[Foundation-l] (Flashback) A short (and revised) FAQ about Wikimania in Alexandria

Mike Godwin mgodwin at wikimedia.org
Sat Apr 19 17:55:53 UTC 2008 

Guillaume writes:

>  I thought the meaning was understandable with the rest of my email :

You seemed to be implying something by "internal" that either I don't  
fully grasp or that is flatly contradictory to what actually has been  
occurring.

> I understand you have consulted various outside experts. And although
> I am convinced you know you have a variety of competences besides
> being an attorney, I am not aware of "risk assessment expert" being
> one of them.

I am not characterizing myself that way.  But I do know a range of  
security experts, both academic and professional, and have government  
contacts as well.

> In March, Sue told she had asked you to have a
> professional firm assess the security at Wikimania. I would like to
> know if that was just a calming promise nobody really intends to keep,
> or if there is actually an assessment being conducted by a
> professional firm.

It is now April. This is an ongoing process, and the security FAQ that  
I reposted to this list was not meant to be understood as fulfillment  
of Sue's promise, but as an interim progress report.  It was aimed  
both at giving the Board an update on what we had learned so far (in  
time for their April board meeting) and also providing pointers for  
the community who might want to answer questions for themselves.  One  
of the reasons I republished the FAQ this week was that there had been  
so little response to its first publication (I think people were  
preoccupied with the debate about ancient languages), and I wanted to  
make sure we at the Foundation adequately understood whether we were  
raising the right questions for whatever resources we invest in.  As I  
have said, it would be a very poor investment of Foundation funds to  
spend perhaps tens of thousands of Euros on answering the wrong  
questions, addressing the wrong issues, or in some other way failing  
to resolve the controversy adequately.  Instead, what I get mostly is  
public sniping (although at least one person has been privately  
helpful).  If you believe that foundation-l has something to offer,  
surely that involves constructive feedback on whether we are going  
down the right path rather than trying to interrogate us as to "a  
calming promise that nobody really intends to keep." (I can't believe  
you said that, actually.)

So here's the process so far.  We have talked to some risk-assessment  
firms. They have asked what issues concern us and instructed us also  
to use public resources (such as the state department website, which  
lists travel advisories and alerts) as well as contact both the  
Egyptian government and our local contacts. We have followed their  
suggestions.  In response to the question about issues,  I have put  
together a list of questions and concerns, based on the discussion on  
this list, and submitted it to our local contacts -- *just as I was  
advised to do by security experts*. This helps us refine our inquiry  
and ensure that we continue to ask the right questions as the  
conference date grows nearer. It also enabled me to draft an initial  
FAQ, which I have since updated.

Why not simply hire a generalized risk assessment in March? In some  
small part because I wasn't sure we had found the right firm yet (I  
won't name the ones we talked to, but I will say that trying to frame  
a risk assessment for a diverse population of largely young,  
frequently pseudonymous attendees is not a normal query for a security  
firm that normally provides corporate or government services for  
easily identifiable individuals under contract), but primarily because  
things can change quickly between March and July in terms of site  
assessment.

So, the natural development of this inquiry, it seems to me, is to do  
just what I have been doing -- continuing to seek information from a  
variety of sources and uncovering the depth and range of concerns.  
I've received a small amount of helpful feedback here, but less than I  
would prefer. At some point, assuming I get useful feedback about  
community concerns, it should be easier to identify the precise issues  
we could use to hire the right outside security firm for site and  
event risk assessment.

My impression is that it's so easy to snipe with one-liners here that  
the culture of foundation-l -- including the inevitable suggestion of  
dishonesty (thank you, Guillaume!) -- somehow prefers that mode of  
discourse. Plus, I get the impression that some people don't think  
there's really an inquiry unless there has been an Inquisition.


--Mike

More information about the foundation-l mailing list