-----Original Message----- From: FT2 ft2.wiki at gmail.com Sun Jul 20 18:00:31 UTC 2008 To: English Wikipedia wikien-l@lists.wikimedia.org Subject: Re: [WikiEN-l] SlimVirgin and CheckUser leaks
On Sun, Jul 20, 2008 at 4:27 PM, Ken Arromdee <arromdee at rahul.net> wrote:
On Sun, 20 Jul 2008, Nathan wrote:
- The only disclosure of information was to the checkusers wife
(hard to criticise, I think)
I'd criticize it.
If we say it's okay to give privileged information to your wife, we're essentially saying that making any married person a privileged user is a two-for-one. If so, whenever a married person applies to become an admin, his wife should be checked out and questioned in as much detail as he is, and go through the same gauntlet of criticism as the applicant himself.
We don't do this.
Seconded. Family, relatives and friends do not have WMF trust inherited.
I agree with this.
Realistically in everyday life, spouses will hear many things that are private - as they would about other matters in a person's life they are living with. But they do not have the /right/ to, and my expectation would be that a person who used a privacy tool (whether CheckUser, Oversight, OTRS, internal list, or otherwise) is fully responsible and accountable for the information they obtain. That means they /need/ to be responsible for assessing whether they can and will keep it private, including assessment of those they live with or who have access to their computer or saved data.
I agree with this as well.
That assessment is an integral part of assessing one's own fitness for the enhanced tools. A person may be fit for the task personally but lack the assurance on that.
I agree with this as well.
Realistically, I'd accept an assessment that the spouse (or other close parties/housemates involves) aren't involved or interested, or have more information but a complete sense of discretion and "chinese walls", or won't know names or details, or whatever. Realistically people may tell spouses some things, some times. But a person in any privacy related position has to be responsible for assessing the privacy of information they are allowed to access. That's not just what /they/ will say or do, but that the data will stay private in all practical senses if they are allowed access to it. I would add this to non-public data policy:
"A person being proposed to have access to non-public data will be personally responsible for the data they obtain through that access. Their access may be removed if, through their being given access, such information is improperly spread to unauthorized others."
I agree with this as well.
For the record, from time to time I do discuss matters related to WMF wiki affairs with my wife, if there is a past history of her involvement. (which there was in this particular case, with the editor whose sock I first checked) In general, I do not discuss CU related matters without good reason for doing so. The vast majority of matters are not discussed with her, but I nevertheless am responsible for ensuring the confidentiality of private matters.
I admit bias, however it is my considered judgement that my wife of 27 years, who I trust more than any other person in the world, is extremely trustworthy and will not divulge matters that are properly kept private. She has a long track record of operating in confidential environments and not violating the trust placed in her. Therefore I willingly accept the additional risk involved and acknowledge that it is indeed my responsibility, and my reputation on the line, should she divulge anything, because I adjudge the risk to be low.
In the proximate case, she did not divulge anything to anyone. All outward communication of whatever sort has been initiated by me. Her role was only that of advise and counsel to both me and the other editor whose sock I first checked, based on the history of communication that we already had with that editor, and on the statements that editor had made to us.
"Guidance: - In practice this means that such a person should assess their online security practices (logging off, or sharing or locking their computer), their saved data practices (email, evidence, logs, and notes), and their shared personal discussion with others if any (housemates, close relatives and the like, and those people's discretion and involvement). These must be operated appropriately before enhanced access may be granted, and maintanced appropriately thereafter."
I agree with this as well.
FT2
Thanks for turning up and adding some sanity.
Larry Pieniazek Hobby mail: Lar at Miltontrainworks dot com
On 7/20/08, Larry Pieniazek lar@miltontrainworks.com wrote: For the record, from time to time I do discuss matters related to WMF wiki affairs with my wife, if there is a past history of her involvement. (which there was in this particular case, with the editor whose sock I first checked) . . . . Her [Lar's wife's] role was only that of advise and counsel to both me and the other editor whose sock I first checked, based on the history of communication that we already had with that editor, and on the statements that editor had made to us. ...
Lar, this is the kind of spinning that occurs throughout your correspondence about this, and it worries me and others more than the original check. You give the impression above (and you have given the same impression elsewhere in connection with this) that Wiktumnus and your wife know each other. They do not. They have had zero contact. Your wife is not someone Wikitumnus would have divulged his identity and accounts to. Your wife has not "counseled" Wikitumnus. There is no "history of communication" between Wikitumnus and your wife. There is no "past history of ... involvement."
Sarah