Nathan, I’d like to respond to all three of your recent comments.
Can you explain how this is so? I did a fair amount of
work at SPI as a
clerk, and I'm not sure I understand how the mere fact that a check was
performed is giving sockpuppeters a roadmap for how to avoid detection. If
you mean they could test the CU net by running a bunch of socks on
different strategies to see which get checked and which don't, that seems
like a lot of work that a vanishingly small number of abusers would
attempt... and also basically the same information as they would receive
when those sock accounts are ultimately blocked or not blocked per CU.
~Nathan
I think you might be amazed that the persistence and sophistication of some individuals. I
personally haven’t dealt with them much on-wiki, but I’ve certainly seen them on IRC.
Here are some problems with that rationale:
1) If a sock confirmation results from a CU check, the person is blocked,
which is a pretty big tip off all its own. If a case is filed at SPI, then
tons of evidence is submitted, then a CU check is performed in public, then
a block is or is not imposed. That whole process is a pretty big tip off
too, but we haven't shut it down for providing a road map to abusers.
You are correct that the start of the CU case is public at the time of filing at WP:SPI.
The identity of the CU is also public when it is run for those filed cases. I believe that
we are discussing in this thread are instances of the CU tool being used, or data from the
tool being used and shared among functionaries who are permitted access to private data,
when that use or sharing is not made publicly known at WP:SPI. I am not a Checkuser but
perhaps someone who is a Checkuser can give some examples of situations when this happens.
I personally know of at least two scenarios.
2) You can't dispute the use of CU on your
information if you don't know
that it was used. It's kind of like secret wiretapping with a FISA warrant;
if you never know you've been wiretapped, how are you supposed to challenge
it or know whether it was used improperly? As for "various groups can
investigate", to some extent that's true. Most of them are checkusers,
however, and they still tend not to disclose all relevant information. I'm
not saying that any CU is doing anything improper or that it's likely, but
such allegations have been made in the past, and it seems like a pretty cut
and dried case of people having a right to know how their own information
is being used. If Wikimedia were based in Europe, it would most likely be
required by law.
Nathan
When you use Wikipedia, information about what you do is logged. The same is true for
other websites. In most cases on the internet in general, it’s impossible for the average
user to know if their information has been used or disclosed in a way that is contrary to
the site’s privacy policy. Sometimes misuse or preventable, improper disclosure of private
data is made publicly known, as has happened with many online services being hacked for
credit card or password information. The reality on the internet is that generally the
information you provide can’t be guaranteed to remain private and secure. It is true that
there can be abuses of investigative tools like CU, search warrants, and almost anything
else. The best that can be done is to take reasonable precautions and to be careful about
what you disclose in the first place, for the people who are trusted with special
investigative tools to be honest and competent, to have sufficient “separation of powers”
to help as much as possible to verify that the investigators are honest and competent, and
for there to be penalties for investigators who misuse their authority. Regarding the
investigative use of private information, as I think others have said also, sometimes
there may be a good reason to keep an active investigation from being known to the
individual who is being investigated. Like you, I value accountability and transparency,
and I would gladly listen to suggestions that enhance accountability and transparency
while maintaining reasonable safeguards for active investigations. There needs to be a
balance. I prefer transparency, but sometimes there are good reasons for information to
remain private.
Pine