Wikipedia:Arbitration_Committee/Audit_Subcommittee/October_2009_election References

Voting is now concluded.

The current time is 03:12, 1 May 2024 (UTC).

Background: Audit subcommittee • CheckUser and Oversight procedures • Audit Subcommittee procedures

Election sub-pages: Bugzilla - for reporting bugs and issues • Feedback - for comments and suggestions

The supervising arbitrator is Roger Davies and the technical administrator is Happy-melon.

The purpose of this election is to appoint the three non-arbitrator members of the Audit Subcommittee ("AUSC"). The sub-committee was established by the Arbitration Committee to investigate complaints concerning the use of CheckUser and Oversight privileges on the English Wikipedia, and to provide better monitoring and oversight of the CheckUser and Oversight positions, and use of the applicable tools.

AUSC membership is made up of three arbitrators selected by the Arbitration Committee, who serve six-month terms, and three at-large members elected by the community for one-year terms. All members of the Audit Subcommittee are identified to the Wikimedia Foundation, are given the Oversight and CheckUser permissions, and have access to the Functionaries-en, Oversight-l, and Checkuser-l mailing lists. They must also be at least eighteen years old.

Election process

Voting and appointment

This election uses secret voting, using SecurePoll.
Broadly, any registered editor with 150 main space edits prior to 1 October 2009 has franchise; SecurePoll automatically accepts votes from editors meeting this criterion. Editors without franchise are redirected to an explanatory text.
Voting is either support or oppose. (The default option is neutral, which has no impact on the result.) You may change your votes at any time until the poll closes at 23:59 (UTC) on 8 November 2009. You can confirm whether your vote has been registered by visiting the real time voter log at: Special:SecurePoll/list/60.
Additionally, alphabetically sorted lists of voters will be posted in the voting log every day or so for community scrutiny. The election administrators and scrutineers know which editors have voted but do not know for whom they have voted. Similarly, the final tally of votes per candidate is anonymised.
By long tradition, sockpuppets and blocked/banned users are disenfranchised. Concerns should be raised on the voting log talk page. The election administrators will strike the votes of sockpuppet/blocked/banned accounts. A log of editors, if any, whose votes have been stricken will appear in a "Disenfranchised editors" section of the voting log.
The total numbers of support and oppose votes for each candidate will be collated and published as soon as is practical after the poll closes.
The appointments will be made no later than 13 November 2009.

Supervision and scrutiny

The role of the scrutineers is to ensure that the poll is conducted fairly and that the published results accurately reflect the computer-generated data. The scrutineers are all stewards: Erwin, Thogo, Mike.lifeguard, and Mardetanha.

Time line

Applications: 7–22 October
Candidates self-nominate by email to privileges2009googlemail.com. They will receive an application questionnaire which should be completed and returned by email to the Arbitration Committee at the same email address. This should include a nomination statement, to a maximum of 250 words, for inclusion on the nominated candidate's election sub-page.
Review period by the Arbitration Committee: 22–29 October
During this period, the Arbitration Committee will review applications, notify the candidates going forward to the election pool, and create candidate sub-pages as necessary. The pages will be transcluded on the eve of the election to the Candidates section below.
Voting: 00:01 30 October until 23:59 8 November (UTC)
The election commences, using traditional support/oppose voting, using SecurePoll. Questions may be put to the candidates on their individual sub-pages.
Appointments by: 13 November
The results and appointments will be published. The successful candidates will be required to identify to the Wikimedia Foundation prior to receiving the permissions.

Results

Reproduced from Wikipedia:Arbitration Committee/Noticeboard/Archive 5#AUSC election: results and appointments

The final votes for the AUSC Elections - held 00:01 30 October to 23:59 8 November (UTC) - are as follows:

Candidate	Support	Oppose	Net	Total	Percentage
Dominic	195	67	128	262	74.43%
Jredmond	140	52	88	192	72.92%
Tznkai	182	85	97	267	68.16%
MBisanz	202	95	107	297	68.01%
Frank	96	93	3	189	50.79%
KillerChihuahua	126	136	-10	262	48.09%

A total of 370 editors voted, including one banned user whose votes were struck. The tallies above have been certified by email to ArbCom by the scrutineers, who will append their signatures below in due course.

