:-(
Richard Symonds
Wikimedia UK
0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England and
Wales, Registered No. 6741827. Registered Charity No.1144513. Registered
Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT.
United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
movement. The Wikimedia projects are run by the Wikimedia Foundation (who
operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal control
over Wikipedia nor responsibility for its contents.*
On 27 June 2014 14:18, Trillium Corsage <trillium2014(a)yandex.com> wrote:
Hi again Luis,
Thank you for commenting my open letter to Lila. I guess if I send an open
letter I should expect open responses, however I surely hope Lila will
speak on the matter, "yea," "nay," or "not of concern to
me," as I asked.
Yes, I recall your previous response to my previous email (which was
actually larger in scope, criticizing the now-effective overall privacy
policy, whereas I now focus on the access-to-non-public information
sub-policy, not yet in effect). In it you said the policies would never
attain "perfection." Below you assert "there is no magical answer."
These
are examples of thought-terminating cliches. Presented with reasoned
criticism of the policies, you attempt to stop discussion by saying they
can never be perfect or magical. To give you credit, a lot of times
thought-terminating cliches are effective in debate with non-lawyers.
I'm going to go ahead and answer your "perhaps when we next look at the
question in a few years" with the obvious observation that the procedures
the policy lays out now are going to affect contributors mightily within
the next few years. The access policy is not effective yet and can still be
amended. So I'm going to resist your kicking the can down the road a few
years.
Now, to dig into the actual merits of what you say, I respond that these
policies were not "discussed extensively with the community." You obtained
input almost exclusively from the *administrative subset* of the community,
and none no more so than the individuals that currently have or stand to
obtain the accesses in question. Should we be surprised that they prefer
anonymity for themselves, as they explore the IPs and browser signatures
and so on of the rank and file content editors? No. "The community"
according to Lila is *all* the editors, a mere fraction (though powerful)
of which are the insider and involved administrative types that commented
on the policy drafts. I'm confident you'll agree that this distinction is
more or less accurate, that in fact it is the administrative participants
particularly that tend to comment this stuff, and not so much
representatives of the great masses of content editors that actually built
Wikipedia. Please do not gloss over this distinction in the future when
claiming immense "community" participation. I'm not saying it's your
fault
that the discussion wasn't representative though. I'm just saying that's
how it is.
Neither am I faulting, or at least I shouldn't fault, anything about
Michelle Paulson's hard work on the matter. I think the bad decision to
accord anonymity to the checkusers and so forth was made higher up. In fact
it's interesting to look back in the discussion to see what she said: "1)
We do not believe that the current practices regarding collection and
retention of community member identification are in compliance with the
Board’s current Access to nonpublic data policy and hoped to bring the
policy and practices closer to fulfilling the original intent of the
policy" (
http://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_information_policy/…).
What she's saying is that WMF Legal became uncomfortable with the fact that
what the responsible individuals were doing with the identifications
(shredding, deleting) was at odds with what the policy clearly stated to
editors was the case (identifying). Faced with this problem, there were two
ways to go: 1) change the practice to conform with the policy (i.e. start
securely keeping the identifications), or 2) change the policy to conform
to the practice (i.e. grant anonymity to those granted access to
non-anonymous information of others). What I am saying here, and if Lila is
reading this far, is that you chose the wrong option.
This email is already long, and I am not going to start commenting again
why I think the administrative culture has attracted exactly the wrong kind
of people, cyber-bullies, MMORPG players, creepers, and that this change to
the policy is going to magnify that. I guess I'll just close by saying that
it is not that hard to buy a secure file cabinet for the identification
faxes and, say, the removable hard-drive containing the identification
emails. There aren't all that great many checkusers and oversighters and
OTRS volunteers and so forth, and they're not being added that fast. The
existing ones can be accounted for in stages. So these "practical
difficulties" you refer to Luis, I don't see them as so severe. As for the
"risks to volunteers" what are you saying? Are you saying the WMF cannot
securely keep some copies of identifications? The real volunteers at risk
are those rank and file editors you propose to expose to a group of
anonymous and unaccountable administrative participants.
Trillium Corsage
27.06.2014, 01:48, "Luis Villa" <lvilla(a)wikimedia.org>rg>:
Hi, Trillium-
As I pointed out to you the last time we discussed the privacy
policy[1], this issue (and the rest of the policy) were discussed
extensively with the community, with the board, and with the previous
Executive Director. It was then approved by the Board.
