[Wikimedia-l] CheckUser openness

[John]

Wow I am utterly in shock, while trying to dig up the diff that En Pine
requested I get this comment from a checkuser....

*Checkusers are accountable to your representatives on the AUSC, to the
Foundation's ombudsmen, and to one another—not to you.*
-User:AGK

when a user was looking into possible mis-use of checkuser tools. This
basically screams fuck you to the community, when the actions of a CU are
questioned. Keep in mind that this is coming from a
1) a active CheckUser
2) enwiki ArbCom member
3) AUSC member.

A independent user had then notified the ombudsmen committee only to get
zero response from them. This is supposed to make me trust them with my
private data why?

On Thu, Jun 14, 2012 at 5:46 PM, Nathan <nawrich at gmail.com> wrote:

> On Thu, Jun 14, 2012 at 5:35 PM, En Pine <deyntestiss at hotmail.com> wrote:
>
> >
> > I'm inclined to agree with Risker here. Telling someone that a CU has
> been
> > performed on their account, at the time that a CU is performed, might
> alert
> > a disruptive user that some part of their recent activity has triggered
> the
> > attention of SPI. This information could be used to the advantage of the
> > disruptive user.
> >
> > If someone believes that CU may have been used improperly, various groups
> > can investigate the use of CU.
> >
> > John, you said in your original email, "See the Rich Farmbrough ArbCom
> > case where I suspect obvious fishing, where the CU'ed user was requesting
> > information and the CU claimed it would be a violation of the privacy
> > policy to release the time/reason/performer of the checkuser." Can you
> > provide a link to the relevant diffs? I would be interested in reading
> the
> > diffs to get a fuller understanding of what was said, particularly
> > regarding the Wikimedia-wide Privacy Policy.
> >
> > Thanks,
> >
> > Pine
> >
>
> Here are some problems with that rationale:
>
> 1) If a sock confirmation results from a CU check, the person is blocked,
> which is a pretty big tip off all its own. If a case is filed at SPI, then
> tons of evidence is submitted, then a CU check is performed in public, then
> a block is or is not imposed. That whole process is a pretty big tip off
> too, but we haven't shut it down for providing a road map to abusers.
>
> 2) You can't dispute the use of CU on your information if you don't know
> that it was used. It's kind of like secret wiretapping with a FISA warrant;
> if you never know you've been wiretapped, how are you supposed to challenge
> it or know whether it was used improperly? As for "various groups can
> investigate", to some extent that's true. Most of them are checkusers,
> however, and they still tend not to disclose all relevant information. I'm
> not saying that any CU is doing anything improper or that it's likely, but
> such allegations have been made in the past, and it seems like a pretty cut
> and dried case of people having a right to know how their own information
> is being used. If Wikimedia were based in Europe, it would most likely be
> required by law.
>
> Nathan
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>