Results certified by: Erwin ( talk) 09:16, 11 November 2009 (UTC) reply
Results certified by: Mardetanha ^talk 22:45, 10 November 2009 (UTC) reply
Results certified by: — Mike. lifeguard | ^@en.wb 22:44, 10 November 2009 (UTC) reply
Results certified by: -- Thogo (Talk) 22:48, 10 November 2009 (UTC) reply

Appointment motions

1. That when appointing the successful candidates, a fourth is nominated as an alternate should any retire prior to the next election.

With thirteen arbitrators, seven is a majority.

Support: Carcharoth, Coren, John Vandenberg, FloNight, Newyorkbrad, Risker, Rlevse, Roger Davies, Stephen Bain, Vassyana and Wizardman.

Oppose: None.

Abstain: None

Not voting: Cool Hand Luke, FayssalF.

2. That Dominic, Jredmond and Tznkai be appointed to the Audit Subcommittee and that, because of the close vote, MBisanz be invited to serve as an alternate member.

With thirteen arbitrators, and three inactive, six is a majority.

Support: Carcharoth, Coren, FloNight, Newyorkbrad, Risker, Rlevse, Roger Davies.

Oppose: Stephen Bain, John Vandenberg.

Abstain: None.

Not voting: Wizardman.

Inactive: Cool Hand Luke, FayssalF, Vassyana.

3. That, while noting that seven voting members prevents deadlocks and that the subcommittee will have a majority of directly elected members, the Arbitration Committee recommends that the Audit Subcommittee determine its own procedure with regard to voting rights of alternate members.

With thirteen arbitrators, and three arbitrators inactive, six is a majority.

Support: Carcharoth, Coren, FloNight, Newyorkbrad, Rlevse, Roger Davies, Stephen Bain.

Oppose: None.

Abstain as AUSC members: John Vandenberg, Risker.

Not voting: Wizardman.

Inactive: Cool Hand Luke, FayssalF, Vassyana.

For the Arbitration Committee, Roger Davies ^talk 21:38, 10 November 2009 (UTC) reply

Belated support for items 2 and 3. Newyorkbrad ( talk) 21:48, 10 November 2009 (UTC) reply

Votes updated accordingly. Roger Davies ^talk 22:01, 10 November 2009 (UTC) reply

Archived discussion

Candidates

Dominic

Dominic ( talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement (250 words max.)

Hello. I am Dominic (formerly Dmcdevit), a former arbitrator, CheckUser, and oversighter, and current administrator and OTRS respondent.
I have years of experience with using both of the tools in question, without a lot of controversy. I remember before there was a CheckUser or oversight, was one of the first users given each of them, and hopefully I have even helped to train new CheckUsers and oversighters over the years. In Audit Subcommittee inquiries, I can offer this experience in dealing with sensitive matters, as well as expertise in cases where interpretations of CheckUser results may be relevant.
My feeling is that the Audit Subcommittee is about investigating the conduct of holders of sensitive information, and not alleged privacy violations themselves, which should be referred to the Ombudsman Commission. As a former CheckUser and oversighter, I have been involved in the issues that the Audit Subcommittee deals with for a long time, and I have put a lot of thought into how how the tools should be used and who should have them. (One feeling I have is that they are far too common. Our policy on removing inactive users is too lax and in the past we have added new ones without regard to actual necessity.) I understand that the Audit Subcommittee is still a new body, and I think can help it develop procedures and standards. 250 words is not much, so feel free to ask me questions.

Standard questions for all candidates

Please describe any relevant on-Wiki experience you have for this role.

I had CheckUser and oversight for several years. I was also an arbitrator. As such, I have been trusted with confidential data for quite a while, and have dealt with sensitive matters and performed investigations of abuse before. I feel that I can offer a thoughtful approach to the role of auditor, aided by my experience and familiarity with the issues that are involved.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.

