Security

Good questions. I am willing to volunteer my professional services if ever required on the request for information front. I think it's never too early to start asking what loomio's response to any such request would be. It is the kind of thing that has potentially serious consequences but which you can deal with constructively if you have a solid policy that everyone is on-board with.

on Q #1 https://github.com/loomio/loomio/wiki

Qs #2 and #4 I'd be particularly interested in discussion of actually.

As @edgalligan mentioned, the codebase is on our Github and you are welcome to install your own instance. If you have serious security concerns above and beyond industry standard for cloud-based services, I would definitely advise you to install your own instance on your own servers and secure your data in a way that works best for your group.

Please see the Privacy Policy for more information about how Loomio treats user data.

As @seanfarmelo mentioned, the NSA/GCHQ and other governments around the world are known to be doing data surveillance on a massive scale. This is a problem people who work on Loomio care about a lot, but only have limited power to address. If people have suggestions about what a tiny startup with very limited resources can do in the face of some of the most powerful actors on the planet, I'd love to hear it. Loomio has always had a goal to provide a safe space for activists to deliberate online, so this is a key issue for us.

@roslyn thank you for the offer of help. I think you're right that it's something to consider before the question is upon us urgently. What would you suggest in terms of aspects to consider to have a discussion about a policy or framework?

@alanna , does Loomio have any policy or stance regarding people having more than one Loomio identity? For instance, I might create a group in which some people prefer to participate anonymously, even if they use their main identity and email address for other Loomio groups.

For context: people might desire anonymity because it would be a publicly visible group, with purely legal (and radically nonviolent) but controversial concerns. I won't be anonymous.

Loomio has no policy about anonymity in accounts. Lots of people use Loomio with their real name, and lots of people use pseudonyms. It's up to the user, and to groups, what to do with that.

Re: Request for Information

While it is a good idea to start thinking, I wouldn't worry too much about it. I think the most important thing is to ask yourselves:

Are there circumstances under which we would accede to such a request? Are there circumstances under which we would not? What would be the consequences of refusal?

For example, let's take the highly unlikely event that someone somewhere posts, "Hi, does anyone know where I can find an assassin to take out my wife?"
I would imagine the vast majority of people wouldn't have an issue acceding to a request for information on this kind of regular crime.
Then there are the more problematic cases, eg. organising an "illegal" protest or other activity related to civil disobedience that could cross the border into "illegality".
For example, in Ireland we are having huge protests over new water charges at the moment. You can protest all you like - that's perfectly legal. But if you were to organise people refusing to pay, you start to cross a line where you may end up with a fine and ultimately some jail time.
At the moment, police often try to intercept protestors on their way to a protest. Could they back that up to an earlier phase using online information? It's possible, of course.
The world is obviously changing fast, but these mild, 'traditional' forms of civil disobedience are not usually the kind of thing info requests are about, and at any rate States have been spying on this kind of thing for a long time before this (think of the Rainbow Warrior case).
(Not that am encouraging anyone to engage in civil disobedience...I merely inform...)

The worst case you can get is probably someone who is suspected of being a "terrorist" or whistleblower. Or the case of Barrett Brown (among other things, posting a link....) Or someone who is wanted for a DDOS attack...That's the kind of thing that is really being clamped down on.

You can't prepare for every case, and it is something that may very well never happen, but if you have a discussion about how everyone feels, it can save you stress later. What criteria would you be comfortable using to make such a decision? Violence/non-violence?

If things ever really got nasty there are advantages and disadvantages to any course of action. I think the final decision depends a lot on the direction the rest of the world moves in, frankly. That's why I would start considering now, but reserve the final decision until whatever happens, happens. We don't all have to play the same role in transforming our society, but I believe that Loomio will play a very important role whatever path you choose to take on this issue.
What you have built is amazing and it has the potential to transform the world in ways most people cannot even imagine yet. It's not my decision to make, but I personally would ensure the continuity of this project at any cost. It's not something that needs to take a stand on an issue to be effective - it will change the established order of things just by existing. So keep existing.

But I digress. To continue: an info request is the kind of thing that the owners and managers are ultimately legally responsible for - not eg. users in general.

At any rate, it's probably good that you are located in New Zealand as opposed to the US or Australia, as that gives more leeway and options in considering whether a request is valid.
You are sometimes allowed to notify the account user of the request, too.
Twitter has been pretty good on challenging the requests they have received, so even if it were to happen, it is by no means something you have to roll over to without further investigation. Also note that even Twitter with all of its millions of users only gets about 2000 requests a year, many of which are probably genuinely related to tweets like, "How do I kill someone with an icepick?"
Their policy guidelines might give you some more info on how this kind of thing is handled by commercial enterprises (not that I am endorsing these guidelines, it's just FYI): https://support.twitter.com/articles/41949-guidelines-for-law-enforcement
Commercial platforms generally shift the burden onto the user and make them agree not to engage in any illegal activity on their platform in the fine print somewhere.

Re: Anonymity

Obviously, this is up to each group and I have no problem with the fact that it is on offer. I think that in some circumstances, eg. workplace decision-making, it is probably a very good idea, because there is a hierarchical order in place there that can have serious consequences.

Or what if we decided to hold a vote on something really sensitive like acceding to a request for information? Yes, I would want that to be anonymous, although I'd hardly rely on it actually being so. I think we all know by now that anything you say online is probably not secure no matter what you do.

However, due to the prevalence of persona management software, etc., I would think that in larger groups handling non-sensitive questions allowing anonymity is not a good idea. I personally think that even aside from the infiltration possibility, it is important for people to take responsibility for their role in decision-making, as it encourages more responsible, consistent contributions. Yes, that means you have to bear the embarrassment of making a contribution that later turns out to have been incorrect in some way, and that sometimes you have to gather yourself to make a contribution that you know is going to be unpopular. However, like my skating coach used to say, "Who told you everything was going to be easy?" I've come to the point where I don't think that having to overcome the hurdle of self-censorship is really such a bad thing. Presumably if you want other people to back your ideas, you should at least be really committed to them yourself. It keeps things more authentic and that is important to any sound decision-making.