Hi, Trillium and others-
The privacy policy has been the subject of one of the most extensive public
discussions we've ever done. It was announced here repeatedly, was bannered
extensively to give all readers and editors an opportunity to participate,
and was open for discussion for nearly six months. The resulting discussion
got feedback from hundreds of Wikimedians, including the engineering, ops,
and analytics teams at the Foundation. Altogether, those folks wrote almost
*two hundred thousand words*. That led to over 250 changes to the initial
draft, many of them strengthening the protections we initially put in. The
resulting final draft was then discussed extensively with the board, who
approved it last month. (For more details, see Michelle's excellent blog
post here:
http://blog.wikimedia.org/2014/05/07/launching-a-privacy-policy-built-the-w…
)
This is not to say the document is perfect - we know as Wikimedians that
any written document can be argued over literally until the end of time. :)
But we must, at some point, finalize legal policies so that we can move
forward and implement them. For this policy, that point came when the board
approved it last month. We'll now focus on making sure we're in compliance,
and figuring out other ways to improve user privacy (like improving our
HTTPS situation, being more systematic about anonymization and aggregation
practices, etc.).
If you still have concerns, please put them on the talk page. Just like we
did this time around, we'll review all those comments and incorporate them
when we next revise the policy, or, if appropriate, incorporate it into the
FAQ. We're also still welcoming questions about the data retention
guidelines, and will continue to revise that as a living document that
reflects our current best practices:
https://meta.wikimedia.org/wiki/Data_retention_guidelines
Hope that helps clarify.
Luis
P.S. Let me take this opportunity to again thank Michelle Paulson for her
work leading this process; all told, it has been something like 18 months
of work for her. And that is only the start for her - now that the policy
is in place, she'll be working extensively with ops, analytics, the
ombudsmen, and many others to ensure compliance and look for other ways to
improve privacy. She deserves a big round of applause from every
privacy-concerned Wikimedian for her tireless work on this issue, sometimes
under literally thankless conditions. :)
On Thu, Jun 5, 2014 at 9:21 AM, Trillium Corsage <trillium2014(a)yandex.com>
wrote:
I am writing to ask that the new privacy policy be
stopped, pending
briefings of and thorough consideration by the incoming executive director
Lila Tretikov. The timing of this major policy change with all its
implications, including great legal implications, is at minimum
discourteous to Ms. Tretikov in this the second day of her tenure, and in
my judgement should additionally be viewed as alarming.
"Wikimedia is beholden to no one, yet accountable to each and every human
being," she said day before last. Yet the new policy makes every effort to
distance it from accountability, by attempting to force every editor to
consent to the most privacy-invasive technologies known, which include, all
quoted:
"You should be aware that specific data made public by you or aggregated
data that is made public by us can be used by anyone for analysis and to
infer information about users, such as which country a user is from,
political affiliation, and gender." "Type of device you are using possibly
including unique device identification numbers." "The type and version of
your browser, your browser's language preference, the type and version of
your device's operating system." "The name of your internet service
provider or mobile carrier." "Which pages you request and visit, and the
date and time of each request" (note: says "visit," not merely
"edit"). "We
actively collect information with tracking pixels, cookies, and local
storage." "We use your email address." "We can use GPS and other
technologies commonly used to determine location." "We may receive
metadata." "IP address of the device (or your proxy server) you are using
to access the Internet, which could be used to infer your geographical
location." (
http://meta.wikimedia.org/wiki/Privacy_policy).
What is the heck is all this? Editors don't know they are signing up for
this! But it gets even worse, because the WMF is not only providing this to
its employees, but to hundreds of anonymous "administrators" to whom it
grants access to this non-public, easily personally-identifying data. This
means particularly, but not limited to: checkusers, arbitrators, stewards,
UTRS users, and "community developers." Who are they? While Ms. Tretikov
aspires to accountability, the new privacy policy flees to "exemptions" and
"we know nothing." It specifically exempts these hundreds of people from
the privacy policy. The WMF's Privacy Fellow Roshni Patel said two weeks
ago "the Foundation can’t control the actions of community members such as
administrative volunteers so we don’t include them under the privacy
policy." Is this accountability? No. She further mystifyingly continues:
"however, under the access policy, these volunteers must sign a
confidentiality agreement." Mystifyingly, because it's *not* *true*. That
part of the privacy policy "Requirements for Community Members Applying for
Access to Nonpublic Information" requires only an email address and an
assertion from an anonymous individual that he or she is 18 or over. Is
there requirement there somewhere for a signature? No. Shall they sign for
example under the nicknames of the prominent administrators like
"Beeblebrox" and "Wizardman?" This is not accountability. (
https://meta.wikimedia.org/wiki/Access_to_nonpublic_information_policy#Mini…
.)
How can the executive director be expected to assume responsibility for
this stuff in 14 hours, on her third official day on the job? Out of simple
courtesy to her, it needs to be delayed, while she is briefed on it by
those who most understand it, like the general counsel Geoff Brigham.
Trillium Corsage
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
--
Luis Villa
Deputy General Counsel
Wikimedia Foundation
415.839.6885 ext. 6810
*This message may be confidential or legally privileged. If you have
received it by accident, please delete it and let us know about the
mistake. As an attorney for the Wikimedia Foundation, for legal/ethical
reasons I cannot give legal advice to, or serve as a lawyer for, community
members, volunteers, or staff members in their personal capacity. For more
on what this means, please see our legal disclaimer
<https://meta.wikimedia.org/wiki/Wikimedia_Legal_Disclaimer>.*