This particular topic was discussed particularly thoroughly, with a
separate consultation and additional discussion with the Board. We did
all that because, as we said in our blog post on the topic[2], this
was a tough question that required everyone involved to balance
difficult privacy concerns with the risks and practical difficulties
of identifying volunteers. There was no magical answer that could
please everyone, despite sincere efforts to find creative solutions
informed by several years of experience building and operating the
previous policy.
Since we made that post (and since the Board approved the decision)
nothing has changed. The factors being balanced are still difficult,
and Legal would still come down the same way we did in February (when
we finished the public consultation) and April (when we presented our
recommendation to the Board).
Perhaps when we next look at the question in a few years the facts
will have substantially changed and it will make sense to revisit this
decision and tighten the requirements. But right now, within months of
board approval after a lot of discussion, is not that time.
For what it is worth-
Luis
[1]
https://www.mail-archive.com/wikimedia-l@lists.wikimedia.org/msg12552.htm
[2]
http://blog.wikimedia.org/2014/02/14/a-new-access-to-nonpublic-information/
P.S. Tangentially, and speaking mostly for myself, I want to thank the
many Wikimedians I've talked with in the past ~18 months who have been
patient and supportive as we try our best to talk with you, weigh
costs and benefits with you, and make difficult decisions - not just
about privacy but also about many other things large and small. We'd
love to be perfect, have infinite time and infinite resources and
infinite patience, or no hard problems. Since we don't, we have to
just try our best. I'm grateful for and deeply appreciate all the
people who understand that and have worked with us in patient good
faith to move ahead the mission we all share. Corny, I know, but true.
:)
On Thu, Jun 26, 2014 at 9:06 AM, Trillium Corsage
<trillium2014(a)yandex.com> wrote:
> Dear Ms. Tretikov,
>
> Would you please speak on the new revision of the "Access to
Non-Public
Information" policy? Can you express your objection to it? Can
you express your support of it? You'll find it here:
>
>
http://meta.wikimedia.org/wiki/Access_to_nonpublic_information_policy
>
> This governs the conditions by which the WMF grants access to
potentially
personally-identifying data such as IPs and web-browser
profiles of Wikipedia editors. It grants these to particular administrative
participants, for example checkusers and oversighters and arbitrators, of
the various "communities," for example the Wikipedias of various languages.
>
> Under the terms of the prior access policy, those administrative
participants
were required to send a fax or scanned copy of an
identification document. Editors were led to believe that the WMF kept
record of who these people actually were. It was repeatedly claimed that
they had "identified to WMF." This soothed the concerns of editors like me
that thought, okay, well at least someone knows who they are. The truth was
that a WMF employee marked a chart of usernames only that the
administrative participant's ID showed someone 18 or over, and then
shredded or otherwise destroyed those records. The phrase that so-and-so
"has identified to WMF" or "is identified to WMF" was so commonly
stated,
including by the WMF, that I regard it as a great deception and betrayal
that it really was shredding and destroying the identifications.
>
> The new policy is even worse. It abandons the mere pretense of an
identification. So while it goes the wrong direction, at least it ceases to
deceive. All it calls for now is an email address, an assertion that the
person is 18 or over, and an assertion that the owner of the email account
has read a short confidentiality agreement. The person need not provide a
real name. You are well aware that various web-email services offer
basically untraceable email addresses. You are well aware that only a named
person can enter into agreement on confidentiality. An agreement by a
Wikipedia username with an untraceable email address is not only
unenforceable, it is a ludicrous proposition.
>
> The webpage says the policy is not in effect yet. I urge you to reject
it as
written and instead have it amended to actually require
identification for those faceless entities you prepare to turn loose with
potentially cyberstalker tools.
>
> Whatever your stance, I do call on you to speak on the question. Say
"yea," say "nay," or say "not my concern," but at least
speak.
>
> Trillium Corsage
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
--
Luis Villa
Deputy General Counsel
Wikimedia Foundation
415.839.6885 ext. 6810
This message may be confidential or legally privileged. If you have
received it by accident, please delete it and let us know about the
mistake. As an attorney for the Wikimedia Foundation, for
legal/ethical reasons I cannot give legal advice to, or serve as a
lawyer for, community members, volunteers, or staff members in their
personal capacity. For more on what this means, please see our legal
disclaimer.
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>