I have a degree in Latin American history and have never done any programming. ;-) That said, I have the most CheckUser experience among the candidates, and I think my experience as a CheckUser speaks for itself. I started out clueless, but abundantly cautious. After learning from the best and years of experience, I am confident with my ability to interpret CheckUser results, deal with rangeblocks, open proxies, and all the stuff that goes along with CheckUser. My experience with CheckUser is one of the primary reasons I could help AuSC. Dominic· t 03:07, 29 October 2009 (UTC) reply

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?

Not currently, but I am a former arbitrator, identified to the WMF, and have had CU on en.wp and en.wikt, and OS on en.wp. I have OTRS access (info-general, info-en (full access), and Sister projects). Dominic· t 03:07, 29 October 2009 (UTC) reply

Questions for this candidate

Question from NuclearWarfare

You very recently resigned your use of checkuser and oversight. I have two questions regarding this.

I believe that one of the reasons you resigned was because your perceived lack of time for Wikipedia in the upcoming months. Has your situation changed enough so that you believe you will have time for AUSC work?
Before talking about myself, I will note that a heavy workload is not a major issue with the AuSc, as it is with ArbCom. I think the statistics at Wikipedia:Arbitration Committee/Audit Subcommittee/Reports agree with this assessment. I would not consider joining if I did not believe I would be active enough for the job. I think my past as one of the most active arbitrators in my tenure, and one of the most active CheckUsers and oversighters historically show that if I commit to doing a particular job, I will take that commitment seriously.
My previous resignation was not about my free time per se, but rather my activity level. I believe only accounts which use CheckUser and oversight actively enough to need them should have them any any particular time. These tools give an account access to sensitive information, and so that is why I decided not to have those flags when I was not putting them to good use. Our current CheckUsers and oversighters do a good job, and are sufficient in number. I do admit that my level of editing activity is less than the average candidate. My low activity level was because I have recently been involved in a lot of moving and traveling (and am currently out of the country). I am, however, nearly always reachable, and will have much more normal activity for the foreseeable future. Dominic· t 03:07, 29 October 2009 (UTC) reply
You were active as a CU and OS until just a month or so ago. Do you feel that it is appropriate for you to handle AUSC, given your recent activity in the area?
It is not clear to me what in particular you think could be of concern, but I do not really think that CU and OS activity is relevant in this regard. If you are concerned there are still potential complaints that could be made about actions I took previously, I think any complaints regarding a sitting auditor should probably be referred to ArbCom. If the concern is that I am too close personally to some of the people who may need judging, I think that will occasionally be true for any potential auditors, not just ones who have had the same flag at one point, and I promise that, as I have done in the past, I will recuse wherever I feel my neutrality is compromised. Dominic· t 03:07, 29 October 2009 (UTC) reply

Regards, NW ( Talk) 00:27, 29 October 2009 (UTC) reply

Question from Majorly

Are you Wikileaker on Wikipedia Review? Majorly talk 02:15, 29 October 2009 (UTC) reply
- No, I am not. I have never engaged in that sort of behavior, and I found it to be repugnant. From an auditor's point of view, such activity should be treated as a clear breach of the community's trust, and if there is evidence that someone has violated the privacy policy, the Ombudsman Commission should be made aware. Dominic· t 03:07, 29 October 2009 (UTC) reply

Questions from Xeno

Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
- I have yet to be convinced that abstaining from normal use of the tools by auditors (or ombudsmen) is really meaningful. I understand the sentiment behind such pledges, and the appearance of impartiality is indeed important, but such abstaining does not make a person any more impartial. Regular use of the tools risks that an auditor will have a complaint made for an action they have taken. (This is possible even when an auditor commits to restricting the tools to emergency use.) It is unclear to me how that possibility compromises an auditor's neutrality in unrelated cases. Though this has never occurred, I also think such cases would be better referred to ArbCom, than have than AuSc investigate its own. As an analogy, it seems to me that this is akin to asking an arbitrator to abstain from editing, so that they can judge editors, rather than to ask them to recuse from arbitrations related to their editing. I am willing to hear an argument about why using the tools has any practical disadvantages, but I don't see the harm.
- Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
- Actually, I wouldn't. I think that the pretense of greater impartiality that abstaining from use of the tools offers is not worth the cost. If I, as someone who holds the tools anyway, can ensure that by using them there is need for one less account with CheckUser or oversight, than I have provided a much more substantive gain in terms of of privacy and security than abstaining offers.

