[Foundation-l] Note regarding status of privacy policy

Todd Allen toddmallen at gmail.com
Sun Aug 10 06:47:20 UTC 2008 

On Sat, Aug 9, 2008 at 12:09 PM, Gerard Meijssen
<gerard.meijssen at gmail.com> wrote:
> Hoi,
> An e-mail address is not universal nor is it compulsory to have one and as a
> consequence it is not the solution that you think it is.
> Thanks,
>      GerardM
>
> On Sat, Aug 9, 2008 at 8:02 PM, Todd Allen <toddmallen at gmail.com> wrote:
>
>> On Sat, Aug 9, 2008 at 11:58 AM, Gerard Meijssen
>> <gerard.meijssen at gmail.com> wrote:
>> > Hoi,
>> > So you are checked. You have to appreciate that by your own words, there
>> > must be a reasonable suspicion. You even insist that it is published that
>> > you have been checked. This means that it is now generally known that you
>> > are under a reasonable suspicion... How nice, that you are now known to
>> have
>> > a tarnished reputation...
>> >
>> > Actually when you are checked, and it is not published that you were
>> > checked, you are much better off. When everyone can demand checking
>> because
>> > THEY are suspicious, publication of check results will only increase the
>> > amount of vigilantism. Really, you are much better off when trusted
>> people
>> > do their checking and keep their confidences.
>> > Thanks,
>> >      GerardM
>> >
>> > On Sat, Aug 9, 2008 at 7:46 PM, Todd Allen <toddmallen at gmail.com> wrote:
>> >
>> >> On Sat, Aug 9, 2008 at 11:16 AM, Jon <scream at datascreamer.com> wrote:
>> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> > Hash: SHA1
>> >> >
>> >> > SlimVirgin wrote:
>> >> >> On Sat, Aug 9, 2008 at 10:46 AM, elisabeth bauer
>> >> >> <eflebeth at googlemail.com> wrote:
>> >> >>> 2008/8/8 Michael Snow <wikipedia at verizon.net>:
>> >> >>>
>> >> >>>> The board intends to vote on this version, but before we do, I
>> wanted
>> >> to
>> >> >>>> provide one last opportunity for your feedback.
>> >> >>> While the policy deals at length with who has access it is very
>> silent
>> >> >>> about when all these persons are allowed to access my data and
>> >> >>> actually access my data. The only thing somehow related to this was
>> >> >>> "As a general principle, the access to, and retention of, personally
>> >> >>> identifiable data in all projects should be minimal and should be
>> used
>> >> >>> only internally to serve the well-being of the projects." which is
>> >> >>> somehow a bit vague. Who defines what is well-being? How is this
>> >> >>> controlled? Who does guarantee that a nosy checkuser doesn't just
>> look
>> >> >>> up my user information, revealing my employer,  the wikipedia user
>> >> >>> name of my boyfriend and other friends just for fun? How would I
>> even
>> >> >>> know?
>> >> >>
>> >> >> Elian, this is exactly the situation we have on the English
>> Wikipedia.
>> >> >> Jimbo takes the view that checkusers may be conducted more or less at
>> >> >> random, for no reason, and the checkusers follow that lead. In other
>> >> >> words, the Foundation's checkuser policy is being openly flouted.
>> >> >>
>> >> >> We've been told we can't complain to the Ombudsman commission because
>> >> >> they only deal with violations of the privacy policy, not the
>> >> >> checkuser policy. We've been told we have no right to know whether
>> >> >> we've been checked. Attempts to introduce such a rule have led to the
>> >> >> checkusers saying they will not follow it. And when we do find out
>> >> >> that we've been checked, the only concern of the checkusers is to
>> find
>> >> >> out who told us, and to punish that person. It really is a very bad
>> >> >> situation for the Foundation, one that's bound to lead to trouble
>> >> >> sooner or later.
>> >> >>
>> >> >> Sarah
>> >> >>
>> >> >> _______________________________________________
>> >> >> foundation-l mailing list
>> >> >> foundation-l at lists.wikimedia.org
>> >> >> Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/foundation-l
>> >> >
>> >> > I personally don't mind being checked.  Whenever, by whomever, so long
>> >> > as the results are not disclosed. (disclosure, not checking, is
>> governed
>> >> > by the privacy policy.
>> >> >
>> >> > - --
>> >> > Best,
>> >> > Jon
>> >> >
>> >> > [User:NonvocalScream]
>> >> > -----BEGIN PGP SIGNATURE-----
>> >> > Version: GnuPG v1.4.9 (MingW32)
>> >> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>> >> >
>> >> > iEYEARECAAYFAkid0QcACgkQ6+ro8Pm1AtVy0QCeMQHlFaTDaQxNSNcE8CMzzknY
>> >> > hBwAoK05fUsbUBc4gXcWkZsfEazCNvA/
>> >> > =GMaV
>> >> > -----END PGP SIGNATURE-----
>> >> >
>> >> > _______________________________________________
>> >> > foundation-l mailing list
>> >> > foundation-l at lists.wikimedia.org
>> >> > Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/foundation-l
>> >> >
>> >>
>> >> I do believe that checking is covered as well. And if it's not, it
>> >> needs to be. Checks should only be conducted at least upon reasonable
>> >> suspicion.
>> >>
>> >> --
>> >> Freedom is the right to say that 2+2=4. From this all else follows.
>> >>
>> >> _______________________________________________
>> >> foundation-l mailing list
>> >> foundation-l at lists.wikimedia.org
>> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>> >>
>> > _______________________________________________
>> > foundation-l mailing list
>> > foundation-l at lists.wikimedia.org
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>> >
>>
>> If I have a "Contact me" email address, I can be easily notified that
>> I have been checked without "tarnishing my reputation", and I can
>> choose to make that as public or nonpublic as I like. "You have been
>> checkusered" by email would result in no tarnishment of a public
>> reputation while properly notifying the target. Granted, in some
>> circumstances, suppression of notification may be appropriate, but
>> such suppression should be logged and justified.
>>
>> --
>> Freedom is the right to say that 2+2=4. From this all else follows.
>>
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>>
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

(A later response, I don't have a similar talent for writing on the
freeway.) I know that not everyone has an email address set, the
privacy policy itself acknowledges that in its notification clause.
However, we could very easily set this up the same way ("if you are
willing to set an email, you will receive such notifications, if you
choose not to do so, well, you don't, too bad!") It's still better
than the current setup, in which you have no way to know at all unless
the checkuser decides to say so, and in practice, most active and
regular editors do choose to set an email address. Checkuser is quite
a sensitive function, as it reveals private data, so I don't think it
would hurt to have accountability ("what were your reasonable
suspicions about Userxyz that led you to run a checkuser?")

-- 
Freedom is the right to say that 2+2=4. From this all else follows.

More information about the foundation-l mailing list