I'm writing to get an answer (from anybody at the WMF) on the status of the WMF's
policy access to private (i.e. IP, Browser, etc.) information. Each day thousands of
people edit Wikipedia and deserve to know what measures, if any, are taken to avoid
divulging to the wrong sort of people this sensitive information about them.
On 25 April last year, the board of trustees approved, in a non-public and
scantily-documented meeting, a policy that accords Checkuser and Oversight and other
statuses to "community" members appointed by a community process with
essentially a mere two requirements: provide an email address, and assert that you are 18
or over. Name, address, NOT required. Is this truly an adequate way to protect the privacy
interests of all those that edit Wikipedia? Well, I don't think so, but my purpose
right now is to try to eliminate the ambiguity of what is actually occurring at this
time.
One source of this ambiguity is the edit of the WMF's James Alexander
(
http://wikimediafoundation.org/w/index.php?title=Access_to_nonpublic_data_p…)
on 6 June, in which he wrote: "This policy has been replaced by a new [[m:Access to
non public information policy|Access to non public information policy]], which was
approved by the Board of Trustees on 25 April 2014. However, this policy remains in force
until the new processes mandated by the new policy are put into place. A future
announcement will be made to those affected before the new policy goes in effect."
It's now the future (and after nine months, quite so), so what is the policy?
The old policy mandated that those seeking the accesses fax or secure email a from of
identification. Casual and rank-and-file Wikipedia editors were repetitively told that the
checkusers and oversighters etc. were "identified to the WMF." This was
incredibly misleading because the practice of Philippe Beaudette was to shred and
otherwise destroy the identifications after marking the noticeboard. It is apparent to any
plain-spoken individual, I think, that you can't tell people that those granted these
accesses are "identified to the WMF" when you have shredded the documents and
all that is left (except in Mr. Beaudette's memory) is a checkmark by a username on a
noticeboard. It wasn't a semantic dodge predicated on the definition of
"identified," rather it was in my opinion a smoke-screen. Mr. Beaudette felt
loyalty to the privacy of the administrators, and evidently none to the common editors
whose IPs and so forth he was exposing to them.
The immediately above is not necessarily a criticism of the old policy, which taken at
face value strongly implies that the WMF keeps the identifications on file, on a secure
computer, or in a physical safe. It's rather that Mr. Beaudette operated for years in
open defiance of the policy. To his credit though, apparently he impelled the Board to
rewrite the policy in a manner corresponding to his actions.
BUT MY QUESTION NOW is: "What is the status of the policy?" For example English
Wikipedia just got three new checkusers: Bbb23, Callanecc, and Mike V. What information
were they required to provide? Proper documents, or merely an email address and assertion
that they are over 18?
Trillium Corsage