Anthere wrote:
I absolutely understand that David. I just want to point out that the fact sysadmins in the real world are extremely cautious with data does not necessarily mean the editors who will be given access to checkuser will be cautious. As for our *own* sysadmins (well, in our case, basically, our developer team with shell access), they could do destructive things, but they pretty much don't :-) And we trust them :-)
Yes, that's what I mean :-) Basically I have access because I have some idea what the IP numbers mean, and Tim thinks I can be trusted not to reveal data unduly (and I think I can too). As what we're talking about is really a site maintenance/administration function (which is OK within the privacy policy), we need people we can trust that much.
That's what I mean by: We need to find people who we can trust with confidential information, then trust them all the way.
There are lots of editors who could *almost* certainly be trusted with confidential data to that degree, but I don't want to be making the decision that they can be trusted all the way :-)
- d.
David Gerard wrote:
Yes, that's what I mean :-) Basically I have access because I have some idea what the IP numbers mean, and Tim thinks I can be trusted not to reveal data unduly (and I think I can too). As what we're talking about is really a site maintenance/administration function (which is OK within the privacy policy), we need people we can trust that much.
I would like to see any people who have access to this kind of information, IP addresses and the suchlike, to sign some kind of legal document saying they cannot reveal this information.
Having a legal document between the Wikimedia Foundation and people with access to this data would increase people's confidence in the system, as there would be ways to prevent abuses, and people would be able to see that this kind of information is safe.
Chris
Chris Jenkinson wrote:
David Gerard wrote:
Yes, that's what I mean :-) Basically I have access because I have some idea what the IP numbers mean, and Tim thinks I can be trusted not to reveal data unduly (and I think I can too). As what we're talking about is really a site maintenance/administration function (which is OK within the privacy policy), we need people we can trust that much.
I would like to see any people who have access to this kind of information, IP addresses and the suchlike, to sign some kind of legal document saying they cannot reveal this information.
Having a legal document between the Wikimedia Foundation and people with access to this data would increase people's confidence in the system, as there would be ways to prevent abuses, and people would be able to see that this kind of information is safe.
As much as I support the need and importance of protecting personal privacy, I think that this request is totally unrealistic. People will respect that privacy because it's the right thing to do, and not because of some legal document.
Those who want to reveal that information will do it without regard to a legal document. If they do what do you propose doing about it? Are you prepared to go halfway around the world to start some dubious lawsuit? Such a document will only produce an illusion of safety.
Ec
Ray Saintonge wrote:
As much as I support the need and importance of protecting personal privacy, I think that this request is totally unrealistic. People will respect that privacy because it's the right thing to do, and not because of some legal document.
Those who want to reveal that information will do it without regard to a legal document. If they do what do you propose doing about it? Are you prepared to go halfway around the world to start some dubious lawsuit? Such a document will only produce an illusion of safety.
Privacy laws are quite strong in the European Union and divulging of personally-identifiable information related to European Union citizens, whether or not the organisation is based in the EU or not, is a criminal offence. An IP address may count as personally-identifiable information.
The Wikimedia Foundation has chapters based in the EU and has plans to create more. Organisations can be penalised for failure to comply with EU privacy standards. If the WF has a contract with people who have access to this functionality, if it ever does occur the WF will be devoid of responsibility. Yes, it's a remote probability. But that doesn't mean that it should not be insured against. It is not worth it to the Wikimedia Foundation if the case ever arises.
Chris
Chris Jenkinson wrote:
Ray Saintonge wrote:
As much as I support the need and importance of protecting personal privacy, I think that this request is totally unrealistic. People will respect that privacy because it's the right thing to do, and not because of some legal document.
Those who want to reveal that information will do it without regard to a legal document. If they do what do you propose doing about it? Are you prepared to go halfway around the world to start some dubious lawsuit? Such a document will only produce an illusion of safety.
Privacy laws are quite strong in the European Union and divulging of personally-identifiable information related to European Union citizens, whether or not the organisation is based in the EU or not, is a criminal offence. An IP address may count as personally-identifiable information.
No piece of paper is going to change that.
The Wikimedia Foundation has chapters based in the EU and has plans to create more. Organisations can be penalised for failure to comply with EU privacy standards. If the WF has a contract with people who have access to this functionality, if it ever does occur the WF will be devoid of responsibility. Yes, it's a remote probability. But that doesn't mean that it should not be insured against. It is not worth it to the Wikimedia Foundation if the case ever arises.
This is only about protecting Wikimedia in the case of a law suit; it still is not a deterrent to inc=dividuals who have no qualms about breaching privacy.
Ec
On 10/14/05, Ray Saintonge saintonge@telus.net wrote:
Chris Jenkinson wrote:
Ray Saintonge wrote:
As much as I support the need and importance of protecting personal privacy, I think that this request is totally unrealistic. People will respect that privacy because it's the right thing to do, and not because of some legal document.
Those who want to reveal that information will do it without regard to a legal document. If they do what do you propose doing about it? Are you prepared to go halfway around the world to start some dubious lawsuit? Such a document will only produce an illusion of safety.
Privacy laws are quite strong in the European Union and divulging of personally-identifiable information related to European Union citizens, whether or not the organisation is based in the EU or not, is a criminal offence. An IP address may count as personally-identifiable information.
No piece of paper is going to change that.
A piece of paper will certainly clarify the situation, and leave out ignorance as an excuse.
The Wikimedia Foundation has chapters based in the EU and has plans to
create more. Organisations can be penalised for failure to comply with EU privacy standards. If the WF has a contract with people who have access to this functionality, if it ever does occur the WF will be devoid of responsibility. Yes, it's a remote probability. But that doesn't mean that it should not be insured against. It is not worth it to the Wikimedia Foundation if the case ever arises.
This is only about protecting Wikimedia in the case of a law suit; it still is not a deterrent to inc=dividuals who have no qualms about breaching privacy.
So you think all written contracts are completely useless? I mean, if people are just going to do whatever they want whenever they want to, then a piece of paper isn't going to change that, according to your argument? Or is there something different about privacy as compared to any other agreement that people might come to?
What about people who have some qualms about breaching privacy? What about people who don't think this information is private in the first place?
What about Mark Wagner? Does he have no qualms about breaching privacy? He did, after all, release the IP block of the Vandalbot. Is that OK? Assuming so, what other breaches of privacy are OK? Shouldn't we make this clear to all people with access to this information, instead of just trusting that everyone's ethics are exactly in line with what we want them to be?
Ec
Anthony