Conversation Archive for NARA compliance #6141
Labels
Milestone
Comments
|
There is an option to make the conversation read-only. |
|
Joas,
I will be more than willing to help in any way I can to implement this
widespread need.
My request is to implement an archiving solution for talk/spreed that meets
federal records requirements in a similar fashion as what has been
accomplished within Nextcloud for HIPPA, SOX, GDPR, File Archiving and
Journaling.
What you suggested is a partial work around until such time as a formal
message archive can be created. It also relies on the user to change
expired conversations to read only.
Instant messaging or chat is becoming an increasingly popular form of
communication internally within many organizations, as well as being used
externally between organizations. In many cases, it is now being used as an
alternative to more traditional email communication. Just as with email,
there is likely to be a need to retain all IM content and make it available
for search and retrieval, whilst managing the ongoing storage requirements
for this.
Many organizations are subject to industry or business regulations that
require them to accurately capture and preserve all instant message
conversations for legal and compliance purposes. They will need to respond
to eDiscovery requests for search, legal hold, audit and export, and comply
with a range of laws and regulations that require message archiving and
retrieval, such as FOIA.
The National Archives and Records Administration (NARA) released a
directive which deals with how government and state agencies along with
contractors by association should manage electronic records, including
instant messaging, chat and mobile communication.
Some of the crucial points in the directive highlight the need to store and
retain records in a trustworthy and tamper-proof manner, as well as the
ability to locate, retrieve and deliver them in a timely manner.
To stay compliant with NARA, agencies need to be able to:
- define, monitor, review and update access to electronic records,
- prevent unauthorized access, tampering, deletion or destruction of
archived records and
- have audit trail and legal hold capabilities.
Please let me know how I can help, or what additional information I might
be able to provide.
Regards,
Kurtis McDowell
…On Tue, Aug 24, 2021 at 9:51 AM Joas Schilling ***@***.***> wrote:
There is an option to make the conversation read-only.
It will also prevent people to delete messages, so that should be what you
are looking for?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6141 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AE2YCZRASSTL6W7TGWJYQULT6OPX3ANCNFSM5CVR7QXA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
|
|
Joas,
Here is the link to NARA bulletin 2015-02 Guidance on Managing Electronic
Messages (https://www.archives.gov/records-mgmt/bulletins/2015/2015-02.html)
NARA instant Messaging FAQ
https://www.archives.gov/records-mgmt/initiatives/im-faq.html
I believe other countries will have similar data retention requirements
https://www.project-consult.de/files/Iron%20Mountain%20Guide%202013%20Germany%20Retention.pdf
Again please let me know how I can help. I am more than willing to work on
developing a solution with you.
Regards
Kurtis McDowell
…On Tue, Aug 24, 2021 at 10:31 AM Kurtis McDowell ***@***.***> wrote:
Joas,
I will be more than willing to help in any way I can to implement this
widespread need.
My request is to implement an archiving solution for talk/spreed that
meets federal records requirements in a similar fashion as what has been
accomplished within Nextcloud for HIPPA, SOX, GDPR, File Archiving and
Journaling.
What you suggested is a partial work around until such time as a formal
message archive can be created. It also relies on the user to change
expired conversations to read only.
Instant messaging or chat is becoming an increasingly popular form of
communication internally within many organizations, as well as being used
externally between organizations. In many cases, it is now being used as an
alternative to more traditional email communication. Just as with email,
there is likely to be a need to retain all IM content and make it available
for search and retrieval, whilst managing the ongoing storage requirements
for this.
Many organizations are subject to industry or business regulations that
require them to accurately capture and preserve all instant message
conversations for legal and compliance purposes. They will need to respond
to eDiscovery requests for search, legal hold, audit and export, and comply
with a range of laws and regulations that require message archiving and
retrieval, such as FOIA.
The National Archives and Records Administration (NARA) released a
directive which deals with how government and state agencies along with
contractors by association should manage electronic records, including
instant messaging, chat and mobile communication.
