[SystemSafety] Mailing list: the archives

Prof. Dr. Peter Bernard Ladkin ladkin at causalis.com
Fri Feb 14 18:31:41 CET 2025 

On 2025-02-14 15:19 , Paul Sherwood wrote:
> On 2025-02-14 12:43, Prof. Dr. Peter Bernard Ladkin wrote:
>>> Now the legal part. Permission needs to be obtained. The list achives contain messages written 
>>> by list members since August 2012. According to GDPR we would need to have the express agreement 
>>> of all those list members who have posted anything since August 2012 that their restricted 
>>> communications be made publicly available (along with their email addresses).
>
> As far as I know, the public url (which you said is owned by Causalis) has been publishing the 
> forum content since at least when I joined the list, up until a week ago. 

So let's go through this more slowly.

Causalis owns the domain systemsafetylist.org. If you do a name server lookup you'll find this 
points at www.rvs.uni-bielefeld.de. This is a domain  owned by Bielefeld Uni and under the 
administration of its TechFak. Strictly speaking, systemsafetylist.org resolves to a subdomain of 
www.rvs.uni-bielefeld.de specified by an Apache configuration entry.

Now a historical interlude.

Back in 2012 when we set up the list, RVS administered www.rvs.uni-bielefeld.de by arrangement with 
the TechFak, because it is hosted on TechFak machines. (Before that time, RVS actually had our own 
machines and was a separate network from the TechFak network.)

When I retired in 2017, TechFak continued www.rvs.uni-bielefeld.de. Two years ago, "we" were 
fingered by the copyright lawyer. The Uni said that they would sort out the lawyer. (But I got my 
own legal advice; so it still cost me some €hundreds.) There was some grumbling from the TechFak 
apparently, because the Uni took it out of their budget. And that was when TechFak and I had some 
negotiation about www.rvs.uni-bielefeld.de and other services such as the systemsafety mailing list 
that they were providing pro bono.

I informed the systemsafety list at the time that its future was uncertain and arrangements should 
be made to host it elswhere.

End of historical interlude

The current situation is that my arrangement with the TechFak is that www.rvs.uni-bielefeld.de 
contains *static pages". They can choose to curtail that arrangement any time it suits them. But 
apparently that site doesn't contain only static pages - it was also the site for the public archive 
of the systemsafety mailing list. Which is something that was not on my radar until Ganesh pointed 
it out recently.

First action item for me is to find out what the TechFak SysAdmin just did (it seems, according to 
Paul, that will have been a week ago). And why they did it. And whether they will restore the status 
quo ante.

Let's be clear. They don't have to give me any answers (but they will).  And the answer to 
restoration may be "no", for whatever reason. It doesn't have to be their reason -- there might be a 
Uni reg to which the previous arrangement does not conform.

So it could be that the public archive is just gone, period.

> Given the information has been public all that time, and I believe you are in effect the 
> publisher, why do you think GDPR would apply in this case? 

I am not the legal publisher and have never been. Bielefeld Uni is the legal publisher, and has 
always been. There is an argument, which has not been tested, that people who signed up to the 
mailing list from August 2012 on were aware that their contributions were to be published. I can 
also point to discussions in 2012, when a contributor made disparaging comments about a particular 
branch of computer science (namely, formal methods) when I said that we might have to cut out his 
emails, because if anyone who felt disparaged were to complain to the Uni, the Uni would shut the 
list down in a trice. So there has been discussion on the list about publication of contributions. 
But this consideration is not decisive -- there is no written contract between Uni Bielefeld and 
mailing-list contributors or their companies.

Copyright law in Germany says that writers have copyright. If some contributors are coming from a 
company address, it could be (indeed it is likely) that they have signed over their copyright to 
their company. Bielefeld Uni arguably has permission to publish the mailing list archives, as above. 
If someone else publishes those archives, they have to obtain permission from the copyright holders, 
as I specified in detail in my previous note.

So Paul may be right that GDPR is a red herring. But I am right in what I said at 12:43 UTC = 13.43 
CET. That's the work that would need to be done if any archive-publisher other than the Bielefeld 
Uni wishes to avoid being opportunistically sued by a random copyright lawyer (how that plays out 
depends on the jurisdiction, of course).

PBL

Prof. Dr. Peter Bernard Ladkin
Causalis Limited/Causalis IngenieurGmbH, Bielefeld, Germany
Tel: +49 (0)521 3 29 31 00

More information about the systemsafety mailing list