[Foundation-l] Stewards are ignoring requests for CheckUser information?

Robert Scott Horning robert_horning at netzero.net
Tue Apr 18 12:39:03 UTC 2006 

Ray Saintonge wrote:

>Robert Scott Horning wrote:
>
>  
>
>>You mean to tell me that if you are using the internet in China (or 
>>Saudi Arabia, Iran, Syria, or North Korea), that the government of those 
>>countries has no clue about not only what IP address you are using, but 
>>also what websites you are accessing?  
>>
>>    
>>
>Not North Korea; since it makes internet generally unavailable it 
>doesn't need to worry about monitoring. :-)
>
>Beyond that, it takes considerable manpower, resources and 
>sophistication to sift through masses of internet material to winnow out 
>whatever might be significant to these governments.  A great deal of 
>meaningless drivel is communicated on the internet, as any kid with an 
>MSN account will easily prove.  How much seriousness does one attach to 
>the goofy plots that might be expressed there.
>
>A friend who is currently teaching in Qatar recently had to seek medical 
>help, and as a result commented that the doctors there are not as good 
>as their equipment.  I suspect that this situation is not limited to 
>medicine.
>
I am not talking goofy communication here and impossible communications 
resoruces.  I am instead talking about a specific person who has 
contributed to a project like zh.wikipedia, where their activities and 
writings have been clearly identified as potentially subversive by the 
government and are the specific target of a formal police investigation. 
 The resources of even a small country can be devoted to tracking down 
and individual like this... or even a small-town police departpent. 
 More below:

>>I am telling you that regardless 
>>of where you are from, the government is going to know not only the 
>>activities that you do within that country, but most major governments 
>>will be capable of monitoring their citizens that are living outside of 
>>their countries as well.  It isn't that difficult of a task, and nothing 
>>that the Wikimedia Foundation could do, including deliberate deleting of 
>>all logs is going to change that.  The checkuser information in 
>>particular is not going to stop any government (or even corporate 
>>monitoring... as in your immediate supervisor could do this as well) 
>>    
>>
>>from being able to find out what your on-line activites have been.
>  
>
>>I fail to see how checkuser information falling into the wrong hands is 
>>going to cause a problem in this situation.  Really.  If a government 
>>entity wants to find out that User:Chinese_Protestor who has posted over 
>>2000 edits in zh.wikipedia is actually using a certain internet cafe in 
>>downtown Beijing, they don't need to have access to the checkuser 
>>facilities to find that information out, nor to even identify exactly 
>>who that user is.  I don't even need to do that if I really cared to 
>>find out who that person is.  On top of that, how can you be absolutely 
>>sure that some user that is a "trusted user" by whatever standard you 
>>are discussing isn't already a steward, but also a government agent who 
>>is using the checkuser access to monitor dissidents?  And won't be in 
>>the future?
>>
>>    
>>
>To be effective any such CIA agent is not going too blow his cover by 
>telling everyone.  To the rest of us his behaviour will seem perfectly 
>normal, and perhaps even better than average.
>
I have absolutely no idea where the CIA comes into this situation.  We 
are not talking foriegn agents but rather domestic police surveilence. 
 And they don't even need to "blow their cover" to get this information.

A polite letter to the Wikimedia Foundation is all that is really needed 
after the person has been identified.  And every edit is clearly linked 
to a specific registered or unregistered user anyway, and that is up for 
public display and the scanning of page history logs is not logged other 
than as a simply page request.  The exact legal process to force this 
information out of the Foundation is irrelevant, and I can think of 
several ways that even the Chinese government can get this sort of 
information even though official channels, and be considered 
"acceptable" by U.S. courts, assuming that users are trying to get some 
level of protection by having to go through international diplomatic 
channels to slow down the process.  Fine, but the information can still 
be obtained by a government agency and the Foundation would be powerless 
to not give this information.

As far as trying to "build a level of trust" on-line, this is something 
that American police departments do all of the time for fighting some 
on-line crimes, and I even know personally a local law enforcement agent 
who has done this recently, and he works for a small-town police 
department with only 80 officers in the entire department.  His goal is 
to catch would-be child predetors, and to catch them in the process of 
solicitation of a minor for sex acts.  And it works, which is the 
surprising thing.

The argument as for why this information is kept so private is because 
some would-be Wikimedia user who posted something as totally innocent as 
a translation of something on fr.wikipedia or en.wikipedia, that clearly 
has been vetted for being NPOV, but is contrary to the local political 
orthodoxy and as a result the user could get arrested for doing that 
translation or even executed.  Obviously this would happen in places 
where things like free speech rights common in the EU or USA are not 
respected, and has been expressed as a concern for Chinese speakers in 
part because of official government actions by the PRC to block all 
Wikimedia IP addresses for zh.wikipedia.

Assuming that individual citizens can get around web blocks like the 
great internet wall of China, there is no reason to not also believe 
that local police officers couldn't do the same thing.  And China 
clearly has the manpower necessary to not only monitor its citizens 
using zh.wikipedia in all aspects, but this is also something they have 
a vested interest in looking at because it is a form of political 
expression, and a very public forum.  Because of the way the MediaWiki 
software works, they don't even have to catch the specific IP packets, 
but only build a private list of pages to watch, and what users have 
certain political leanings that may or may not be acceptable to the 
Party.  From this perspective, it would be incredibly stupd on the part 
of the Chinese government to not have a police officer of some sort or 
at least a loyal party member who is a current administrator on 
zh.wikipedia.  And it would be impossible for anybody on the Foundation 
board to distinguish between ordinary Chinese citizens and this 
government representative, in terms of who gets checkuser privileges.

If in the process of doing legitimate checkuser scans fighting vandalism 
they also let it slip and do a couple of scans for a political dissident 
or two, how would anybody else know, even if the scans are logged?  That 
wouldn't even blow the "cover" of the person you are talking about.  And 
if it is uncovered that they work for the government, is that reason to 
get them de-sysoped?  Legally that would really put the Wikimedia 
Foundation in a bind if they tried to revoke checkuser privileges to 
official government agents, once discovered, for any government.  I'm 
not even sure if it could be stopped if an official request was made to 
allow somebody to have this option.

-- 
Robert Scott Horning

More information about the foundation-l mailing list