On Mon, Jul 21, 2008 at 2:02 AM, Fayssal F. wrote:
I may be totally wrong as many details are missing here.
(Snip)
b) SlimVirgin, you are wrong when you think that there should be a *good*valid reason for a CU; a valid reason is sufficient. And of course, though it is not binding, a CU can have some courtesy of informing the subject of the check. But i do believe that the question of *"[people] who are checked are told whether and by whom, if they ask*" is less relevant than answering the question about the reason of the check itself. And we all know that sophisticated sockpuppetry comes more often from established accounts -- hope this is not defending the CU *team *but more a sign of emphasizing on the fact that there should be no exemptions for established accounts. Of course, fishing and general trawling aside.
I won't care about who is check usering me if I am not doing something wrong. So... c) what do parties want?
Fayssal F.
Fayssal's said it fairly accurately. Put bluntly, there are cases I have carried out a valid checkuser request, where I am not going to tell the subject, whether they ask or not. Why? Because with a number of sophisticated sockmasters, it would defeat the purpose of the check, if they could ask whether their account X was ever under investigation. There have been a number of cases where having to tell anyone on demand whether they have been checked, would defeat the purpose of detecting abuse of multiple accounts. It can also have a significant and almost always unwarranted disruptive impact to do so every bit as much as if admins had to tell every user, every time they looked at their deleted contributions (which are also non-public). The approach of privacy and CU policy is fairly clear -
1/ checkusers are expected to use their access responsibly, and to only use it when there is a reasonable concern that abuse may be taking place by an account, that the checkuser tool may help to investigate.
"Reasonable concern" I would take to mean that the behavior of an account, or something about it (eg time of creation, area of focus etc), suggests there might be abuse, and that a responsible administrator would reasonably wish to check the matter to reassure themselves there isn't (or identify it if there is).
2/ checkusers are expected to keep the information they obtain from this private, not to use the tool other than for its intended purpose of detecting, preventing and reducing abuse, having been given access to the tool, to use it fully for that purpose, /and/ (having used the tool in a case) they are expected to keep any results safely, and not use any findings other than for that intended purpose.
SlimVirgin and Lar (and others) may argue whether the Checkuser tool was or was not used with good cause, or whether or not the findings were improperly disclosed, or whether they were then used properly or not. That would be a genuine issue if there was a concern (SlimVirin says there is, Lar says there isn't). I am not involved in that discussion, I'm addressing the CU usage criteria only. In terms of Checkuser and Privacy policy, Fayssal is correct - a valid reason is sufficient. The enwiki norm is, I would expect to be able to go to anyone and ask for evidence or explanation that checkuser was being used for those intended purposes, and the results were not then misused in breach of those policies. Beyond that, checkuser is a tool, as much as access to deleted contributions is a tool. A checkuser with reasonable concerns over abuse, disruption, and breach of community norms, will refer to checkuser as much as any admin will refer to deleted contributions.
To sum up, the aim of this project is to write an encyclopedia. Checkuser is a tool that is used by a limited number of users to detect and prevent abuse of editorial process by a minority of "bad faith" users, whilst editors are writing content. If anyone looks at my checkuser logs, they will find each case has a full and thorough explanation, and is carried out solely to further that job, and the same is true for most checkusers.
My current thinking is this. Rather than going round in circles, may I tactfully suggest that Privacy policy, Checkuser policy, and the norms of the wiki on which these actions took place, are now taken as read. And suggest that the thread now moves forward from there into the areas where there could be policy breaches, if any.
FT2