguely discoverable coffee now and drink it in undefined quasi-formal conditions).

On Oct 15, 2014, at 7:54 , Justin Brookman <> wrote:

> Before leaving NAI and the Working Group, Jack Hobaugh had proposed to delete from the general security requirement for data held for permitted uses the line:
> Third parties SHOULD ensure that the access and use of data retained for permitted uses is auditable.
> If anyone still supports this proposal and wants to discuss it, please advocate for it on the mailing list (or on the working group call today).

David Singer
Manager, Software Standards, Apple Inc.

Received on Wednesday, 15 October 2014 21:38:05 UTC