Nathan, I’d like to respond to all three of your recent comments.
Can you explain how this is so? I did a fair amount of work at SPI as a clerk, and I'm not sure I understand how the mere fact that a check was performed is giving sockpuppeters a roadmap for how to avoid detection. If you mean they could test the CU net by running a bunch of socks on different strategies to see which get checked and which don't, that seems like a lot of work that a vanishingly small number of abusers would attempt... and also basically the same information as they would receive when those sock accounts are ultimately blocked or not blocked per CU.
~Nathan
I think you might be amazed that the persistence and sophistication of some individuals. I personally haven’t dealt with them much on-wiki, but I’ve certainly seen them on IRC.
Here are some problems with that rationale:
- If a sock confirmation results from a CU check, the person is blocked,
which is a pretty big tip off all its own. If a case is filed at SPI, then tons of evidence is submitted, then a CU check is performed in public, then a block is or is not imposed. That whole process is a pretty big tip off too, but we haven't shut it down for providing a road map to abusers.
You are correct that the start of the CU case is public at the time of filing at WP:SPI. The identity of the CU is also public when it is run for those filed cases. I believe that we are discussing in this thread are instances of the CU tool being used, or data from the tool being used and shared among functionaries who are permitted access to private data, when that use or sharing is not made publicly known at WP:SPI. I am not a Checkuser but perhaps someone who is a Checkuser can give some examples of situations when this happens. I personally know of at least two scenarios.
- You can't dispute the use of CU on your information if you don't know
that it was used. It's kind of like secret wiretapping with a FISA warrant; if you never know you've been wiretapped, how are you supposed to challenge it or know whether it was used improperly? As for "various groups can investigate", to some extent that's true. Most of them are checkusers, however, and they still tend not to disclose all relevant information. I'm not saying that any CU is doing anything improper or that it's likely, but such allegations have been made in the past, and it seems like a pretty cut and dried case of people having a right to know how their own information is being used. If Wikimedia were based in Europe, it would most likely be required by law.
Nathan
When you use Wikipedia, information about what you do is logged. The same is true for other websites. In most cases on the internet in general, it’s impossible for the average user to know if their information has been used or disclosed in a way that is contrary to the site’s privacy policy. Sometimes misuse or preventable, improper disclosure of private data is made publicly known, as has happened with many online services being hacked for credit card or password information. The reality on the internet is that generally the information you provide can’t be guaranteed to remain private and secure. It is true that there can be abuses of investigative tools like CU, search warrants, and almost anything else. The best that can be done is to take reasonable precautions and to be careful about what you disclose in the first place, for the people who are trusted with special investigative tools to be honest and competent, to have sufficient “separation of powers” to help as much as possible to verify that the investigators are honest and competent, and for there to be penalties for investigators who misuse their authority. Regarding the investigative use of private information, as I think others have said also, sometimes there may be a good reason to keep an active investigation from being known to the individual who is being investigated. Like you, I value accountability and transparency, and I would gladly listen to suggestions that enhance accountability and transparency while maintaining reasonable safeguards for active investigations. There needs to be a balance. I prefer transparency, but sometimes there are good reasons for information to remain private.
Pine
I think the idea that making the log of checks public will be a service to those subject to CheckUser is misguided. One of the best reasons for keeping the logs private is not security through obscurity but the prevention of unwarranted stigma and drama. Most checks (which aren't just scanning a vandal or persistent sockpuppeteer's IP for other accounts) are performed because there is some amount of uncertainty. Not all checks are positive, and a negative result doesn't necessarily mean the check was unwarranted. I think those who have been checked without a public request deserve not to have suspicion cast on them by public logs if the check did not produce evidence of guilt. At the same time, because even justified checks will often upset the subject, the CheckUser deserves to be able to act on valid suspicions without fear of retaliation. The community doesn't need the discord that a public log would generate. That's not to say that there should be no oversight, but that a public log is not the way to do it.
Dominic
On 6/14/12 6:34 PM, En Pine wrote:
Nathan, I’d like to respond to all three of your recent comments.
Can you explain how this is so? I did a fair amount of work at SPI as a clerk, and I'm not sure I understand how the mere fact that a check was performed is giving sockpuppeters a roadmap for how to avoid detection. If you mean they could test the CU net by running a bunch of socks on different strategies to see which get checked and which don't, that seems like a lot of work that a vanishingly small number of abusers would attempt... and also basically the same information as they would receive when those sock accounts are ultimately blocked or not blocked per CU.
