[Wikimedia-l] CheckUser openness

Martijn Hoekstra martijnhoekstra at gmail.com
Fri Jun 15 08:52:05 UTC 2012 

Two points that might help bring people on different sides of the
issue closer together.

1. How about notifying people that they have been check-usered 2
months after the fact? By that time I hope all investigations are
complete, and is the risk of tipping off the nefarious should be over.

2. Though the strategies of when to checkuser and how to interpret the
results are private, the workings of CheckUser are not. It is free
software, and its useage described at
http://www.mediawiki.org/wiki/Extension:CheckUser I would imagine any
tech-savy user with malicioius intent will check how CheckUser can be
used to detect their malicious editing, and what means they have to
avoid detection. Notifying someone they have been checkusered does not
give them any information they didn't have already, apart from being
under investigation.

On Fri, Jun 15, 2012 at 8:43 AM, Neil Babbage <neil at thebabbages.com> wrote:
>
> Notification of some checks would always have to be withheld to allow complex investigations to be completed without "tipping off". There is public information that suggests there have been complex abuse cases (real abuse, like harassment, not vandalism). To notify parties suspected of involvement while these long running investigations are underway is broadly analogous to receiving an automated email when your name is searched on the FBI national computer: the innocent want an explanation that wastes police time; the guilty realise they are being investigated and are tipped off to adapt their behaviour.  As soon as there is an option to suppress the alert you are back to square 1: CUs may suppress the notification to "hide" what they are doing.
>
> End of the day, the communities elected the CUs knowing they'd be able to secretly check private data - so you have to trust them to do what you ask them to do or elect someone else you do trust.
>
>
> Neil / QuiteUnusual at Wikibooks
>
> -----Original Message-----
> From: Nathan <nawrich at gmail.com>
> Sender: wikimedia-l-bounces at lists.wikimedia.org
> Date: Thu, 14 Jun 2012 22:10:33
> To: Wikimedia Mailing List<wikimedia-l at lists.wikimedia.org>
> Reply-To: Wikimedia Mailing List <wikimedia-l at lists.wikimedia.org>
> Subject: Re: [Wikimedia-l] CheckUser openness
>
> On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks
> <mcdevitd at gmail.com>wrote:
>
>> I think the idea that making the log of checks public will necessarily be
>> a service to those subject to CheckUser is misguided. One of the best
>> reasons for keeping the logs private is not security through obscurity but
>> the prevention of unwarranted stigma and drama. Most checks (which aren't
>> just scanning a vandal or persistent sockpuppeteer's IP for other accounts)
>> are performed because there is some amount of uncertainty. Not all checks
>> are positive, and a negative result doesn't necessarily mean the check was
>> unwarranted. I think those who have been checked without a public request
>> deserve not to have suspicion cast on them by public logs if the check did
>> not produce evidence of guilt. At the same time, because even justified
>> checks will often upset the subject, the CheckUser deserves to be able to
>> act on valid suspicions without fear of retaliation. The community doesn't
>> need the discord that a public log would generate. That's not to say that
>> there should be no oversight, but that a public log is not the way to do it.
>>
>>
>> Dominic
>>
>
> The threat of stigma can be ameliorated by not making the logs public,
> which was never suggested. A simple system notification of "The data you
> provide to the Wikimedia web servers has been checked by a checkuser on
> this project, see [[wp:checkuser]] for more information" would be enough.
>
> En Pine's reply to my queries seems calibrated for someone who is
> unfamiliar with SPI and checkuser work. I'm not - in fact I worked as a
> clerk with checkusers at SPI for a long time and am quite familiar with the
> process and its limitations. I know what's disclosed, approximately how
> frequently checks are run, the general proportion of checks that are public
> vs. all checks, etc. I still am not clear on how disclosing the fact of a
> check helps socks avoid detection, and I still believe that it's worthwhile
> for a transparent organization like Wikimedia to alert users when their
> private information (information that is, as Risker has mentioned,
> potentially personally identifying) has been disclosed to another
> volunteer.
>
> Nathan
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

More information about the Wikimedia-l mailing list