On Sat, Aug 9, 2008 at 7:10 PM, Anthony wikimail@inbox.org wrote:
On Sat, Aug 9, 2008 at 5:11 PM, Sue Gardner sgardner@wikimedia.org wrote:
Gerard Meijssen wrote:
Hoi, When someone accepts the function to checkuser, he accepts a role that is clearly with the community. Calling such a person a "third party" is in
my
opinion wrong. The person doing the check user has accepted the rules
that
allows for executing this function. Thanks, GerardM
This is an extremely important point. As you can imagine, it was challenging for Mike to construct a policy that made it clear that there are roles in the projects such as checkuser which are inside the community (and therefore, as per Gerard, not considered 'external'), and yet whose behaviour is not controlled/controllable by the Foundation.
It's an unusual situation, and we tried to be extremely clear, here:
There's a good reason it's unusual. It's a recipe for disaster. Did you know that Kelly Martin (alleged "attack site" proprietor) has printed copies of checkuser results sitting around the house? The privacy policy might explain how thing are done, but that doesn't mean it's a sane thing to do.
Kelly Martin e-mailed me recently to tell me that, contrary to her statement at the time to the Ombudsman, she retained my IP address when she checked me. I have no idea why she decided to tell me now. But it's definitely another issue that I've not seen anyone discuss -- the extent to which private databases are being retained, and how legislation covers its handling in different countries. In the UK, for example, the Data Protection Act may require that the information be handed over on request, and that the UK chapter (insofar as it's a separate organization) take steps to ensure that it's not used in a way that causes damage or distress.