[Businessmtg] FW: Anonymity on the WSO app, Part 2

[Steve Rankin]

Hi Mary, again.  

As you noted, the Al-Anon App does keep your contact information "for business purposes only".  We should understand that means for WSO's use as they see fit, including publication of your shares.

You said: "The journal option within the app is individual passcode and encrypted protected."  OK, but how is that different from your previous comment that anyone that had access to your phone and your access code could access ASP's Archive.  Seems like the same thing to me.

On another note, please remember that WSO REQUIRES both first and last name, email and phone number to join the Al-Anon App, REQUIRES that you accept their exhaustive 7 page Terms of Use document, REQUIRES that member give permission to use whatever members share "for business use" however they wish, and last but not least maintains a complete record of every share and meeting using the Al-Anon App for their use.  We ordinary members may not have access to it, but the folks at WSO certainly do.  

HIPPA?  From the HIPPA website "The Privacy Rule standards address the use and disclosure of individuals' health information—called "protected health information" by organizations subject to the Privacy Rule — called "covered entities," as well as standards for individuals' privacy rights to understand and control how their health information is used."
*** Please note that ASP is in no way a "covered entity".  Al-Anon is NOT a health care provider nor related to any organization that is required to comply with HIPPA. ***

I'm confused about something else.  You mentioned needing to log into the Al-Anon App and how you needed your access code to do that so that was OK because it was safe then from being accessed by someone else, yet the same kind of requirement to access ASP's Archives is not safe because anyone that had your phone and your code could access the Archives.  How is the same kind of technology both OK and safe for securing your Al-Anon shares, yet it's also not OK and unsafe?

You said:  "I believe that is a potential HIPPA violation of personal information being easily accessible to anyone who chooses to become an ASP member no matter their reason for joining."  This raises two issues:

1. HIPPA does not apply to ASP members or the ASP entity, so I'd appreciate it if we didn't hear about his again.

2.  The part about "personal information being easily accessible to anyone who chooses to become an ASP member no matter their reason for joining".  Funny you raised this issue because I have seen it happen on numerous occasions in both face-to-face meetings and in CAFG (earlier email meeting that I spun ASP off of ***). 

For those that don't know the history, before I founded ASP, I was the elected "Business Chair" of CAFG (CyberSerenity) in 1995-1996.  One of the problems that CAFG arose from the fully automated & instant process of joining CAFG.  Simple click on the Join link, enter your email address and poof, you were an instant member of CAFG.  As Mary alluded, this not only could result in all kinds of characters joining CAFG and then posting all kinds of "interesting" stuff. . . it did.  Which frequently sent the recovery meeting into a full-blown tizzy.  So, when I set up ASP, we (a) avoided advertising that could attract unwanted people, and (b) we instituted a simple but apparently effective vetting process using live Greeters that actually interact with new members.  It's worked quite well so far as we have not had an instance of an inappropriate person joining ASP since we started in May 1996.  So, considering that I've witnessed a least a half-dozen occasions in face-to-face meetings where someone attended a meeting with ulterior motives which resulted in problems, I have not seen that happen in ASP, so I'm not very concerned about some malcontented husband creating problems here.  

Lastly, as we have mentioned before, ASP is unusual in that we do not require personal information to join ASP.  Many members with sincere anonymity concerns take advantage of this.  

One last thing. . . we've seen that WSO records meetings (there are several video records of meetings hosted by WSO on the CMA Forum site), the GEA records meetings, thousands of AA & Al-Anon speaker meetings have been tape recorded professionally (and sold; we have over a hundred of them in our basement).  I played in an Al-Anon skit several times, which was video taped by the District Rep. And so on.  

If this was so "wrong" then why is it happening in so many Al-Anon venues?

Love and SERENITY,
Steve


-----Original Message-----
From: Businessmtg On Behalf Of Mary Abbott
Sent: Thursday, October 24, 2024 5:10 AM
To: steve at serenitysys.com
Cc: ASP Business <businessmtg at asp-afg.org>
Subject: [Businessmtg] Anonymity on the WSO app

Below is the content is from the WSO app about meeting security within their app. Note that e clearly states that meetings chats are formatted so that they cannot be copied or saved. The journal option within the app is individual passcode and encrypted protected. The app does keep my contact information for business purposes only. For recovery purposes, there are safeguards to protect my anonymity and no group content is saved or available for anyone to go back and look at. As stated, these safeguards put the meeting in compliance with US federal HIPPA regulations that protect the privacy of individuals. 

At ASP, like the WSO, anyone can sign up for an ASP account. However, once they sign up at ASP,  have full access to all of our past shares and email addresses of all of the present and past members who have shared. What keeps the husband of a wife in recovery from becoming a member and reading all of her recovery shares? Nothing keeps the husband from doing that because there is a permanent written record easily available on our ASP website. 

Archiving shares may be convenient for some administrative tasks but it violates anonymity which is the spiritual foundation of our organization. Although our website states that shares are archived, once a member decides that they don’t want their shares saved, there is no recourse to have those shares removed. I believe that is a potential HIPPA violation of personal information being easily accessible to anyone who chooses to become an ASP member no matter their reason for joining. 

Archiving shares is just wrong and should be stopped. 


6:31
< Frequently Asked Questions
이 100.
What is the level of security of the app, journals and meetings?
Access to app code is restricted through highest levels of authentication through unique tokens, validation of input to prevent unauthorized content being sent to the database.
The database (where journal and other member information is stored) is only accessible through authorized credentials and not exposed to any servers. The journalis a private entry for an individual, an API exposed for journals always makes sure that only the user with the relevant token can access the journals from the database. No user or admin can access another user's journal. Login process uses SSL, 2-factor authentication and passwords are encrypted before storing. Chat messages feature end-to-end encryption and they move to the back-end database via a protected layer (SSL).
Al-Anon meetings in the app are powered by Zoom with Health Insurance Portability and Accountability Act (HIPAA) compliance enabled. In the app you will see this added security is identified by a green shield inside the meeting. The HIPAA compliance provides the following additional securities:
Disallows cloud recordings
Forces out of meeting chat encryption on Forces encryption for 3rd party endpoints Disables streaming to any service that only supports RTMP Prevents copying or saving meeting chats The app only provides the member's display name to Zoom when a member joins a meeting in the app.

Sent from my iPhone
____________________________
To Unsubscribe, go to: http://www.asp-afg.org/mailman/listinfo/asp
The ASP web site with all kinds of info for ASP members is http://asp-afg.org/members/ For assistance with other ASP issues, contact Lynne, the List Administrator of ASP, at lynne at asp-afg.org