[Wikimedia-l] CheckUser openness
Nathan
nawrich at gmail.com
Thu Jun 14 01:36:20 UTC 2012
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation <
pbeaudette at wikimedia.org> wrote:
> I dunno, John, you almost had me convinced until that email. I saw in that
> mail a reasonable comment from Risker based on long time precedent.
>
> As you may know, there are a number of checks and balances in place.
> First, the CUs watch each other. With a broad group, you can be assured
> they don't all always agree and there is healthy debate and dialogue.
> Second, enwp has an audit subcommittee that routinely audits the logs with
> a fine toothed comb. They are NOT all previous checkusers, to avoid the
> sort of groupthink that appears to concern you. Then, the WMF has an
> ombudsman commission, which also may audit with commission from the Board.
> Those people take their role very seriously. And last, anyone with genuine
> privacy concerns can contact the WMF: me, Maggie, anyone in the legal or
> community advocacy department.
>
> Is it an iron clad assurance of no misbehavior? Probably not, and we will
> continue to get better at it: but I will say that in 3 years of being
> pretty closely involved with that team, I'm impressed with how much they
> err on the side of protection of privacy. I have a window into their world,
> and they have my respect.
>
> Best, PB
> -----------------------
> Philippe Beaudette
> Director, Community Advocacy
> Wikimedia Foundation, Inc
>
>
>
There is also the Meta checkuser policy; not all policy guidance for
checkusers is set locally, they all have to abide by the global policy on
checkuser usage (which incorporates by reference the privacy policy).
To make an analogy to the health world... In the United States, the privacy
and security of health information is governed by the Health Insurance
Portability And Accountability Act (HIPAA). Part of the act is the
requirement that access to health information be auditable, and that an
accounting of access to protected information be provided to the person
concerned upon request. It's not that far out to suggest that people should
be notified when their personally identifying information is accessed on
Wikimedia, if we invest that information with the significance that many
wish to. To be honest, I'm surprised Risker doesn't agree, given the
emphasis on personal privacy demonstrated in the IPv6 thread on this list.
Nathan
More information about the Wikimedia-l
mailing list