[Wikimedia-l] CheckUser openness

David Goodman dggenwp at gmail.com
Fri Jun 15 02:11:18 UTC 2012 

The request--at least the original request here-- was not that they be
made public. The request was that they be disclosed to the person
being checkusered,. There is thus no stigmatization or drama.  That it
might upset the subject to tell him the truth is paternalism.

On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks
<mcdevitd at gmail.com> wrote:
> I think the idea that making the log of checks public will necessarily be a
> service to those subject to CheckUser is misguided. One of the best reasons
> for keeping the logs private is not security through obscurity but the
> prevention of unwarranted stigma and drama. Most checks (which aren't just
> scanning a vandal or persistent sockpuppeteer's IP for other accounts) are
> performed because there is some amount of uncertainty. Not all checks are
> positive, and a negative result doesn't necessarily mean the check was
> unwarranted. I think those who have been checked without a public request
> deserve not to have suspicion cast on them by public logs if the check did
> not produce evidence of guilt. At the same time, because even justified
> checks will often upset the subject, the CheckUser deserves to be able to
> act on valid suspicions without fear of retaliation. The community doesn't
> need the discord that a public log would generate. That's not to say that
> there should be no oversight, but that a public log is not the way to do it.
>
>
> Dominic
>
> On 6/14/12 6:34 PM, En Pine wrote:
>>
>> Nathan, I’d like to respond to all three of your recent comments.
>>
>>> Can you explain how this is so? I did a fair amount of work at SPI as a
>>> clerk, and I'm not sure I understand how the mere fact that a check was
>>> performed is giving sockpuppeters a roadmap for how to avoid detection.
>>> If
>>> you mean they could test the CU net by running a bunch of socks on
>>> different strategies to see which get checked and which don't, that seems
>>> like a lot of work that a vanishingly small number of abusers would
>>> attempt... and also basically the same information as they would receive
>>> when those sock accounts are ultimately blocked or not blocked per CU.
>>>
>>> ~Nathan
>>
>> I think you might be amazed that the persistence and sophistication of
>> some individuals. I personally haven’t dealt with them much on-wiki, but
>> I’ve certainly seen them on IRC.
>>
>>> Here are some problems with that rationale:
>>>
>>> 1) If a sock confirmation results from a CU check, the person is blocked,
>>> which is a pretty big tip off all its own. If a case is filed at SPI,
>>> then
>>> tons of evidence is submitted, then a CU check is performed in public,
>>> then
>>> a block is or is not imposed. That whole process is a pretty big tip off
>>> too, but we haven't shut it down for providing a road map to abusers.
>>>
>> You are correct that the start of the CU case is public at the time of
>> filing at WP:SPI. The identity of the CU is also public when it is run for
>> those filed cases. I believe that we are discussing in this thread are
>> instances of the CU tool being used, or data from the tool being used and
>> shared among functionaries who are permitted access to private data, when
>> that use or sharing is not made publicly known at WP:SPI. I am not a
>> Checkuser but perhaps someone who is a Checkuser can give some examples of
>> situations when this happens. I personally know of at least two scenarios.
>>
>>> 2) You can't dispute the use of CU on your information if you don't know
>>> that it was used. It's kind of like secret wiretapping with a FISA
>>> warrant;
>>> if you never know you've been wiretapped, how are you supposed to
>>> challenge
>>> it or know whether it was used improperly? As for "various groups can
>>> investigate", to some extent that's true. Most of them are checkusers,
>>> however, and they still tend not to disclose all relevant information.
>>> I'm
>>> not saying that any CU is doing anything improper or that it's likely,
>>> but
>>> such allegations have been made in the past, and it seems like a pretty
>>> cut
>>> and dried case of people having a right to know how their own information
>>> is being used. If Wikimedia were based in Europe, it would most likely be
>>> required by law.
>>>
>>> Nathan
>>
>> When you use Wikipedia, information about what you do is logged. The same
>> is true for other websites. In most cases on the internet in general, it’s
>> impossible for the average user to know if their information has been used
>> or disclosed in a way that is contrary to the site’s privacy policy.
>> Sometimes misuse or preventable, improper disclosure of private data is made
>> publicly known, as has happened with many online services being hacked for
>> credit card or password information. The reality on the internet is that
>> generally the information you provide can’t be guaranteed to remain private
>> and secure. It is true that there can be abuses of investigative tools like
>> CU, search warrants, and almost anything else. The best that can be done is
>> to take reasonable precautions and to be careful about what you disclose in
>> the first place, for the people who are trusted with special investigative
>> tools to be honest and competent, to have sufficient “separation of powers”
>> to help as much as possible to verify that the investigators are honest and
>> competent, and for there to be penalties for investigators who misuse their
>> authority. Regarding the investigative use of private information, as I
>> think others have said also, sometimes there may be a good reason to keep an
>> active investigation from being known to the individual who is being
>> investigated. Like you, I value accountability and transparency, and I would
>> gladly listen to suggestions that enhance accountability and transparency
>> while maintaining reasonable safeguards for active investigations. There
>> needs to be a balance. I prefer transparency, but sometimes there are good
>> reasons for information to remain private.
>>
>> Pine
>> _______________________________________________
>> Wikimedia-l mailing list
>> Wikimedia-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>
>
>
>
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l



-- 
David Goodman

DGG at the enWP
http://en.wikipedia.org/wiki/User:DGG
http://en.wikipedia.org/wiki/User_talk:DGG

More information about the Wikimedia-l mailing list