[Foundation-l] checkuser

Gregory Maxwell gmaxwell at gmail.com
Thu Aug 2 03:02:44 UTC 2007 

On 8/1/07, The Uninvited Co., Inc <uninvited at nerstrand.net> wrote:
[snip]
> Another issue is that policy is silent on the release of derived data.
> If someone releases the information that someone is "a user from
> Chicago," or at a particular college, they have revealed partial
> information derived from page logs about an individual user.  It's
> unclear whether or when this is permitted.  We should be providing clear
> guidance not only for the commission but for individual checkusers.
[snip]

How is it unclear?

"When using a pseudonym, your IP address will not be available to the
public except in cases of abuse, including vandalism of a wiki page by
you or by another user with the same IP address. In all cases, your IP
address will be stored on the wiki servers and can be seen by
Wikimedia's server administrators and by users who have been granted
"CheckUser" access. Your IP address, and its connection to any
usernames that share it may be released under certain circumstances
(see below)."
...
"Policy on release of data derived from page logs

It is the policy of Wikimedia that personally identifiable data
collected in the server logs, or through records in the database via
the CheckUser feature, may be released by the system administrators or
users with CheckUser access, in the following situations:

   1. In response to a valid subpoena or other compulsory request from
law enforcement
   2. With permission of the affected user
   3. To the chair of Wikimedia Foundation, his/her legal counsel, or
his/her designee, when necessary for investigation of abuse
complaints.
   4. Where the information pertains to page views generated by a
spider or bot and its dissemination is necessary to illustrate or
resolve technical issues.
   5. Where the user has been vandalising articles or persistently
behaving in a disruptive way, data may be released to assist in the
targeting of IP blocks, or to assist in the formulation of a complaint
to relevant Internet Service Providers
   6. Where it is reasonably necessary to protect the rights, property
or safety of the Wikimedia Foundation, its users or the public.

Wikimedia policy does not permit public distribution of such
information under any circumstances, except as described above."

If there is abuse, data can be released. We can release any of our
logged data on your activity in the interest of protecting our site,
our users, or the public at large.

While we can release data when there is abuse we are not obligated to
release all data (except perhaps to authorities in some circumstances)
so instead we may release derived data when doing so is useful for the
protection of our site, it's users, or the public at large.

If there is no abuse then no data should be released.

Fundamentally the first questions asked when investigating a complaint
about checkuser and the privacy policy are: "Was a checkuser even
performed?" "Was data could only have been known from that checkuser
released?" and "Was there clear abuse by the party whos information
was released?".

More information about the foundation-l mailing list