Question from Mailer Diablo

Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
- The question is a bit vague, but I gather that an example of what you have in mind is someone getting a hold of CheckUser or oversight logs, either though a leak or a bug, and whistleblows on either real or imagined abuses. Being careful not to expand AuSc's mandate, I would conservatively note that first and foremost, AuSc is about investigating complaints people with those tools. If people feel they have damning evidence, they ought to communicate it to AuSc, and they certainly should not in any way violate the letter or spirit of our privacy policy. But essentially anything that such an editor does, even if stirring up drama about CheckUser and oversight, is outside of the scope of the AuSc and up to the community, and possibly ArbCom eventually, to resolve.
  I do commit to investigate any and all credible complaints, even if the complainant is acting distastefully, but it is also part of an auditor's job to vet complaints and not to subject CheckUsers or oversighters to unfounded investigations, since that can have a chilling effect. We do not want people afraid to run good checks or suppress edits, or to run for CheckUser or oversight, because they have been cowed by frivolous complaints. Dominic· t 01:59, 31 October 2009 (UTC) reply

Question from SilkTork

Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use. SilkTork * ^YES! 12:03, 2 November 2009 (UTC) reply
- Appropriate uses of CheckUser include giving a technical assessment of suspected sockpuppetry, finding an IP or range to block to prevent persistent or egregious abuse, and so on.
- While any violations of the privacy policy using the CheckUser tool are obviously innappropriate, other inappropriate uses of CheckUser include using the tool with political motivations, when one is involved or there is any other conflict of interest, out of curiosity, when there is not sufficient suspicion of sockpuppetry, and so on.
- Borderline cases of CheckUser usage include those in which there can be a reasonable disagreement about the possibility of sockpuppetry or conflict of interest. There are other cases, like using the tool to release IP data to ISPs or law enforcement, which can be quite uncertain depending on the circumstances. The fact that a case is borderline is not license for all borderline cases to avoid scrutiny or be deemed allowable. Indeed, in most cases, CheckUsers—elected for their good sense—should be able to avoid even borderline cases by consulting with other functionaries, referring a case to another when there is even the appearance of impropriety, and avoiding any public release of private data, even when it may be acceptable according to the privacy policy.
- There are three cannonical acceptable uses of suppression (oversight): (1) outing of non-public personal information, (2) libel, and (3) copyright violations. Copyright violations needing suppression are exceedingly rare and would probably be taken care of by WMF staff, in any case. Libel can be egregious vandalism perpetrated against editors (the "User:Dømíníç is a rapisţ" variety), in which case we usually remove it on-sight as a courtesy, or it can be main namespace attacks on biographies of living persons, who usually make complaints via OTRS. Occasionally personal information, usually about editors, will also be posted, either accidentally or maliciously. Suppression is actually fairly uncommon, and so most uses are a result of mass vandal attacks which combine both personal information and libel issues.
- Anything which does not fit into the three cases above is inappropriate, including material that is simple vandalism and not libel, material which turns out to have not been private, using suppression when deletion is sufficient, and so on. Also, the same prohibitions against using the tool when there is a conflict of interest or political motivation.
- Borderline cases of suppression use might include cases where there is some disagreement as to whether an edit is egregious enough to be deemed libelous or nonpublic, or whether there is a conflict of interest. My same advice about avoiding borderline cases applies, and my same assurances that the existence of disagreement among oversighters does not mean AuSc should shy from making its on conclusions. Dominic· t 00:40, 3 November 2009 (UTC) reply

Question from Emufarmers

Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
- Personally, I gave the tools up because I felt my having them when we had an excess of CUs/OSers, and some that were more active than me, wasn't a good idea. I still believe that is the case, but accept that people on AUSC will receive the tools, so as long as I have them, I will put them to good use, hoping to reduce the demand overall. So, especially as someone who already had the tools regularly, I wouldn't make that commitment, but I would commit to resign them if the same conditions exist (excess of CUs/OSers) when my term is up, as I have already decided to do. Dominic· t 00:45, 3 November 2009 (UTC) reply

