[Wikimedia-l] CheckUser openness

Sat Jun 16 07:02:04 UTC 2012

> I do hear and understand the argument here, but it is somewhat
> problematic to have to have the argument "if we do this, we'll be
> handing over information to sockpuppeteers we don't want them to have,
> and we can't tell you what that information is, because otherwise
> we'll be handing over information to sockpuppeteers we don't want them
> to have". While I think the methods currently used are probably sound,
> and the information would indeed give them more possibilities to evade
> the system, I can't be sure of it, because I can't be told what that
> information is.
>
> I don't think this is a viable long-term strategy. The Audit Committee
> is a way around this, but as indicated before, there is somewhat of an
> overlap between the committee and the Check-User in-crowd, which could
> (again, could, I'm not sure if it is indeed true).
>
> Apart from the 'timed release' of information I proposed earlier, I
> don't really see a viable solution for this, as I doubt we have enough
> people that are sufficiently qualified on a technical level to
> actually judge the checkuser results, who also have enough statistical
> knowledge to interpret the level of certainty indicated in a result,
> who also have the trust of the community to carry out the task, who
> also have never been a checkuser or arb, who also have the backbone to
> blow the whistle if something goes wring, who also have the
> willingness and time to take it upon themselves to be a meaningful
> member of the Audit Committee.

Hi Martijn,

I agree that there might be ways to structure a delayed and limited release 
so that it poses only a moderate risk to investigations, but as I have said, 
I think that the benefits to an honest user are limited, and there is 
potential for substantial cost in terms of volunteer hours for many types of 
users with enhanced permissions who might get lots of requests for audits of 
CU actions and lots of detailed questions about CU policy. Even if the risk 
to investigations was zero, there would still be those costs of time. In a 
cost/benefit analysis, I think there will be more cost value than benefit 
value. Consider the amount of time that users with enhanced permissions 
could spend conducting risk-based investigations and risk-based or random 
audits of CUs, instead of being asked to spend that time answering questions 
and conducting investigations solely because users make requests for second 
opinions about their account being CU'd even if that CU action had 
relatively low risk of CU misuse and inaccuracy.

Regarding who checks the checkusers, I think the current systems of peer 
review, AUSC and arbcom reviews, ombudsman review, and WMF review are about 
as extensive as realistically possible. Maybe if I was a CU or a member of 
one of these organizations I would have deeper insight into potential 
opportunities for valuable improvements. If you are seriously interested in 
these issues then consider nominating yourself or someone you trust to serve 
as a CU, community-appointed AUSC member, ombudsman, or arbiter.

Cheers,

Pine 