On Sun, Jul 20, 2008 at 4:27 PM, Ken Arromdee arromdee@rahul.net wrote:
On Sun, 20 Jul 2008, Nathan wrote:
- The only disclosure of information was to the checkusers wife (hard to
criticise, I think)
I'd criticize it.
If we say it's okay to give privileged information to your wife, we're essentially saying that making any married person a privileged user is a two-for-one. If so, whenever a married person applies to become an admin, his wife should be checked out and questioned in as much detail as he is, and go through the same gauntlet of criticism as the applicant himself. We don't do this.
Seconded. Family, relatives and friends do not have WMF trust inherited.
Realistically in everyday life, spouses will hear many things that are private - as they would about other matters in a person's life they are living with. But they do not have the /right/ to, and my expectation would be that a person who used a privacy tool (whether CheckUser, Oversight, OTRS, internal list, or otherwise) is fully responsible and accountable for the information they obtain. That means they /need/ to be responsible for assessing whether they can and will keep it private, including assessment of those they live with or who have access to their computer or saved data.
That assessment is an integral part of assessing one's own fitness for the enhanced tools. A person may be fit for the task personally but lack the assurance on that.
Realistically, I'd accept an assessment that the spouse (or other close parties/housemates involves) aren't involved or interested, or have more information but a complete sense of discretion and "chinese walls", or won't know names or details, or whatever. Realistically people may tell spouses some things, some times. But a person in any privacy related position has to be responsible for assessing the privacy of information they are allowed to access. That's not just what /they/ will say or do, but that the data will stay private in all practical senses if they are allowed access to it. I would add this to non-public data policy:
"A person being proposed to have access to non-public data will be personally responsible for the data they obtain through that access. Their access may be removed if, through their being given access, such information is improperly spread to unauthorized others."
"Guidance: - In practice this means that such a person should assess their online security practices (logging off, or sharing or locking their computer), their saved data practices (email, evidence, logs, and notes), and their shared personal discussion with others if any (housemates, close relatives and the like, and those people's discretion and involvement). These must be operated appropriately before enhanced access may be granted, and maintanced appropriately thereafter."
FT2