[Foundation-l] Genisis of WMF Identification policy?

[THURNER rupert]

On Sat, Feb 26, 2011 at 23:58, Birgitte SB <birgitte_sb at yahoo.com> wrote:
> ________________________________
> From: Lodewijk <lodewijk at effeietsanders.org>
> To: Wikimedia Foundation Mailing List <foundation-l at lists.wikimedia.org>
> Cc: Birgitte SB <birgitte_sb at yahoo.com>
> Sent: Fri, February 25, 2011 3:51:50 PM
> Subject: Re: [Foundation-l] Genisis of WMF Identification policy?
>
> It should be clear and transparant why the WMF is collecting this
> information, and what they intend to do with it. If they want to be able to
> sue people - fine, but then just say that. Then people know what they are up
> against, and what the reasoning is. That way alone volunteers can make their
> rational decision. But also chapters, because it might have quite some legal
> complications if the WMF wants to force a chapter to submit private data
> about one of their members because they want to sue this person.
>
>
> The problem with is that none of us can imagine all the future possibilities
> that could occur.  The WMF can't know what they could be up against.   So how
> can they possibly tell you what they can't know?
>
> You seem to suggest the WMF suing someone is an extreme thing.  But what is
> really extreme is asking WMF to vow *not* to sue anyone. Lets say they do this
> and imagine if a checkuser User:Foobar publishes private information on their
> blog obtained as a checkuser. Someone whose privacy was violated identifies who
> User:Foobar was through their blog; sues them and wins.  User:Foobar sues WMF
> claiming something frivolous about not protecting them from the situation and
> loses. Because of the vow WMF cannot counter-sue User:Foobar for lawyer fees and
> court costs even though WMF does not even need to the recorded identification
> provided through the policy in this case because User:Foobar identified themself
> in the lawsuit they filed against WMF.
>
> Also the privacy policy is a joke without the identification policy.  Say
> checkuser User:Foo breaches the privacy policy and rightly loses checkuser
> rights.  There is no record available to WMF identifying  RealName as User:Foo.
> So RealName retires User:Foo and registers User:Bar who is then able to become a
> checkuser. Is this truly a responsible privacy policy when there is no way of
> preventing those who have abused their access to private data from once again
> obtaining access to private data?
>
> As I said in my first email.  There are valid concerns about the identification
> policy that must be resolved.  However, deciding to indefinitely give
> unidentifiable people access to private data can not be an option.  It just too
> irresponsible.  This is *my* private data you are all playing with.  I won't get
> to have *your* private data in return, but you can at least give it the WMF to
> act as a responsible party protecting *my* interests. I understand that you need
> some safeguards about security at WMF Office or WMF Chapters. However if you
> won't be comfortable with any possible procedure where they could keep *your*
> private data, then stay away from *my* private data.
>

how many people do have access to private data?

rupert.