[Foundation-l] WMF resolution on access to non-public data passed

phoebe ayers phoebe.wiki at gmail.com
Wed May 2 08:52:31 UTC 2007

On 5/1/07, Brad Patrick <bradp.wmf at gmail.com> wrote:
> Hash: SHA1
> <snip>
> offer.  Any other statement is hogwash.  If your identity is so secret
> that you can't let it be shared, then don't share it.  That is your
> decision, and no one elses.  For example, I appreciate what sannse is
> saying, and I hold her in very high regard, but I think her opposition
> to the policy is misguided.  People *do* already know who she is.  The
> point is that the Foundation cannot risk letting people no Foundation
> person has shaken hands with, spoken to on the phone, etc., from having
> the capacity to expose confidential information.  One word: Essjay.


While appreciating that Brad doesn't speak for the Foundation, and noting
that I don't disagree with the proposed policy and am happy to provide my ID
to the WMF, etc.... I do find this statement about someone that "no
Foundation person has shaken hands with..." curious in light of the actual

There is, as SJ hints at, a big difference between being personally
trustworthy -- online or off -- and having your identity confirmed. To take
myself as an example: I've met in person, shaken hands with and spoken on
the phone to many of the Foundation people; and I have a position of trust
(OTRS) that comes under this resolution. In short: I hope I'm considered
personally trustworthy, or at least personally known. That doesn't mean any
of you necessarily know my exact age, or my middle name, or the fact that I
really do have a California driver's license, or where I live, or that I
really work at a university, or any of the other specific details that a
positive ID could provide. Furthermore, if none of you had ever met or
interacted with me, any number of government IDs couldn't confirm that I'm a
trustworthy and competent person, that I'm not going to take all the
personal information I've ever come in contact with and share it far and
wide on teh interweb, etc. -- all they could confirm is those morally
anonymous personal details.

It clearly takes some combination of the two -- positive ID and personal
knowledge of someone's work -- to obtain what it seems like the policy is
getting at, that is, knowing that volunteers with access to sensitive
information must be both mature and over the age of consent, trustworthy and
truthful in their identity, respectful of both Foundation policies and
personal privacy rights, and possessed of good common and moral sense.

As I said, I'm all in favor of this goal. So far, volunteers for trusted
positions have them mainly because other people think they're trustworthy
from onwiki interactions. The resolution seems like it is  filling in the
gap of also getting a positive ID for people, so that as Kat says the
Foundation can "ensure that volunteers can be held accountable for their own
actions." It would be nice to clarify though if this in the only purpose or
if there is a larger assumption being made about what these positive IDs
will achieve.


More information about the foundation-l mailing list