[WikiEN-l] WikiEN-l Digest, Vol 60, Issue 33

Larry Pieniazek lar at miltontrainworks.com
Sun Jul 20 18:30:08 UTC 2008 

> -----Original Message-----
> From: FT2 ft2.wiki at gmail.com
> Sun Jul 20 18:00:31 UTC 2008
> To: English Wikipedia <wikien-l at lists.wikimedia.org>
> Subject: Re: [WikiEN-l] SlimVirgin and CheckUser leaks
> 
> On Sun, Jul 20, 2008 at 4:27 PM, Ken Arromdee <arromdee at 
> rahul.net> wrote:
> 
> > On Sun, 20 Jul 2008, Nathan wrote:
> > > * The only disclosure of information was to the checkusers wife 
> > > (hard to criticise, I think)
> >
> > I'd criticize it.
> >
> > If we say it's okay to give privileged information to your wife, we're 
> > essentially saying that making any married person a  privileged user is 
> > a two-for-one.  If so, whenever a married person applies to become an 
> > admin, his wife should be checked out and questioned in as much detail 
> > as he is, and go through the same gauntlet of criticism as the 
> > applicant himself.

> > We don't do this.
> 
> Seconded.  Family, relatives and friends do not have WMF 
> trust inherited.

I agree with this.

> Realistically in everyday life, spouses will hear many things 
> that are private - as they would about other matters in a 
> person's life they are living with. But they do not have the 
> /right/ to, and my expectation would be that a person who 
> used a privacy tool (whether CheckUser, Oversight, OTRS, 
> internal list, or otherwise) is fully responsible and 
> accountable for the information they obtain. That means they 
> /need/ to be responsible for assessing whether they can and 
> will keep it private, including assessment of those they live 
> with or who have access to their computer or saved data.

I agree with this as well.

> That assessment is an integral part of assessing one's own 
> fitness for the enhanced tools. A person may be fit for the 
> task personally but lack the assurance on that.

I agree with this as well.

> Realistically, I'd accept an assessment that the spouse (or 
> other close parties/housemates involves) aren't involved or 
> interested, or have more information but a complete sense of 
> discretion and "chinese walls", or won't know names or 
> details, or whatever. Realistically people may tell spouses 
> some things, some times. But a person in any privacy related 
> position has to be responsible for assessing the privacy of 
> information they are allowed to access. That's not just what 
> /they/ will say or do, but that the data will stay private in 
> all practical senses if they are allowed access to it. I 
> would add this to non-public data policy:
> 
> "A person being proposed to have access to non-public data 
> will be personally responsible for the data they obtain 
> through that access. Their access may be removed if, through 
> their being given access, such information is improperly 
> spread to unauthorized others."

I agree with this as well.

For the record, from time to time I do discuss matters related to WMF wiki
affairs with my wife, if there is a past history of her involvement. (which
there was in this particular case, with the editor whose sock I first
checked) In general, I do not discuss CU related matters without good reason
for doing so. The vast majority of matters are not discussed with her, but I
nevertheless am responsible for ensuring the confidentiality of private
matters. 

I admit bias, however it is my considered judgement that my wife of 27
years, who I trust more than any other person in the world, is extremely
trustworthy and will not divulge matters that are properly kept private. She
has a long track record of operating in confidential environments and not
violating the trust placed in her. Therefore I willingly accept the
additional risk involved and acknowledge that it is indeed my
responsibility, and my reputation on the line, should she divulge anything,
because I adjudge the risk to be low.

In the proximate case, she did not divulge anything to anyone. All outward
communication of whatever sort has been initiated by me. Her role was only
that of advise and counsel to both me and the other editor whose sock I
first checked, based on the history of communication that we already had
with that editor, and on the statements that editor had made to us.

> "Guidance: - In practice this means that such a person should 
> assess their online security practices (logging off, or 
> sharing or locking their computer), their saved data 
> practices (email, evidence, logs, and notes), and their 
> shared personal discussion with others if any (housemates, 
> close relatives and the like, and those people's discretion 
> and involvement).
> These must be operated appropriately before enhanced access 
> may be granted, and maintanced appropriately thereafter."

I agree with this as well.  

> FT2

Thanks for turning up and adding some sanity.

Larry Pieniazek
Hobby mail: Lar at Miltontrainworks dot com

More information about the WikiEN-l mailing list