~Nathan
I think you might be amazed that the persistence and sophistication of some individuals. I personally haven’t dealt with them much on-wiki, but I’ve certainly seen them on IRC.
Here are some problems with that rationale:
- If a sock confirmation results from a CU check, the person is blocked,
which is a pretty big tip off all its own. If a case is filed at SPI, then tons of evidence is submitted, then a CU check is performed in public, then a block is or is not imposed. That whole process is a pretty big tip off too, but we haven't shut it down for providing a road map to abusers.
You are correct that the start of the CU case is public at the time of filing at WP:SPI. The identity of the CU is also public when it is run for those filed cases. I believe that we are discussing in this thread are instances of the CU tool being used, or data from the tool being used and shared among functionaries who are permitted access to private data, when that use or sharing is not made publicly known at WP:SPI. I am not a Checkuser but perhaps someone who is a Checkuser can give some examples of situations when this happens. I personally know of at least two scenarios.
- You can't dispute the use of CU on your information if you don't know
that it was used. It's kind of like secret wiretapping with a FISA warrant; if you never know you've been wiretapped, how are you supposed to challenge it or know whether it was used improperly? As for "various groups can investigate", to some extent that's true. Most of them are checkusers, however, and they still tend not to disclose all relevant information. I'm not saying that any CU is doing anything improper or that it's likely, but such allegations have been made in the past, and it seems like a pretty cut and dried case of people having a right to know how their own information is being used. If Wikimedia were based in Europe, it would most likely be required by law.
Nathan
When you use Wikipedia, information about what you do is logged. The same is true for other websites. In most cases on the internet in general, it’s impossible for the average user to know if their information has been used or disclosed in a way that is contrary to the site’s privacy policy. Sometimes misuse or preventable, improper disclosure of private data is made publicly known, as has happened with many online services being hacked for credit card or password information. The reality on the internet is that generally the information you provide can’t be guaranteed to remain private and secure. It is true that there can be abuses of investigative tools like CU, search warrants, and almost anything else. The best that can be done is to take reasonable precautions and to be careful about what you disclose in the first place, for the people who are trusted with special investigative tools to be honest and competent, to have sufficient “separation of powers” to help as much as possible to verify that the investigators are honest and competent, and for there to be penalties for investigators who misuse their authority. Regarding the investigative use of private information, as I think others have said also, sometimes there may be a good reason to keep an active investigation from being known to the individual who is being investigated. Like you, I value accountability and transparency, and I would gladly listen to suggestions that enhance accountability and transparency while maintaining reasonable safeguards for active investigations. There needs to be a balance. I prefer transparency, but sometimes there are good reasons for information to remain private.
Pine _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
I think the idea that making the log of checks public will necessarily be a service to those subject to CheckUser is misguided. One of the best reasons for keeping the logs private is not security through obscurity but the prevention of unwarranted stigma and drama. Most checks (which aren't just scanning a vandal or persistent sockpuppeteer's IP for other accounts) are performed because there is some amount of uncertainty. Not all checks are positive, and a negative result doesn't necessarily mean the check was unwarranted. I think those who have been checked without a public request deserve not to have suspicion cast on them by public logs if the check did not produce evidence of guilt. At the same time, because even justified checks will often upset the subject, the CheckUser deserves to be able to act on valid suspicions without fear of retaliation. The community doesn't need the discord that a public log would generate. That's not to say that there should be no oversight, but that a public log is not the way to do it.
Dominic
On 6/14/12 6:34 PM, En Pine wrote:
Nathan, I’d like to respond to all three of your recent comments.
Can you explain how this is so? I did a fair amount of work at SPI as a clerk, and I'm not sure I understand how the mere fact that a check was performed is giving sockpuppeters a roadmap for how to avoid detection. If you mean they could test the CU net by running a bunch of socks on different strategies to see which get checked and which don't, that seems like a lot of work that a vanishingly small number of abusers would attempt... and also basically the same information as they would receive when those sock accounts are ultimately blocked or not blocked per CU.
