[Foundation-l] new checkuser policy

Robert Scott Horning robert_horning at netzero.net
Thu Apr 20 23:38:54 UTC 2006 

Kelly Martin wrote:

>On 4/20/06, Robert Scott Horning <robert_horning at netzero.net> wrote:
>  
>
>>I am not all that pleased with having to deal with "outsiders" in order
>>to obtain this critical information, although having it is better than
>>not having it.  I am really curious as to the reasons why Essjay and
>>Karynn are any better candidates for checkuser status on en.wikibooks
>>than the current two candidates on the request for checkuser status, and
>>all I can say is that they enjoy somewhat better relationships with the
>>Foundation board.  That seems hardly a reasonable policy.
>>    
>>
>
>I don't know the current candidates on en.wikibooks that well, and
>while I don't have any reason to believe that there's anything wrong
>with them, I also don't have any reason to believe that they can be
>trusted at the level that should be expected and required of those
>with CheckUser privileges. CheckUser is a position that carries very
>hefty responsibilities; the Foundation has good cause to restrict the
>number of people with this privilege.  Frankly I think *all*
>CheckUsers need to be approved by the Foundation because it's the
>Foundation that will be on the hook for a misuse of the information
>that CheckUsers have access to.  So the fact that Essjay and I are
>well known to the Foundation makes us more appealing to the
>Foundation, not specifically because we have done most of our work on
>Wikipedia (although this is true for me and to a lesser extent for
>Essjay, who has more meta experience than I do) but because we have
>become known to the Foundation as reliable, trustworthy individuals.
>  
>
So why doesn't the existing policy simply say this?  If the individuals 
have to be so trusted that they need formal approval of not only the 
project, but also the Foundation board itself, then it should be stated 
as such.  This is not currently the policy.  As far as you not trusting 
these users, that is because you have not interacted with them and had a 
chance to see their editing and administrative styles, and more of a 
matter that they are not as active on en.wikipedia to your tastes.  From 
my perspective, the Wikibooks candidates are as trustworthy as any 
Wikimedia user can possibly be without getting into cabal accusations or 
political arguments, and would very likely have recieved the checkuser 
status a long time ago if they had instead been working on Wikipedia 
instead of Wikibooks.  They are solid and very active Wikimedia users.

>>Perhaps because this was buried under all of the previous comments, but
>>it really hasn't been answered at least to my satisfaction.  Under what
>>reasonable criteria is being applied that would allow somebody to become
>>a bureaucrat on a project that would not also mean they are trusted
>>enough to have checkuser status as well?
>>    
>>
>
>There's a big difference between bureaucrat and checkuser.  CheckUsers
>have access to personal, private information about other editors,
>information which is protected by law in some nations (e.g. the
>European Union) and the inappropriate disclosure of which could easily
>cause grave harm to someone.  Bureaucrats just get to decide who has
>access to the special buttons on a given project.  The worst damage a
>bureaucrat can do is mistakenly promote someone who ought not have
>been promoted, resulting in annoying damage to a particular project
>and some degree of frustration for its editors and readers.  The worst
>damage a checkuser can do is publicly announce the IP address of a
>political dissident editing from a country where political dissidence
>is punishable by death.  Misuse of CheckUser power can easily lead to
>the loss of jobs and potentially even of freedom or of lives.  I hope
>you now understand how the gravity of the responsibility of a
>CheckUser is that much greater than that of a bureaucrat, and why the
>screening process for bureaucrats is inadequate for determining who
>should be trusted with checkuser rights.
>  
>
On this I guess we have to agree to disagree on this point.  I 
completely disagree that checkuser disclosure of IP addresses is going 
to cause any real problem at all, and is making a mountain out of a 
molehill to prevent some very minor and difficult to accomplish abuse at 
the risk of denying a very powerful tool to local projects... powerful 
in the sense of identifying blatant abuse and stoping vandals from 
destroying a project.  And pointing out that IP addresses are also used 
anyway and even publicly disclosed for most Wikimedia users as well (the 
unregistered users).  I won't rehash any of my previous arguments to 
respond further, but any attempt to not disclose this information if 
futile anyway for somebody who might lose their job or recieve capital 
punishment for something they write on a Wikimedia project, and the 
Foundation would be compelled to disclose that IP address anyway, by the 
standards of the checkuser policy as written.  This policy will never 
save even a single life, just at most give them a few more months of 
life at best due to legal manuvering with the Wikimedia Foundation 
instead being sent through the mud as harboring political dissidants or 
even people plotting to overthrow governments, such as perhaps some 
al-Queida operatives planning on blowing up the Empire State Building in 
New York City.  Is that the kind of press that the Foundation wants in 
terms of who is being protected by this policy?

>>And getting back to the original point of this thread, the Stewards who
>>supposedly have at least the option of having checkuser status, and are
>>allowed to act in the capacity of performing administrative actions
>>where existing policies on individual projects are lacking these
>>policies due to their size, are ignoring checkuser requests.  If Essjay
>>and Karynn have the trust and support for this widespread and cross
>>project assistance, perhaps they should simply be made stewards as well.
>> And to the point at hand, en.wikibooks is in English, which from what
>>I've seen of the list of stewards is one of the languages of every
>>current steward.  That these checkuser scans aren't being performed is
>>more of a condemnation of all of the stewards, or a very serious
>>misunderstanding of what their role is as backup administrators to
>>smaller projects.
>>    
>>
>
>Relatively few stewards are in a position to perform checkusers; the
>position requires both technical competency and a high degree of trust
>and responsibility.  That most stewards (who presumably have the trust
>and responsibility, even if not the technical competency) are
>unwilling to perform them is likely because they don't know how to or
>even that they can as much as that they aren't bothering.
>
>Kelly
>  
>
I guess I'm confused at the duties of stewards then.  Most of what they 
do is "promote" users to become admins or sysops, and now grant 
checkuser status as well based on a whole variety of standards, many of 
which even contradict currently the checkuser policy on Meta.  This by 
itself does require a certain level of technical competency, and I fail 
to see how comparing two different IP addresses from two users is really 
all that much more difficult of a technical task.  This is not operating 
system assembly-level driver writing we are talking about, just looking 
up an IP address or two and comparing numbers.  As far as letting 
stewards know they can do this, I hope this is a wake-up call to let 
them know that this is something that is needed, in terms of being able 
to help smaller projects on a task they simply can't do for themselves. 
 If the level of trust is so high but the amount of work so great, 
perhaps a recruiting drive to get more stewards should occur.

-- 
Robert Scott Horning

More information about the foundation-l mailing list