On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation < pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in that mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs with a fine toothed comb. They are NOT all previous checkusers, to avoid the sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the Board. Those people take their role very seriously. And last, anyone with genuine privacy concerns can contact the WMF: me, Maggie, anyone in the legal or community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we will continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much they err on the side of protection of privacy. I have a window into their world, and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
There is also the Meta checkuser policy; not all policy guidance for checkusers is set locally, they all have to abide by the global policy on checkuser usage (which incorporates by reference the privacy policy).
To make an analogy to the health world... In the United States, the privacy and security of health information is governed by the Health Insurance Portability And Accountability Act (HIPAA). Part of the act is the requirement that access to health information be auditable, and that an accounting of access to protected information be provided to the person concerned upon request. It's not that far out to suggest that people should be notified when their personally identifying information is accessed on Wikimedia, if we invest that information with the significance that many wish to. To be honest, I'm surprised Risker doesn't agree, given the emphasis on personal privacy demonstrated in the IPv6 thread on this list.
Nathan