~Nathan
I think you might be amazed that the persistence and sophistication of some individuals. I personally haven’t dealt with them much on-wiki, but I’ve certainly seen them on IRC.
Here are some problems with that rationale:
- If a sock confirmation results from a CU check, the person is blocked,
which is a pretty big tip off all its own. If a case is filed at SPI, then tons of evidence is submitted, then a CU check is performed in public, then a block is or is not imposed. That whole process is a pretty big tip off too, but we haven't shut it down for providing a road map to abusers.
You are correct that the start of the CU case is public at the time of filing at WP:SPI. The identity of the CU is also public when it is run for those filed cases. I believe that we are discussing in this thread are instances of the CU tool being used, or data from the tool being used and shared among functionaries who are permitted access to private data, when that use or sharing is not made publicly known at WP:SPI. I am not a Checkuser but perhaps someone who is a Checkuser can give some examples of situations when this happens. I personally know of at least two scenarios.
- You can't dispute the use of CU on your information if you don't know
that it was used. It's kind of like secret wiretapping with a FISA warrant; if you never know you've been wiretapped, how are you supposed to challenge it or know whether it was used improperly? As for "various groups can investigate", to some extent that's true. Most of them are checkusers, however, and they still tend not to disclose all relevant information. I'm not saying that any CU is doing anything improper or that it's likely, but such allegations have been made in the past, and it seems like a pretty cut and dried case of people having a right to know how their own information is being used. If Wikimedia were based in Europe, it would most likely be required by law.
Nathan
When you use Wikipedia, information about what you do is logged. The same is true for other websites. In most cases on the internet in general, it’s impossible for the average user to know if their information has been used or disclosed in a way that is contrary to the site’s privacy policy. Sometimes misuse or preventable, improper disclosure of private data is made publicly known, as has happened with many online services being hacked for credit card or password information. The reality on the internet is that generally the information you provide can’t be guaranteed to remain private and secure. It is true that there can be abuses of investigative tools like CU, search warrants, and almost anything else. The best that can be done is to take reasonable precautions and to be careful about what you disclose in the first place, for the people who are trusted with special investigative tools to be honest and competent, to have sufficient “separation of powers” to help as much as possible to verify that the investigators are honest and competent, and for there to be penalties for investigators who misuse their authority. Regarding the investigative use of private information, as I think others have said also, sometimes there may be a good reason to keep an active investigation from being known to the individual who is being investigated. Like you, I value accountability and transparency, and I would gladly listen to suggestions that enhance accountability and transparency while maintaining reasonable safeguards for active investigations. There needs to be a balance. I prefer transparency, but sometimes there are good reasons for information to remain private.
Pine _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks mcdevitd@gmail.comwrote:
I think the idea that making the log of checks public will necessarily be a service to those subject to CheckUser is misguided. One of the best reasons for keeping the logs private is not security through obscurity but the prevention of unwarranted stigma and drama. Most checks (which aren't just scanning a vandal or persistent sockpuppeteer's IP for other accounts) are performed because there is some amount of uncertainty. Not all checks are positive, and a negative result doesn't necessarily mean the check was unwarranted. I think those who have been checked without a public request deserve not to have suspicion cast on them by public logs if the check did not produce evidence of guilt. At the same time, because even justified checks will often upset the subject, the CheckUser deserves to be able to act on valid suspicions without fear of retaliation. The community doesn't need the discord that a public log would generate. That's not to say that there should be no oversight, but that a public log is not the way to do it.
Dominic
The threat of stigma can be ameliorated by not making the logs public, which was never suggested. A simple system notification of "The data you provide to the Wikimedia web servers has been checked by a checkuser on this project, see [[wp:checkuser]] for more information" would be enough.
En Pine's reply to my queries seems calibrated for someone who is unfamiliar with SPI and checkuser work. I'm not - in fact I worked as a clerk with checkusers at SPI for a long time and am quite familiar with the process and its limitations. I know what's disclosed, approximately how frequently checks are run, the general proportion of checks that are public vs. all checks, etc. I still am not clear on how disclosing the fact of a check helps socks avoid detection, and I still believe that it's worthwhile for a transparent organization like Wikimedia to alert users when their private information (information that is, as Risker has mentioned, potentially personally identifying) has been disclosed to another volunteer.
