Nathan Reed wrote:
"It is the policy of Wikimedia that
personally identifiable data
collected
in the server logs, or through records in the
database via the CheckUser
feature, may be released by the system administrators or users with
CheckUser access, in the following situations:"
Does this mean that personally identifiable information may be released
by
users with CheckUser permissions? For example, is
it permissible for me
to
release the actual IP address of a vandal to the
general public? I'm not
sure, but this may not be a good thing.
I can understand using the information for IP blocks, but perhaps the
release of the information should not be so broad in these cases. Or,
maybe
I'm tired, have failed to comprehend the
policy completely, and have
missed
something.. :D
Notice that the privacy policy is what we tell the public that we *may*
do. We can and should, in practice, be as privacy conscious as we can
be, and so checkusers who have any doubt about to whom they should
release information, and when, and why, should check carefully with
Angela, Anthere, me, brad, other checkusers, relevant arbcoms, etc.
Even if our privacy policy leaves us room to do something if we need to
do it, we may choose not to do it in most cases.
--Jimbo
To second Jimbo, part of what is really important about this is the notion
of "flexible response" especially when dealing with sensitive issues, i.e.
law enforcement (it happens) and emergency situations. We absolutely are
committed to a minimalist policy and will endeavor to release as little as
possible, whenever possible. However, we are also ensuring that if a
situation arises that calls for us to do something, we can do so within the
parameters of our own policy. I think it is a natural evolution and a good
policy.
--
Brad Patrick
General Counsel & Interim Executive Director
Wikimedia Foundation, Inc.
bradp.wmf(a)gmail.com
727-231-0101