[Foundation-l] Genisis of WMF Identification policy?

Sun Feb 27 15:18:25 UTC 2011

________________________________
From: THURNER rupert <rupert.thurner at wikimedia.ch>
To: Wikimedia Foundation Mailing List <foundation-l at lists.wikimedia.org>
Sent: Sat, February 26, 2011 7:48:36 PM
Subject: Re: [Foundation-l] Genisis of WMF Identification policy?

On Sat, Feb 26, 2011 at 23:58, Birgitte SB <birgitte_sb at yahoo.com> wrote:
> ________________________________
> From: Lodewijk <lodewijk at effeietsanders.org>
> To: Wikimedia Foundation Mailing List <foundation-l at lists.wikimedia.org>
> Cc: Birgitte SB <birgitte_sb at yahoo.com>
> Sent: Fri, February 25, 2011 3:51:50 PM
> Subject: Re: [Foundation-l] Genisis of WMF Identification policy?
>
> It should be clear and transparant why the WMF is collecting this
> information, and what they intend to do with it. If they want to be able to
> sue people - fine, but then just say that. Then people know what they are up
> against, and what the reasoning is. That way alone volunteers can make their
> rational decision. But also chapters, because it might have quite some legal
> complications if the WMF wants to force a chapter to submit private data
> about one of their members because they want to sue this person.
>
>
> The problem with is that none of us can imagine all the future possibilities
> that could occur.  The WMF can't know what they could be up against.   So how
> can they possibly tell you what they can't know?
>
> You seem to suggest the WMF suing someone is an extreme thing.  But what is
> really extreme is asking WMF to vow *not* to sue anyone. Lets say they do this
> and imagine if a checkuser User:Foobar publishes private information on their
> blog obtained as a checkuser. Someone whose privacy was violated identifies 
who
> User:Foobar was through their blog; sues them and wins.  User:Foobar sues WMF
> claiming something frivolous about not protecting them from the situation and
> loses. Because of the vow WMF cannot counter-sue User:Foobar for lawyer fees 
>and
> court costs even though WMF does not even need to the recorded identification
> provided through the policy in this case because User:Foobar identified 
>themself
> in the lawsuit they filed against WMF.
>
> Also the privacy policy is a joke without the identification policy.  Say
> checkuser User:Foo breaches the privacy policy and rightly loses checkuser
> rights.  There is no record available to WMF identifying  RealName as 
User:Foo.
> So RealName retires User:Foo and registers User:Bar who is then able to become 
>a
> checkuser. Is this truly a responsible privacy policy when there is no way of
> preventing those who have abused their access to private data from once again
> obtaining access to private data?
>
> As I said in my first email.  There are valid concerns about the 
identification
> policy that must be resolved.  However, deciding to indefinitely give
> unidentifiable people access to private data can not be an option.  It just 
too
> irresponsible.  This is *my* private data you are all playing with.  I won't 
>get
> to have *your* private data in return, but you can at least give it the WMF to
> act as a responsible party protecting *my* interests. I understand that you 
>need
> some safeguards about security at WMF Office or WMF Chapters. However if you
> won't be comfortable with any possible procedure where they could keep *your*
> private data, then stay away from *my* private data.
>

how many people do have access to private data?

rupert.

That is one of the questions that still needs to be resolved.  But there seems 
to wide agreement that checkusers and oversighters at least qualify. Considering 
that I have seen people's real names, phone numbers, and addresses oversighted 
and the general attitude towards the privacy of IP information, this seems 
accurate to me. I personally have never taken on any of these roles being 
discussed as possibly having access to private data.  So I really don't have a 
lot of confidence in what sort of private data people think any of of the other 
roles have access too.

Birgitte SB