Nathan
Notification of some checks would always have to be withheld to allow complex investigations to be completed without "tipping off". There is public information that suggests there have been complex abuse cases (real abuse, like harassment, not vandalism). To notify parties suspected of involvement while these long running investigations are underway is broadly analogous to receiving an automated email when your name is searched on the FBI national computer: the innocent want an explanation that wastes police time; the guilty realise they are being investigated and are tipped off to adapt their behaviour. As soon as there is an option to suppress the alert you are back to square 1: CUs may suppress the notification to "hide" what they are doing.
End of the day, the communities elected the CUs knowing they'd be able to secretly check private data - so you have to trust them to do what you ask them to do or elect someone else you do trust.
Neil / QuiteUnusual@Wikibooks
-----Original Message----- From: Nathan nawrich@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Thu, 14 Jun 2012 22:10:33 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks mcdevitd@gmail.comwrote:
I think the idea that making the log of checks public will necessarily be a service to those subject to CheckUser is misguided. One of the best reasons for keeping the logs private is not security through obscurity but the prevention of unwarranted stigma and drama. Most checks (which aren't just scanning a vandal or persistent sockpuppeteer's IP for other accounts) are performed because there is some amount of uncertainty. Not all checks are positive, and a negative result doesn't necessarily mean the check was unwarranted. I think those who have been checked without a public request deserve not to have suspicion cast on them by public logs if the check did not produce evidence of guilt. At the same time, because even justified checks will often upset the subject, the CheckUser deserves to be able to act on valid suspicions without fear of retaliation. The community doesn't need the discord that a public log would generate. That's not to say that there should be no oversight, but that a public log is not the way to do it.
Dominic
The threat of stigma can be ameliorated by not making the logs public, which was never suggested. A simple system notification of "The data you provide to the Wikimedia web servers has been checked by a checkuser on this project, see [[wp:checkuser]] for more information" would be enough.
En Pine's reply to my queries seems calibrated for someone who is unfamiliar with SPI and checkuser work. I'm not - in fact I worked as a clerk with checkusers at SPI for a long time and am quite familiar with the process and its limitations. I know what's disclosed, approximately how frequently checks are run, the general proportion of checks that are public vs. all checks, etc. I still am not clear on how disclosing the fact of a check helps socks avoid detection, and I still believe that it's worthwhile for a transparent organization like Wikimedia to alert users when their private information (information that is, as Risker has mentioned, potentially personally identifying) has been disclosed to another volunteer.
Nathan _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Two points that might help bring people on different sides of the issue closer together.
1. How about notifying people that they have been check-usered 2 months after the fact? By that time I hope all investigations are complete, and is the risk of tipping off the nefarious should be over.
2. Though the strategies of when to checkuser and how to interpret the results are private, the workings of CheckUser are not. It is free software, and its useage described at http://www.mediawiki.org/wiki/Extension:CheckUser I would imagine any tech-savy user with malicioius intent will check how CheckUser can be used to detect their malicious editing, and what means they have to avoid detection. Notifying someone they have been checkusered does not give them any information they didn't have already, apart from being under investigation.
On Fri, Jun 15, 2012 at 8:43 AM, Neil Babbage neil@thebabbages.com wrote:
Notification of some checks would always have to be withheld to allow complex investigations to be completed without "tipping off". There is public information that suggests there have been complex abuse cases (real abuse, like harassment, not vandalism). To notify parties suspected of involvement while these long running investigations are underway is broadly analogous to receiving an automated email when your name is searched on the FBI national computer: the innocent want an explanation that wastes police time; the guilty realise they are being investigated and are tipped off to adapt their behaviour. As soon as there is an option to suppress the alert you are back to square 1: CUs may suppress the notification to "hide" what they are doing.
End of the day, the communities elected the CUs knowing they'd be able to secretly check private data - so you have to trust them to do what you ask them to do or elect someone else you do trust.
Neil / QuiteUnusual@Wikibooks
-----Original Message----- From: Nathan nawrich@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Thu, 14 Jun 2012 22:10:33 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks mcdevitd@gmail.comwrote:
I think the idea that making the log of checks public will necessarily be a service to those subject to CheckUser is misguided. One of the best reasons for keeping the logs private is not security through obscurity but the prevention of unwarranted stigma and drama. Most checks (which aren't just scanning a vandal or persistent sockpuppeteer's IP for other accounts) are performed because there is some amount of uncertainty. Not all checks are positive, and a negative result doesn't necessarily mean the check was unwarranted. I think those who have been checked without a public request deserve not to have suspicion cast on them by public logs if the check did not produce evidence of guilt. At the same time, because even justified checks will often upset the subject, the CheckUser deserves to be able to act on valid suspicions without fear of retaliation. The community doesn't need the discord that a public log would generate. That's not to say that there should be no oversight, but that a public log is not the way to do it.
Dominic
The threat of stigma can be ameliorated by not making the logs public, which was never suggested. A simple system notification of "The data you provide to the Wikimedia web servers has been checked by a checkuser on this project, see [[wp:checkuser]] for more information" would be enough.
En Pine's reply to my queries seems calibrated for someone who is unfamiliar with SPI and checkuser work. I'm not - in fact I worked as a clerk with checkusers at SPI for a long time and am quite familiar with the process and its limitations. I know what's disclosed, approximately how frequently checks are run, the general proportion of checks that are public vs. all checks, etc. I still am not clear on how disclosing the fact of a check helps socks avoid detection, and I still believe that it's worthwhile for a transparent organization like Wikimedia to alert users when their private information (information that is, as Risker has mentioned, potentially personally identifying) has been disclosed to another volunteer.
Nathan _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
On Fri, Jun 15, 2012 at 4:52 AM, Martijn Hoekstra <martijnhoekstra@gmail.com
wrote:
Two points that might help bring people on different sides of the issue closer together.
- How about notifying people that they have been check-usered 2
months after the fact? By that time I hope all investigations are complete, and is the risk of tipping off the nefarious should be over.
That's an interesting concept, and I'd think this would be the only way to
notify users without compromising the effectiveness of the tool, but I still have serious reservations about disclosure here for reasons previously cited and below. Also, there are conceivably complex abuse cases where an investigation would take longer than 2 months, particularly in the sort of cases that eventually end up before en.wiki's arbcom.
- Though the strategies of when to checkuser and how to interpret the
results are private, the workings of CheckUser are not. It is free software, and its useage described at http://www.mediawiki.org/wiki/Extension:CheckUser I would imagine any tech-savy user with malicioius intent will check how CheckUser can be used to detect their malicious editing, and what means they have to avoid detection. Notifying someone they have been checkusered does not give them any information they didn't have already, apart from being under investigation.
The privacy rules surrounding it are very much public as well. That makes the effectiveness of checkuser as a tool very much dependent on carelessness or ignorance of person targeted, things we want to preserve as much as possible lest checkuser stop being effective or massive relaxation of privacy policies become necessary to preserve its effectiveness.
On Fri, Jun 15, 2012 at 11:18 AM, Stephanie Daugherty sdaugherty@gmail.com wrote:
On Fri, Jun 15, 2012 at 4:52 AM, Martijn Hoekstra <martijnhoekstra@gmail.com
wrote:
Two points that might help bring people on different sides of the issue closer together.
- How about notifying people that they have been check-usered 2
months after the fact? By that time I hope all investigations are complete, and is the risk of tipping off the nefarious should be over.
That's an interesting concept, and I'd think this would be the only way to
notify users without compromising the effectiveness of the tool, but I still have serious reservations about disclosure here for reasons previously cited and below. Also, there are conceivably complex abuse cases where an investigation would take longer than 2 months, particularly in the sort of cases that eventually end up before en.wiki's arbcom.
- Though the strategies of when to checkuser and how to interpret the
results are private, the workings of CheckUser are not. It is free software, and its useage described at http://www.mediawiki.org/wiki/Extension:CheckUser I would imagine any tech-savy user with malicioius intent will check how CheckUser can be used to detect their malicious editing, and what means they have to avoid detection. Notifying someone they have been checkusered does not give them any information they didn't have already, apart from being under investigation.
The privacy rules surrounding it are very much public as well. That makes the effectiveness of checkuser as a tool very much dependent on carelessness or ignorance of person targeted, things we want to preserve as much as possible lest checkuser stop being effective or massive relaxation of privacy policies become necessary to preserve its effectiveness.
Am I correct to summorise here than that CU works because people don't know it doesn't?
The request--at least the original request here-- was not that they be made public. The request was that they be disclosed to the person being checkusered,. There is thus no stigmatization or drama. That it might upset the subject to tell him the truth is paternalism.
On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks mcdevitd@gmail.com wrote:
I think the idea that making the log of checks public will necessarily be a service to those subject to CheckUser is misguided. One of the best reasons for keeping the logs private is not security through obscurity but the prevention of unwarranted stigma and drama. Most checks (which aren't just scanning a vandal or persistent sockpuppeteer's IP for other accounts) are performed because there is some amount of uncertainty. Not all checks are positive, and a negative result doesn't necessarily mean the check was unwarranted. I think those who have been checked without a public request deserve not to have suspicion cast on them by public logs if the check did not produce evidence of guilt. At the same time, because even justified checks will often upset the subject, the CheckUser deserves to be able to act on valid suspicions without fear of retaliation. The community doesn't need the discord that a public log would generate. That's not to say that there should be no oversight, but that a public log is not the way to do it.
Dominic
On 6/14/12 6:34 PM, En Pine wrote:
Nathan, I’d like to respond to all three of your recent comments.
Can you explain how this is so? I did a fair amount of work at SPI as a clerk, and I'm not sure I understand how the mere fact that a check was performed is giving sockpuppeters a roadmap for how to avoid detection. If you mean they could test the CU net by running a bunch of socks on different strategies to see which get checked and which don't, that seems like a lot of work that a vanishingly small number of abusers would attempt... and also basically the same information as they would receive when those sock accounts are ultimately blocked or not blocked per CU.
~Nathan
I think you might be amazed that the persistence and sophistication of some individuals. I personally haven’t dealt with them much on-wiki, but I’ve certainly seen them on IRC.
Here are some problems with that rationale:
- If a sock confirmation results from a CU check, the person is blocked,
which is a pretty big tip off all its own. If a case is filed at SPI, then tons of evidence is submitted, then a CU check is performed in public, then a block is or is not imposed. That whole process is a pretty big tip off too, but we haven't shut it down for providing a road map to abusers.
You are correct that the start of the CU case is public at the time of filing at WP:SPI. The identity of the CU is also public when it is run for those filed cases. I believe that we are discussing in this thread are instances of the CU tool being used, or data from the tool being used and shared among functionaries who are permitted access to private data, when that use or sharing is not made publicly known at WP:SPI. I am not a Checkuser but perhaps someone who is a Checkuser can give some examples of situations when this happens. I personally know of at least two scenarios.
- You can't dispute the use of CU on your information if you don't know
that it was used. It's kind of like secret wiretapping with a FISA warrant; if you never know you've been wiretapped, how are you supposed to challenge it or know whether it was used improperly? As for "various groups can investigate", to some extent that's true. Most of them are checkusers, however, and they still tend not to disclose all relevant information. I'm not saying that any CU is doing anything improper or that it's likely, but such allegations have been made in the past, and it seems like a pretty cut and dried case of people having a right to know how their own information is being used. If Wikimedia were based in Europe, it would most likely be required by law.
Nathan
When you use Wikipedia, information about what you do is logged. The same is true for other websites. In most cases on the internet in general, it’s impossible for the average user to know if their information has been used or disclosed in a way that is contrary to the site’s privacy policy. Sometimes misuse or preventable, improper disclosure of private data is made publicly known, as has happened with many online services being hacked for credit card or password information. The reality on the internet is that generally the information you provide can’t be guaranteed to remain private and secure. It is true that there can be abuses of investigative tools like CU, search warrants, and almost anything else. The best that can be done is to take reasonable precautions and to be careful about what you disclose in the first place, for the people who are trusted with special investigative tools to be honest and competent, to have sufficient “separation of powers” to help as much as possible to verify that the investigators are honest and competent, and for there to be penalties for investigators who misuse their authority. Regarding the investigative use of private information, as I think others have said also, sometimes there may be a good reason to keep an active investigation from being known to the individual who is being investigated. Like you, I value accountability and transparency, and I would gladly listen to suggestions that enhance accountability and transparency while maintaining reasonable safeguards for active investigations. There needs to be a balance. I prefer transparency, but sometimes there are good reasons for information to remain private.
Pine _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
wikimedia-l@lists.wikimedia.org