[Foundation-l] Genisis of WMF Identification policy?
Birgitte SB
birgitte_sb at yahoo.com
Fri Feb 25 03:36:16 UTC 2011
I was looking for something unrelated in the archives and came across an email
[1] that I believe people might find informative wrt to the Identification
Policy which I believe has had discussion tabled for the moment. It seems to be
the original suggestion that WMF needs some sort of identification policy by
then volunteer/board-member Erik. He was *not* a staff member at the time of
this message, just to be clear, since people seem to be fond of re-framing
debate along such lines lately. Summary of the context follows (Not perfectly
accurate chronologically speaking):
A female leader in the zh.WP community was harassed/threatened by the creation
of an account User:Rape[HerRealName]. Advice was sought in handling the
situation. There was talk about going to the authorities. There was talk about
which information about the account creator could be given to the authorities
under what circumstances. The existing privacy policy was quoted as "6 Where it
is reasonably necessary to protect the rights, property or safety of the
Wikimedia Foundation, its users or the public." . There was talk about it
essentially being a matter of mature judgment to differentiate between
derogatory comments, which however reprehensible, do not merit violating a
user's privacy and threats of violence which would compel the violation of
privacy in order to attempt to prevent such threats from being carried out. The
idea was suggested that perhaps those with the technical ability to access
private information need to be identified to WMF so that WMF will know who deal
with in case of abuse.
It seemed to me that many people were quite surprised that the WMF was planning
on recording the identifications of those with access to private information,
instead on the non-recording of this correspondense which I believe has been the
previous practice. It even seemed to me as though some were shocked at the
implication that WMF may perhaps be looking for legal accountability for the
judgments made by those with this access. So I found it very interesting when I
stumbled across evidence of public discussion of the need to record the
identities of trusted users in order to be able to deal with any abuse of
private information by one of the Community-seat Board Members before the
adoption of the resolution that has become controversial so recently. I don't
mean to suggest that the surprise and shock were insincere, just that they seem
to be rather uninformed as to the genesis of the resolution. It seems to me
that those things were in fact the original intentions behind the resolution and
the staff does have an obligation, however unpopular this obligation may have
become during the time period it has been left unfulfilled, to see to recording
such identities.
Granted there are good reasons the obligation was left unfulfilled before,
namely the lack of confidence in the WMF Office's technical and organizational
ability to keep these records secure. But once the WMF Office reaches a level of
reliability in organizational and technical competence where that objection is
mitigated, they then must address their obligation to keep identification
records. Also there are valid concerns over the ambiguity over whether the
access to which particular tools should qualify people as subject to the
Identification Resolution. What, however, in hindsight do not appear to be valid
concerns to me are why the WMF "wants" to "change" things, or that the decision
to keep such records was not in given a proper public place for discussion.
I can imagine that the staff (who are much in contact with Erik who we must
grant understood the intentions of a resolution he himself suggested the seed of
in 2006) to some degree assumed that the trusted volunteers understood that the
Identification Resolution's ultimate goal was the production of records and that
practice of destroying correspondence was done out of responsibility for the
fact that staff did not feel confident in their current ability to keep such
records. I can also imagine the trusted volunteers who were upset by the idea
of such records being kept to some degree assumed because there has sometimes
been a practice of destroying identification correspondence that this practice
was in fact the agreed upon policy of the Identification Resolution and also
because they could not recall otherwise trusted volunteers to some degree
assumed the potential policy of actually keeping identification records and why
such records may be needed had never been brought up for public discussion until
after it had been adopted.
Certainly the exact thoughts and communications during this recent
misunderstanding were rather more varied, less articulated, and altogether a
shade more grey than my speculation. But I am confident that my speculations
are not entirely inaccurate and that they are completely in good faith. There
has recently been a lot of discussion about getting back to the tenet of
assuming good faith. Here is as a good a place to start that journey as any.
On the tabled issue we are still left at least two important questions that need
resolution through an open discussion that succeeds in convincing those
volunteers who may be affected:
*How can volunteers be made be confident in the security of their identification
as records are being collected, recorded, and stored? How can this confidence
be maintained changes occur at WMF? Do these concerns merit the expense of
security audits?
*What tools that volunteers use in order to do the work of WMF will require them
to become a subject of the Identification Resolution? As new tools are
developed, who will be responsible for keeping track of their existence and
seeing that it is determined whether or not those who will be given access to
them will need to become a subject of the Identification Resolution?
Birgitte SB
[1] http://www.gossamer-threads.com/lists/wiki/foundation/74095#74095
More information about the wikimedia-l
mailing list