Sebastian Moleski wrote:
On 3/31/07, Robert Horning robert_horning@netzero.net wrote:
I disagree that the damage that somebody using checkuser privileges is necessarily irreversible and necessarily causes too many legal problems "for themselves and the foundation." There is obviously an extreme case or two where this may be the case, but on the whole I can't really seen where revealing the IP address of a user is necessarily going to be a major problem. At best, the worst damage that can happen is to document what computer an edit actually took place on. Only with 3rd party records would it even be remotely possible to tie this with a specific individual.
The laws regarding such things vary wildly between regions. In comparison to American privacy laws, for instance, the laws in manz European countries are much more strict. Disclosing personal information without the consent of the person the information belongs to can be prosecuted in criminal and civil court in some instances. Note that many of these laws aren't primarily meant to restrict the government from accessing the information but other private entities. The legal implications of checkuser shouldn't be underestimated.
In addition, any user, including anonymous users, can trace the IP
I would like to point out that if you connect to the internet from any connection, you are "broadcasting" who you are and where you are at. I know this is something that some individuals look at differently, but trying to maintain anonymity on the internet is a complex task at the best and futile at its worst. I know some of this has to do with what a server operator claims to do with their usage logs, but you really shouldn't expect to have your privacy maintained, so far as the address to the computer is concerned, if you are using any internet connection. I have seen some server operators actually publish all access logs to their website in a very public manner.
An IP address is not a personally identifying piece of information by itself, as compared to a nationally issued ID number or your full legal name. As I mentioned here above, you must used additional information such as signed logs or billing records of the ISP in order to tie a particular IP address to a specific individual.
... If a 10-year-old has been given bureaucrat privileges on a Wikimedia project, I would be very surprised.
There is at least one fifteen old user who is a bureaucrat on a Wikimedia project.
That is a major accomplishment, and congratulations to that individual. And to get there, they must have demonstrated a huge degree of maturity as well. This is also something self-correcting as this particular bureaucrat will be 18 in three years, making any argument about this particular individual moot in time.
It may also present some
interesting legal problems for the WMF in terms of liability for that user's actions, but I also believe that any such user who has achieved that level of trust in a particular project is going to have a level of maturity to keep from abusing the checkuser tool as well.
Actual abuse isn't necessary to be subject to a lawsuit. People who volunteer to perform checkuser functions must be fully aware of the responsibilities their actions incur and the possible consequences of those actions. It may be customary to assume good faith in Wikimedia projects. Unfortunately, the real world doesn't always work that way.
Regards,
Sebastian
I've heard a whole bunch of bluster here about how this abuse "may be subject to a lawsuit". Is there any clear legal examples of this happening with other ISPs in situations similar to a disclosure by a volunteer operator/moderator of an IP address? How is this different from admins who have to delete (or undelete) copyrighted material, or set themselves up for potential liability issues and other legal matters by performing user blocks? Or even ordinary users setting themselves up with libel issues based on what they write on Wikimedia projects?
I believe that the hyperparanoia over the permission of check user access is actually a short coming to improving Wikimedia projects, and removing a very valuable tool to help fight vandalism and other mischief. Particularly for smaller Wikimedia projects the current rules place huge obstacles to being able to help fight those who mean harm. These discussions to even further limit the scope of those eligible (even if mainly symbolic) smacks of the elitism that I perceived even when the check user policy was issued in the first place.
Certainly in the case of somebody trying to demonstrate eligibility for becoming a member of the board of trustees, an age requirement is absolutely necessary. What is missing here in these discussions is what the actual legal requirements would be according to the laws of a specific country for some volunteer coordinator who has access to information tied between a user name and an IP address, and what both the liability to the foundation would be if they accidentally or intentionally disclosed this information. Furthermore, if the person who did this disclosure was a minor, would that substantially increase the liability of the WMF? Sure anything can trigger a lawsuit, but has any similar lawsuit been filed in this kind of situation, ever? And been successful and not thrown out as laughable by the judge?
-- Robert Horning