Some of the crucial points in the directive highlight the need to store
and retain records in a trustworthy and tamper-proof manner, as well as the
ability to locate, retrieve and deliver them in a timely manner.
To stay compliant with NARA, agencies need to be able to:
- define, monitor, review and update access to electronic records,
- prevent unauthorized access, tampering, deletion or destruction of
archived records and
- have audit trail and legal hold capabilities.
Please let me know how I can help, or what additional information I might
be able to provide.
Regards,
Kurtis McDowell
On Tue, Aug 24, 2021 at 9:51 AM Joas Schilling ***@***.***>
wrote:
> There is an option to make the conversation read-only.
> It will also prevent people to delete messages, so that should be what
> you are looking for?
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#6141 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AE2YCZRASSTL6W7TGWJYQULT6OPX3ANCNFSM5CVR7QXA>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
> .
>
--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
|
nickvergessen
changed the title
Maybe you can create small tasks for the individual incompliances and then someone or maybe you can even work on those. |
|
Sure I will attempt to do that...
Hopefully you can tell me if what I come up with is workable as I am not a
software engineer.
Can you give me some insight on how Spreed messaging works internally? Is
it Jabber, XMPP or something else?
is it peer to peer connection or does it go through a messaging server on
the host?
How is it end to end encrypted?
Thanks
Kurtis
…On Tue, Aug 24, 2021 at 11:38 AM Joas Schilling ***@***.***> wrote:
I will be more than willing to help in any way I can to implement this
widespread need.
Maybe you can create small tasks for the individual incompliances and then
someone or maybe you can even work on those.
It's good to have a meta/overview ticket, but the actual tasks need
solving anyway
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6141 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AE2YCZTFOAHYSDM6NMIB7Y3T6O4HLANCNFSM5CVR7QXA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
|
|
It's a custom API, calls are peer-to-peer (unless the HPB is used, then its peer-to-HPB-to-peer), chat is stored unencrypted in the Nextcloud Database |
|
Thanks for the information that is great news!
I will send you an update as soon as possible.
…On Tue, Aug 24, 2021 at 1:06 PM Joas Schilling ***@***.***> wrote:
It's a custom API, calls are peer-to-peer (unless the HPB is used, then
its peer-to-HPB-to-peer), chat is stored unencrypted in the Nextcloud
Database
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6141 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AE2YCZV5CIDLNKDWLIWKMH3T6PGQLANCNFSM5CVR7QXA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
|
|
Joas,
Here is the first cut... Let me know what you think.
I don't think it will be that hard to implement.
I really appreciate your willingness to consider and work on this.
If there is more I can do please let me know.
Kurtis
…On Tue, Aug 24, 2021 at 3:27 PM Kurtis McDowell ***@***.***> wrote:
Thanks for the information that is great news!
I will send you an update as soon as possible.
On Tue, Aug 24, 2021 at 1:06 PM Joas Schilling ***@***.***>
wrote:
> It's a custom API, calls are peer-to-peer (unless the HPB is used, then
> its peer-to-HPB-to-peer), chat is stored unencrypted in the Nextcloud
> Database
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#6141 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AE2YCZV5CIDLNKDWLIWKMH3T6PGQLANCNFSM5CVR7QXA>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
> .
>
--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
|
|
Joas,
Not that I didn't give you a week's worth or more of development work
yesterday on the chat side of things.
My request now is is there a way to change the background on video
conferences to either blur or replace the background on video calls?
Thank you
…--
Privacy is important to everyone whether you think you have something to
hide or not.
Your mail is scanned for advertising and other purposes and the wrong word
taken out of text can cause you a lot of trouble. I love google for ease
of use and their use of TLS.
I use Virtru mail encryption for sending mail. (https://www.virtru.com)
My PGP public key can be found at hkp://keys.gnupg.net
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For record keeping requirements, I would like Talk to log at least the text portion of the conversation(s) so that even if a standard user deleted one or more conversations there would be an archive record available to management.
The text was updated successfully, but these errors were encountered: