Hi, Everyone,
Yesterday, one guy registered an offensive username, "Rape XXX" (XXX is a female wikipedian's name in real life, but I want to kept the victim anonymous here) in Chinese Wikipedia, and this guy left a message on the female's user talk page: "You are in my sexual fantasy. Are you a virgin?" I was furious about this guy's action and sexual harassment speech. I have blocked this id forever, and I also suggested the female user to report to police office. I want to know is there any policy on this issue? In this kind of situation, will the Foundation cooperate with different countries' police authority, and reveal the user log record to the authority?
Thanks.
THD
THD wrote:
Hi, Everyone,
Yesterday, one guy registered an offensive username, "Rape XXX" (XXX is a female wikipedian's name in real life, but I want to kept the victim anonymous here) in Chinese Wikipedia, and this guy left a message on the female's user talk page: "You are in my sexual fantasy. Are you a virgin?" I was furious about this guy's action and sexual harassment speech. I have blocked this id forever, and I also suggested the female user to report to police office. I want to know is there any policy on this issue? In this kind of situation, will the Foundation cooperate with different countries' police authority, and reveal the user log record to the authority?
Thanks.
THD _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
In the United States, sexual harassment and sexually hostile work environment claims require that:
1. The company/organization have more than 15 employees or its exempt from compliance with Federal EEOC Laws. 2. The subject of the harassment must be an employee who reports to the person doing the harassment. 3. Any employee, irregardless of reporting structure can make claims of sexually hostile work environment, but the damages are a lot less. 4. Damages are statutory for sexual harassment claims.
An online forum cannot make claims of sexual harassment or enforce such claims. If anything, its a violation of site policy and may qualify as stalking or obscenity, but its not sexual harassment under US Law.
Jeff
I'm not entirely sure that a random user of an online site qualifies as an employee of any site, so I don't think that *workplace* sexual harassment laws have anything to do with this case. After all the commotion lately with MySpace, it seems quite real that these situations do have some sort of legal backing under some sort of sexual harassment statute, although IANAL. In many of these cases, it is just safer to report the case, and if the police asks for anything, just provide them access to the Apache and Recent Changes logs.
Titoxd.
-----Original Message----- From: foundation-l-bounces@wikimedia.org [mailto:foundation-l-bounces@wikimedia.org] On Behalf Of Jeffrey V. Merkey Sent: Thursday, November 09, 2006 1:29 AM To: Wikimedia Foundation Mailing List Subject: Re: [Foundation-l] Sexual harassment in Wikipedia
THD wrote:
Hi, Everyone,
Yesterday, one guy registered an offensive username, "Rape XXX" (XXX is a female wikipedian's name in real life, but I want to kept the victim anonymous here) in Chinese Wikipedia, and this guy left a message on the female's user talk page: "You are in my sexual fantasy. Are you a virgin?"
I
was furious about this guy's action and sexual harassment speech. I have blocked this id forever, and I also suggested the female user to report to police office. I want to know is there any policy on this issue? In this kind of situation, will the Foundation cooperate with different countries' police authority, and reveal the user log record to the authority?
Thanks.
THD _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
In the United States, sexual harassment and sexually hostile work environment claims require that:
1. The company/organization have more than 15 employees or its exempt from compliance with Federal EEOC Laws. 2. The subject of the harassment must be an employee who reports to the person doing the harassment. 3. Any employee, irregardless of reporting structure can make claims of sexually hostile work environment, but the damages are a lot less. 4. Damages are statutory for sexual harassment claims.
An online forum cannot make claims of sexual harassment or enforce such claims. If anything, its a violation of site policy and may qualify as stalking or obscenity, but its not sexual harassment under US Law.
Jeff _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
It certainly falls under a variety of state laws regarding stalking and online harrassment, and possibly solicitation as well.
Jeff
Titoxd@Wikimedia wrote:
I'm not entirely sure that a random user of an online site qualifies as an employee of any site, so I don't think that *workplace* sexual harassment laws have anything to do with this case. After all the commotion lately with MySpace, it seems quite real that these situations do have some sort of legal backing under some sort of sexual harassment statute, although IANAL. In many of these cases, it is just safer to report the case, and if the police asks for anything, just provide them access to the Apache and Recent Changes logs.
Titoxd.
-----Original Message----- From: foundation-l-bounces@wikimedia.org [mailto:foundation-l-bounces@wikimedia.org] On Behalf Of Jeffrey V. Merkey Sent: Thursday, November 09, 2006 1:29 AM To: Wikimedia Foundation Mailing List Subject: Re: [Foundation-l] Sexual harassment in Wikipedia
THD wrote:
Hi, Everyone,
Yesterday, one guy registered an offensive username, "Rape XXX" (XXX is a female wikipedian's name in real life, but I want to kept the victim anonymous here) in Chinese Wikipedia, and this guy left a message on the female's user talk page: "You are in my sexual fantasy. Are you a virgin?"
I
was furious about this guy's action and sexual harassment speech. I have blocked this id forever, and I also suggested the female user to report to police office. I want to know is there any policy on this issue? In this kind of situation, will the Foundation cooperate with different countries' police authority, and reveal the user log record to the authority?
Thanks.
THD _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
In the United States, sexual harassment and sexually hostile work environment claims require that:
- The company/organization have more than 15 employees or its exempt
from compliance with Federal EEOC Laws. 2. The subject of the harassment must be an employee who reports to the person doing the harassment. 3. Any employee, irregardless of reporting structure can make claims of sexually hostile work environment, but the damages are a lot less. 4. Damages are statutory for sexual harassment claims.
An online forum cannot make claims of sexual harassment or enforce such claims. If anything, its a violation of site policy and may qualify as stalking or obscenity, but its not sexual harassment under US Law.
Jeff _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
Titoxd@Wikimedia wrote:
I'm not entirely sure that a random user of an online site qualifies as an employee of any site, so I don't think that *workplace* sexual harassment laws have anything to do with this case. After all the commotion lately with MySpace, it seems quite real that these situations do have some sort of legal backing under some sort of sexual harassment statute, although IANAL. In many of these cases, it is just safer to report the case, and if the police asks for anything, just provide them access to the Apache and Recent Changes logs.
Providing this data should only be done in response to a court order. Mere police investigation is not enough. There are many more situations where a person has legitimate reasons for remaining anonymous. This might seem like very obvious circumstances for providing information, but there are other activities where we diverge significantly about the legality of the activity, and it is not our place to start making judgements about legality. Civil rights and free speech are important, and if it means having to tolerate occasional idiotic speech that's a very small price to pay.
Ec
Ray Saintonge wrote:
Titoxd@Wikimedia wrote:
I'm not entirely sure that a random user of an online site qualifies as an employee of any site, so I don't think that *workplace* sexual harassment laws have anything to do with this case. After all the commotion lately with MySpace, it seems quite real that these situations do have some sort of legal backing under some sort of sexual harassment statute, although IANAL. In many of these cases, it is just safer to report the case, and if the police asks for anything, just provide them access to the Apache and Recent Changes logs.
Providing this data should only be done in response to a court order. Mere police investigation is not enough. There are many more situations where a person has legitimate reasons for remaining anonymous. This might seem like very obvious circumstances for providing information, but there are other activities where we diverge significantly about the legality of the activity, and it is not our place to start making judgements about legality. Civil rights and free speech are important, and if it means having to tolerate occasional idiotic speech that's a very small price to pay.
In some cases I would agree, but when there is a clear threat of physical violence (rape), that's a simple boundary line for me.
Two examples: (1) a vandal posts "Principal Skinner is a poopy head", we do not notify the school or authorities, because it is just a stupid childish comment and who cares. (2) a vandal posts a physical threat of violence against Principal Skinner... we forward it to the school and/or appropriate authorities, and cough up the ip address if we have it and there is a police request.
Is the second also just a stupid childish comment? Yes, in many cases, but I am personally not comfortable making that judgment. Tolerating the occassional idiotic speech really is a small price to pay, as you say. Tolerating threats of violence is just a bad idea.
--Jimbo
Jimmy Wales wrote:
Ray Saintonge wrote:
Titoxd@Wikimedia wrote:
I'm not entirely sure that a random user of an online site qualifies as an employee of any site, so I don't think that *workplace* sexual harassment laws have anything to do with this case. After all the commotion lately with MySpace, it seems quite real that these situations do have some sort of legal backing under some sort of sexual harassment statute, although IANAL. In many of these cases, it is just safer to report the case, and if the police asks for anything, just provide them access to the Apache and Recent Changes logs.
Providing this data should only be done in response to a court order. Mere police investigation is not enough. There are many more situations where a person has legitimate reasons for remaining anonymous. This might seem like very obvious circumstances for providing information, but there are other activities where we diverge significantly about the legality of the activity, and it is not our place to start making judgements about legality. Civil rights and free speech are important, and if it means having to tolerate occasional idiotic speech that's a very small price to pay.
In some cases I would agree, but when there is a clear threat of physical violence (rape), that's a simple boundary line for me.
There's a difference too between sexual harassment and threats of violence. Telling a female Wikipedian, "A bitch like you belongs in the kitchen, not on ArbCom," may be fairly interpreted as sexual harassment, but it does not carry a threat of violence. We can deal with that idiot through our own internal processes. Credible threats of violence do raise the issue to a higher level. We were certainly right to act when the kid in Connecticut was threatening suicide.
At the other end of the scale Canadian courts have consistently refused to force the release of such information when the recording industry was saying that they needed to know who was sharing music files. We can delete what we suspect to be copyvios, but it would be over-the-top to tell the copyright owner about it every time it happened unless he had demanded that action in the first place
Two examples: (1) a vandal posts "Principal Skinner is a poopy head", we do not notify the school or authorities, because it is just a stupid childish comment and who cares. (2) a vandal posts a physical threat of violence against Principal Skinner... we forward it to the school and/or appropriate authorities, and cough up the ip address if we have it and there is a police request.
In this example we also want to make sure we aren't sending them on a fool's errand in an imaginary Springfield. ;-)
Is the second also just a stupid childish comment? Yes, in many cases, but I am personally not comfortable making that judgment. Tolerating the occassional idiotic speech really is a small price to pay, as you say. Tolerating threats of violence is just a bad idea.
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Ec
On 11/10/06, Ray Saintonge saintonge@telus.net wrote:
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Yes. One question is whether we want every language and project community to develop its own policy on these matters, or whether this is an area where it makes sense to have a single policy that is localized. This goes for checkuser and oversight as well. Perhaps an in-between solution makes sense, where the WMF requires that local policies identify and propose a group that consists of the most trusted users before granting these privileges on a language/project level.
Perhaps it should also be a requirement that users who have the technical permission to use these tools disclose their identity to the WMF, so we have someone to deal with in case of abuse.
see http://wikimediafoundation.org/wiki/Privacy_policy
"6 Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."
plese help!
2006/11/11, Erik Moeller erik@wikimedia.org:
On 11/10/06, Ray Saintonge saintonge@telus.net wrote:
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Yes. One question is whether we want every language and project community to develop its own policy on these matters, or whether this is an area where it makes sense to have a single policy that is localized. This goes for checkuser and oversight as well. Perhaps an in-between solution makes sense, where the WMF requires that local policies identify and propose a group that consists of the most trusted users before granting these privileges on a language/project level.
Perhaps it should also be a requirement that users who have the technical permission to use these tools disclose their identity to the WMF, so we have someone to deal with in case of abuse. -- Peace & Love, Erik
Member, Wikimedia Foundation Board of Trustees
DISCLAIMER: Unless otherwise stated, all views or opinions expressed in this message are solely my own and do not represent an official position of the Wikimedia Foundation or its Board of Trustees. _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
By "sexual harassment", THD was trying to explain the online harassment/stalking/solicitation accident in which a female user at Chinese Wikipedia was threaten to be raped. It does not mean the kind of sexual harassment in a working environment. In addition to THD's description, the victim's real life name was used in the threat; this name has never been disclosed by the victim on Wikipedia.
We respect the freedom of speech and other civil rights, but we are not obligated to provide a place for any speech or act, especially when such an act seriously violates other people's civil rights or safety. I totally agree with Gregory that we protect the visitor/user's privacy because of our high ethical values and the furthering of interests of both the WMF and the public. We are not going to protect everyone's privacy at all times, especially when it is *necessary* to protect our values or interests or safety. Indeed, in Wikipedia's privacy policy (http://wikimediafoundation.org/wiki/Privacy_policy, link found at bottom of every page on Wikipedia), there are several circumstances that allow the release of IP information: 1. In response to a valid subpoena or other compulsory request from law enforcement. ... 6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
I believe that tolerating such a personal violence threat (using the word "rape" and the victim's undisclosed real-life name) would be a neglect to the safety of our users and the health of our community, which is essential to Wikimedia's success and missions.
Regarding policies and procedures, I think that WMF should either dictate privacy policies of all its projects or give authorizations to the community/people it trusts, as long as it conforms with the best interests of WMF, the project, and the public. I believe that the privacy policy of Chinese Wikipedia is governed by the WMF. In this privacy policy, it is stated that "personally identifiable data...may be released by...users with CheckUser access", does it mean that checkusers/stewards are authorized to release IP information of a registered user without seeking approval for each case from the Board or Executive?
Best regards,
roc --
2006/11/13, shi zhao shizhao@gmail.com:
see http://wikimediafoundation.org/wiki/Privacy_policy
"6 Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."
plese help!
2006/11/11, Erik Moeller erik@wikimedia.org:
On 11/10/06, Ray Saintonge saintonge@telus.net wrote:
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Yes. One question is whether we want every language and project community to develop its own policy on these matters, or whether this is an area where it makes sense to have a single policy that is localized. This goes for checkuser and oversight as well. Perhaps an in-between solution makes sense, where the WMF requires that local policies identify and propose a group that consists of the most trusted users before granting these privileges on a language/project level.
Perhaps it should also be a requirement that users who have the technical permission to use these tools disclose their identity to the WMF, so we have someone to deal with in case of abuse. -- Peace & Love, Erik
Member, Wikimedia Foundation Board of Trustees
DISCLAIMER: Unless otherwise stated, all views or opinions expressed in this message are solely my own and do not represent an official position of the Wikimedia Foundation or its Board of Trustees. _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
-- Chinese wikipedia: http://zh.wikipedia.org/ My blog: http://talk.blogbus.com CNBlog: http://blog.cnblog.org/weblog.html Social Brain: http://www.socialbrain.org/default.asp cnbloggercon: http://www.cnbloggercon.org/
[[zh:User:Shizhao]] _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
roc wrote: <snip>
Regarding policies and procedures, I think that WMF should either dictate privacy policies of all its projects or give authorizations to the community/people it trusts, as long as it conforms with the best interests of WMF, the project, and the public. I believe that the privacy policy of Chinese Wikipedia is governed by the WMF. In this privacy policy, it is stated that "personally identifiable data...may be released by...users with CheckUser access", does it mean that checkusers/stewards are authorized to release IP information of a registered user without seeking approval for each case from the Board or Executive?
From http://meta.wikimedia.org/wiki/Privacy_policy
When using a pseudonym, your IP address will not be available to the public except in cases of abuse, including vandalism of a wiki page by you or by another user with the same IP address. In all cases, your IP address will be stored on the wiki servers and can be seen by Wikimedia's server administrators and by users who have been granted "CheckUser" access. Your IP address, and its connection to any usernames that share it may be released under certain circumstances (see below).
<snip>
It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, may be released by the system administrators or users with CheckUser access, in the following situations:
- In response to a valid subpoena or other compulsory request from law enforcement
- With permission of the affected user
- To the chair of Wikimedia Foundation, his legal counsel, or his designee, when necessary for investigation of abuse complaints.
- Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues.
- Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers
- Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
Wikimedia policy does not permit public distribution of such information under any circumstances, except as described above.
Regards,
Alphax (Wikipedia email) wrote:
From http://meta.wikimedia.org/wiki/Privacy_policy
It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, may be released by the system administrators or users with CheckUser access, in the following situations:
- In response to a valid subpoena or other compulsory request from
law enforcement 2. With permission of the affected user 3. To the chair of Wikimedia Foundation, his legal counsel, or his designee, when necessary for investigation of abuse complaints. 4. Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues. 5. Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers 6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
Wikimedia policy does not permit public distribution of such information under any circumstances, except as described above.
I'm glad that you reminded us of exactly what these said. The one glaring absence from these rules, except for Number 3 (which allows Anthere (but not Jimbo ;-) !?) to receive information), is that none identify "to whom". This is likely an area where the rules need to be tighter than most, because of the possible effects on a person's rights beyond Wikimedia. As the present issue shows, the rights in question may also include the rights of non-Wikimedians.
roc wrote:
By "sexual harassment", THD was trying to explain the online harassment/stalking/solicitation accident in which a female user at Chinese Wikipedia was threaten to be raped. It does not mean the kind of sexual harassment in a working environment. In addition to THD's description, the victim's real life name was used in the threat; this name has never been disclosed by the victim on Wikipedia.
We respect the freedom of speech and other civil rights, but we are not obligated to provide a place for any speech or act, especially when such an act seriously violates other people's civil rights or safety. I totally agree with Gregory that we protect the visitor/user's privacy because of our high ethical values and the furthering of interests of both the WMF and the public. We are not going to protect everyone's privacy at all times, especially when it is *necessary* to protect our values or interests or safety. Indeed, in Wikipedia's privacy policy (http://wikimediafoundation.org/wiki/Privacy_policy, link found at bottom of every page on Wikipedia), there are several circumstances that allow the release of IP information:
- In response to a valid subpoena or other compulsory request from
law enforcement. ... 6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
I believe that tolerating such a personal violence threat (using the word "rape" and the victim's undisclosed real-life name) would be a neglect to the safety of our users and the health of our community, which is essential to Wikimedia's success and missions.
Regarding policies and procedures, I think that WMF should either dictate privacy policies of all its projects or give authorizations to the community/people it trusts, as long as it conforms with the best interests of WMF, the project, and the public.
http://meta.wikimedia.org/wiki/Privacy_policy
I believe that the
privacy policy of Chinese Wikipedia is governed by the WMF. In this privacy policy, it is stated that "personally identifiable data...may be released by...users with CheckUser access", does it mean that checkusers/stewards are authorized to release IP information of a registered user without seeking approval for each case from the Board or Executive?
They should not... except that it is little practical. Imagine that a checkuser checks the ip data of a vandal, then blocks the whole ip range in order to block the person. Or makes correlation with a vandal acting under ip... then, it is pretty easy to "guess" what the ip or ip range for the person is. In such case, release will occur somehow. Many checks done to protect the project itself (pure vandalism, sockpuppetry) will often reveal the ip.
However, if the check is done for investigation reasons (request by the police, by a government etc...), rather than to immediately protect the site from a raw attack, yeah, it would be very shocking that a checkuser reveals the information. To that date, I do not think it ever occured.
In this case, if a request was made to find out the ip of the user who issued the threats, I think the request should be made to the board/executive. But *mostly*, the request should be done either by a very trusted user, or more likely by a group of trusted editors. If a totally unknown person mentions threats have been issued in a language we can not understand, and request to know the ip of another editor, I'd say the request should not be fullfilled.
Ant
Best regards,
roc
2006/11/13, shi zhao shizhao@gmail.com:
see http://wikimediafoundation.org/wiki/Privacy_policy
"6 Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."
plese help!
2006/11/11, Erik Moeller erik@wikimedia.org:
On 11/10/06, Ray Saintonge saintonge@telus.net wrote:
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Yes. One question is whether we want every language and project community to develop its own policy on these matters, or whether this is an area where it makes sense to have a single policy that is localized. This goes for checkuser and oversight as well. Perhaps an in-between solution makes sense, where the WMF requires that local policies identify and propose a group that consists of the most trusted users before granting these privileges on a language/project level.
Perhaps it should also be a requirement that users who have the technical permission to use these tools disclose their identity to the WMF, so we have someone to deal with in case of abuse. -- Peace & Love, Erik
Member, Wikimedia Foundation Board of Trustees
DISCLAIMER: Unless otherwise stated, all views or opinions expressed in this message are solely my own and do not represent an official position of the Wikimedia Foundation or its Board of Trustees. _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
-- Chinese wikipedia: http://zh.wikipedia.org/ My blog: http://talk.blogbus.com CNBlog: http://blog.cnblog.org/weblog.html Social Brain: http://www.socialbrain.org/default.asp cnbloggercon: http://www.cnbloggercon.org/
[[zh:User:Shizhao]] _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
Anthere wrote:
However, if the check is done for investigation reasons (request by the police, by a government etc...), rather than to immediately protect the site from a raw attack, yeah, it would be very shocking that a checkuser reveals the information. To that date, I do not think it ever occured.
In this case, if a request was made to find out the ip of the user who issued the threats, I think the request should be made to the board/executive. But *mostly*, the request should be done either by a very trusted user, or more likely by a group of trusted editors. If a totally unknown person mentions threats have been issued in a language we can not understand, and request to know the ip of another editor, I'd say the request should not be fullfilled.
Things can get even more complicated when the requesting police force is of a country well known for its violations of civil rights. A subpoena from Myanmar.would be a cause for concern.
Even your last point gets tricky. If a woman is receiving sexual threats giving the IP details directly to her may not be the most effective way of dealing with the problem unless she is technically savvy. A threat from someone in her own town is more dangerous than one from the other side of the world, and having the information given directly to people in a position to do something about the problem will eliminate the potential for having the authorities as hysteria.
Ec
I think that is what both Jimbo and I said...
What the privacy policy states (the way I read it) is that Checkusers are allowed to release IP information when one of the conditions for release (e.g. abuse of resources, or in this case, threats against a community member) are met, and there is no better alternative than to release them immediately. For example, a Checkuser in the English Wikipedia is allowed to release the IP of a vandal who is creating a plethora of accounts with the sole intent of vandalizing the site; in fact, every time a Checkuser blocks a vandal IP based on Checkuser information, the IP is released into the block log. I cannot imagine a scenario in which a police officer approaches a user with the appropriate privileges, identifies himself satisfactorily, and makes it clear beyond any doubt that the information is going to be used in a rape/stalking/solicitation investigation, and is refused the information he needs. Of course, it may be appropriate to "kick him upstairs" to the Florida office as soon as possible, if the situation is not as urgent.
Titoxd.
-----Original Message----- From: foundation-l-bounces@wikimedia.org [mailto:foundation-l-bounces@wikimedia.org] On Behalf Of roc Sent: Tuesday, November 14, 2006 12:20 AM To: Wikimedia Foundation Mailing List Subject: Re: [Foundation-l] Sexual harassment in Wikipedia
By "sexual harassment", THD was trying to explain the online harassment/stalking/solicitation accident in which a female user at Chinese Wikipedia was threaten to be raped. It does not mean the kind of sexual harassment in a working environment. In addition to THD's description, the victim's real life name was used in the threat; this name has never been disclosed by the victim on Wikipedia.
We respect the freedom of speech and other civil rights, but we are not obligated to provide a place for any speech or act, especially when such an act seriously violates other people's civil rights or safety. I totally agree with Gregory that we protect the visitor/user's privacy because of our high ethical values and the furthering of interests of both the WMF and the public. We are not going to protect everyone's privacy at all times, especially when it is *necessary* to protect our values or interests or safety. Indeed, in Wikipedia's privacy policy (http://wikimediafoundation.org/wiki/Privacy_policy, link found at bottom of every page on Wikipedia), there are several circumstances that allow the release of IP information: 1. In response to a valid subpoena or other compulsory request from law enforcement. ... 6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
I believe that tolerating such a personal violence threat (using the word "rape" and the victim's undisclosed real-life name) would be a neglect to the safety of our users and the health of our community, which is essential to Wikimedia's success and missions.
Regarding policies and procedures, I think that WMF should either dictate privacy policies of all its projects or give authorizations to the community/people it trusts, as long as it conforms with the best interests of WMF, the project, and the public. I believe that the privacy policy of Chinese Wikipedia is governed by the WMF. In this privacy policy, it is stated that "personally identifiable data...may be released by...users with CheckUser access", does it mean that checkusers/stewards are authorized to release IP information of a registered user without seeking approval for each case from the Board or Executive?
Best regards,
roc --
2006/11/13, shi zhao shizhao@gmail.com:
see http://wikimediafoundation.org/wiki/Privacy_policy
"6 Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."
plese help!
2006/11/11, Erik Moeller erik@wikimedia.org:
On 11/10/06, Ray Saintonge saintonge@telus.net wrote:
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Yes. One question is whether we want every language and project community to develop its own policy on these matters, or whether this is an area where it makes sense to have a single policy that is localized. This goes for checkuser and oversight as well. Perhaps an in-between solution makes sense, where the WMF requires that local policies identify and propose a group that consists of the most trusted users before granting these privileges on a language/project level.
Perhaps it should also be a requirement that users who have the technical permission to use these tools disclose their identity to the WMF, so we have someone to deal with in case of abuse. -- Peace & Love, Erik
Member, Wikimedia Foundation Board of Trustees
DISCLAIMER: Unless otherwise stated, all views or opinions expressed in this message are solely my own and do not represent an official position of the Wikimedia Foundation or its Board of Trustees. _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
-- Chinese wikipedia: http://zh.wikipedia.org/ My blog: http://talk.blogbus.com CNBlog: http://blog.cnblog.org/weblog.html Social Brain: http://www.socialbrain.org/default.asp cnbloggercon: http://www.cnbloggercon.org/
[[zh:User:Shizhao]] _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
_______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
Titoxd@Wikimedia wrote:
I think that is what both Jimbo and I said...
What the privacy policy states (the way I read it) is that Checkusers are allowed to release IP information when one of the conditions for release (e.g. abuse of resources, or in this case, threats against a community member) are met, and there is no better alternative than to release them immediately. For example, a Checkuser in the English Wikipedia is allowed to release the IP of a vandal who is creating a plethora of accounts with the sole intent of vandalizing the site; in fact, every time a Checkuser blocks a vandal IP based on Checkuser information, the IP is released into the block log.
IP information alone does not always mean we have personal personal information.
I cannot imagine a scenario in which a police officer approaches a user with the appropriate privileges, identifies himself satisfactorily, and makes it clear beyond any doubt that the information is going to be used in a rape/stalking/solicitation investigation, and is refused the information he needs.
I can. A person with checkuser lives in a country with more limited civil rights, and the police threaten him with jail if he does not use that right to give them what they want ...Even in freer countries very few people are willing to confront the police when they make improper demands. If suggesting that they are on a rape investigation will get them the information they want they'' say that.
Of course, it may be appropriate to "kick him upstairs" to the Florida office as soon as possible, if the situation is not as urgent.
Sometimes.
Ec
Erik Moeller wrote:
On 11/10/06, Ray Saintonge saintonge@telus.net wrote:
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Yes. One question is whether we want every language and project community to develop its own policy on these matters, or whether this is an area where it makes sense to have a single policy that is localized. This goes for checkuser and oversight as well. Perhaps an in-between solution makes sense, where the WMF requires that local policies identify and propose a group that consists of the most trusted users before granting these privileges on a language/project level.
I can't address the technical requirements for someone with checkuser capacity, but technical competence is only one side of the coin. Good judgement, trust and common sense are just as important. The ideal checkuser is effective in both respects.
Rule making on the wiki tends to be chaotic at best, to the point where the best way to develop a rule can be to make a rule and hope that nobody notices. No-one can keep up with the process, or be certain of the circumstances when a rule was adopted. Proposing changes can be an intimidating process.
I would llike to propose a Rules Committee on the following bases.
1. Except for minor editorial changes the rules committee would not adopt the rules. It could propose new rules, amendments, rule reviews, or repeals, but the actual adoption would be by the community affected. It could develop a rational codification of the rules. 2. The rule committee would be primarily a foundation level committee, but could draft rules for any single project or group of projects. 3. Although membership at this stage would be relatively open, no person should be a member of the Rules Committee and any Arbitration Committee at the same time. This parallels the separation of the legislative and judicial arms of governments. While rule makers must be in a position to look at rules in broad terms, arbitrators must be concerned with applying existing rules to specific circumstances. 4. In order to be effective the number of members on the rules committee would need to be limited, and equitable means of adding or replacing members would need to be developed. 5. Where applicable the rules committee would need to work closely with the Translation Committee when a rule must be applied across multiple languages. 6. Among the higher priorities for the Rule Committee would be * Developing the distinction between Foundation, policy that needs to be consistent between projects of the same type, policy that needs to be consistent between projects in the same language, and policy which each project may develop separately. * Developing a consistent policy on policy adoption. * Developing consistent formats for policies. 7. Existing policies would be grandfathered until reviewed, replaced and readopted.
Initially, this committee would want a closed mailing list, and a number of volunteers to see if this experiment is workable.
Any thoughts out there?. Ec
Ray Saintonge wrote:
Erik Moeller wrote:
On 11/10/06, Ray Saintonge saintonge@telus.net wrote:
Essentially I agree. It all comes down to mature judgement, and who is capable of exercising it. We have a lot of people who can too easily jump to conclusions.
Yes. One question is whether we want every language and project community to develop its own policy on these matters, or whether this is an area where it makes sense to have a single policy that is localized. This goes for checkuser and oversight as well. Perhaps an in-between solution makes sense, where the WMF requires that local policies identify and propose a group that consists of the most trusted users before granting these privileges on a language/project level.
I can't address the technical requirements for someone with checkuser capacity, but technical competence is only one side of the coin. Good judgement, trust and common sense are just as important. The ideal checkuser is effective in both respects.
Rule making on the wiki tends to be chaotic at best, to the point where the best way to develop a rule can be to make a rule and hope that nobody notices. No-one can keep up with the process, or be certain of the circumstances when a rule was adopted. Proposing changes can be an intimidating process.
I would llike to propose a Rules Committee on the following bases.
You know that if something never happens, there must be a committee behind it. Isn't that how the saying goes? :)
<snip>
3. Although membership at this stage would be relatively open,
</snip>
I have to disagree with the initial openness. We have too many process wonks who would jump at the chance, and we'll end up only being allowed to edit every second thursday when it's a prime number of days from the vernal equinox of Triton...
On 16/11/06, Alphax (Wikipedia email) alphasigmax@gmail.com wrote:
Ray Saintonge wrote:
I would llike to propose a Rules Committee on the following bases.
I have to disagree with the initial openness. We have too many process wonks who would jump at the chance, and we'll end up only being allowed to edit every second thursday when it's a prime number of days from the vernal equinox of Triton...
Proposal: a Rules Elimination Committee. They can only remove rules, not put through new ones.
- d.
On 11/16/06, David Gerard dgerard@gmail.com wrote:
On 16/11/06, Alphax (Wikipedia email) alphasigmax@gmail.com wrote:
Ray Saintonge wrote:
I would llike to propose a Rules Committee on the following bases.
I have to disagree with the initial openness. We have too many process wonks who would jump at the chance, and we'll end up only being allowed to edit every second thursday when it's a prime number of days from the vernal equinox of Triton...
Proposal: a Rules Elimination Committee. They can only remove rules, not put through new ones.
I don't know if this was a joke, but I actually like the idea. We seem more than capable of creating new rules all the time (ahem [[Wikipedia talk:Community sanction]]). Creating rules is chaotic now, but is that a bad thing? I like process efficiency, but an efficient rules creation system seems a little dangerous.
On 11/17/06, cohesion cohesion@sleepyhead.org wrote:
I don't know if this was a joke, but I actually like the idea. We seem more than capable of creating new rules all the time (ahem [[Wikipedia talk:Community sanction]]). Creating rules is chaotic now, but is that a bad thing? I like process efficiency, but an efficient rules creation system seems a little dangerous.
We do have a process for creating new rules. Idon't think anyone has ever followed it though.
David Gerard wrote:
On 16/11/06, Alphax (Wikipedia email) alphasigmax@gmail.com wrote:
Ray Saintonge wrote:
I would llike to propose a Rules Committee on the following bases.
I have to disagree with the initial openness. We have too many process wonks who would jump at the chance, and we'll end up only being allowed to edit every second thursday when it's a prime number of days from the vernal equinox of Triton...
Proposal: a Rules Elimination Committee. They can only remove rules, not put through new ones.
Getting rid of exzcessive rules was certainly a motivating factor in my proposal/
Ec
Alphax (Wikipedia email) wrote:
Ray Saintonge wrote:
3. Although membership at this stage would be relatively open,</snip>
I have to disagree with the initial openness. We have too many process wonks who would jump at the chance, and we'll end up only being allowed to edit every second thursday when it's a prime number of days from the vernal equinox of Triton...
Well if you really think that openness should not apply, I could choose all the members to make sure that I have a cabal that's willing to be compliant with my vision of the rules. :-)
Ec
On 11/9/06, Ray Saintonge saintonge@telus.net wrote: [snip]
legality of the activity, and it is not our place to start making judgements about legality. Civil rights and free speech are important, and if it means having to tolerate occasional idiotic speech that's a very small price to pay.
We're past due for another line in WP:NOT:
Wikipedia is not an anonymity service.
Generally we work to increase the privacy of editors because it is the ethical thing to do and it furthers our interests. When someone attacks our users with frightening threats of violence or otherwise behaves in ways which are obviously harmful and malicious we should disclose their information as appropriate for the protection of our users and the betterment of our community... and this is for the same reasons as the above: it is the ethical thing to do and it furthers our interests.
We are under no obligation to provide protection to people who wish to cause harm to others.
Although a certain degree of "thick skin" is required for us to avoid wasting time on every idiotic troll, this would appear to go far beyond the line.
Fortunately the ideas I've outlined above are already well served by our stated privacy policy.
Gregory Maxwell wrote:
On 11/9/06, Ray Saintonge saintonge@telus.net wrote: [snip]
legality of the activity, and it is not our place to start making judgements about legality. Civil rights and free speech are important, and if it means having to tolerate occasional idiotic speech that's a very small price to pay.
We're past due for another line in WP:NOT:
Wikipedia is not an anonymity service.
I don't think that that is a place where such a rule would help.
Generally we work to increase the privacy of editors because it is the ethical thing to do and it furthers our interests. When someone attacks our users with frightening threats of violence or otherwise behaves in ways which are obviously harmful and malicious we should disclose their information as appropriate for the protection of our users and the betterment of our community... and this is for the same reasons as the above: it is the ethical thing to do and it furthers our interests.
We are under no obligation to provide protection to people who wish to cause harm to others.
We don't really disagree. It's all a matter of perspective. The primary rule should remain that we respect the privacy and anonymity of the user. Anything that deviates from that is an exception. Exceptions should be very specific. Rules should derive from ethics, but the two are not the same thing.
Although a certain degree of "thick skin" is required for us to avoid wasting time on every idiotic troll, this would appear to go far beyond the line.
Those with thin skins just don't last lang.
Ec
Hi Theodoranian,
Your community should determine whether to block it, but I can tell you that in en: it would immediately be blocked without any controversy. And it happens with much less obviously "inflammatory" names than that one.
Here is the template used in en:
http://en.wikipedia.org/wiki/Template:UsernameBlock
-Andrew (User:Fuzheado)
On 11/9/06, THD theodoranian@gmail.com wrote:
Hi, Everyone,
Yesterday, one guy registered an offensive username, "Rape XXX" (XXX is a female wikipedian's name in real life, but I want to kept the victim anonymous here) in Chinese Wikipedia, and this guy left a message on the female's user talk page: "You are in my sexual fantasy. Are you a virgin?" I was furious about this guy's action and sexual harassment speech. I have blocked this id forever, and I also suggested the female user to report to police office. I want to know is there any policy on this issue? In this kind of situation, will the Foundation cooperate with different countries' police authority, and reveal the user log record to the authority?
Thanks.
THD _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
Thank you for letting us share the issue, THD. I am sorry to hear a Wikipedian was so badly suffered; nice to hear you acted promptly and properly.
On 11/9/06, THD theodoranian@gmail.com wrote:
Hi, Everyone,
Yesterday, one guy registered an offensive username, "Rape XXX" (XXX is a female wikipedian's name in real life, but I want to kept the victim anonymous here) in Chinese Wikipedia, and this guy left a message on the female's user talk page: "You are in my sexual fantasy. Are you a virgin?" I was furious about this guy's action and sexual harassment speech. I have blocked this id forever, and I also suggested the female user to report to police office.
Right suggestion imo. In addition it would be helpful to suggest her to share this incident with whom she knows well and trusts in her real life. If ideally, before she goes to the official.
I want to know is there any policy on this issue?
We have no global policy against improper user name nor harassment including sexual if I recall correctly. On many projects, including English and Japanese Wikipedia, there is however zero tolerance toward such behaviors. And sysops are considered to block offensive user name account without any precedent discussion, usually based on a written policy.
In this kind of situation, will the Foundation cooperate with different countries' police authority, and reveal the user log record to the authority?
Thanks.
THD _______________________________________________ foundation-l mailing list foundation-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/foundation-l
wikimedia-l@lists.wikimedia.org