Questions from Cenarium

Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?

oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list
1. Monitoring logs is certainly within the remit of AuSc, but I would caution that it is not realistic to expect that 6 people can be on top of all of the thousands of log entries. So while auditors may monitor logs, their primary role is in responding to complaints.
2. Auditors may informally offer opinions and advice when asked (like all functionaries) and perhaps even settle a question about good practice, but I don't think it's generally a good idea to give unsolicited recommendations or instructions in an official capacity. For example, I was strongly in disagreement with this arbitration remedy, which was so nonspecific that it ended up being vaguely accusatory, casting doubt on all CheckUsers, while accomplishing nothing, since no CheckUser should ever need to be reminded to abide by the privacy policy.
3. In terms of monitoring func-en, I would point out that the same issues exist regarding monitoring versus responses to complaints that I noted in the first answer. The general question of including func-en conduct in AuSc's mandate is an interesting one. It makes sense to say consider members of func-en to be a third group of users whose conduct may be investigated upon a complaint to AuSc. func-en is a private discussion list for where private information, including that gained from CheckUser or oversight use, is often included. As such, it is similar to CheckUser and suppression in that a group with access and authority would be needed to investigate complaints. So, hypothetically speaking, I am willing to have AuSc be responsible for complaints about it, but I am not sure if I have ever heard of a complaint that would fit this description, so I won't make any guarantees before I know what it might involve. Dominic· t 00:39, 5 November 2009 (UTC) reply

Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.
- There are several possible scenarios in which someone could make an edit with nonpublic information, including accidents. It is hard to give any definitive answer about what should happen to them without a more specific question. I would note though that my understanding of AuSc is that it serves to evaluate complaints of misuse of the CheckUser or oversight tools, not just any abusive behavior by CheckUsers or oversighters. If one of them does something bad like a malicious or negligently clueless outing, they should face the normal repercussions that anyone else would, up to and including ArbCom, but likely not including AuSc. Dominic· t 00:39, 5 November 2009 (UTC) reply

Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.
- Again, I would not think this is necessarily within the remit of AuSc, unless the investigation of the alternative account discovers a conflict of interest or other abusive uses of the account. In that case, auditors should certainly complete an evaluation, with the possible recommendation that they lose their tool(s). If an undisclosed account is either abusive in a way unrelated to their use of CheckUser or suppression, or is not abusive, then the case is not a matter for AuSc, and should either be dealt with by the community or ArbCom (which has the ultimate say on undisclosed accounts for CheckUsers or oversighters). Dominic· t 00:39, 5 November 2009 (UTC) reply

Comments

Frank

Frank ( talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement (250 words max.)

I believe I have shown the judgment, experience, and maturity necessary for these very sensitive tasks. Those who know my work will, I think, generally agree I'm a low-key, drama-free guy, although I suspect I've been around here long enough that there may be some who will disagree. I have the real-world experience to handle both the technical aspects and the perceived stress, and I have the on-wiki experience to know what to do and when to do it. Thank you in advance for your consideration; questions and comments are welcome and will be given my sincere attention, as I do with all my efforts around here.

Standard questions for all candidates

Please describe any relevant on-Wiki experience you have for this role.

I've been an active editor since early 2008 (registered since 2006) and an administrator since July 2008. The two areas I've spent the most time in are biographical articles and deletion of articles, particularly CSD. Some of the biographical articles fall under WP:BLP policies ( Bill Bradley, Frank Lorenzo, Delano Lewis, Marcia Fudge, and Richard Ravitch, for example) and some do not ( Farrah Fawcett, Leroy Grumman, and, just recently, Allie Beth Martin - a new article). Regarding deletion, it is a "necessary evil" around here; in order to be considered a serious resource, we must have standards and they must be kept up. After more than 3500 deletions, I think I have a pretty good track record; a glance at my last 500 deletions shows they are overwhelmingly still red. The ones that are no longer red links generally either now meet criteria for inclusion or are redirects elsewhere. In both areas, I think I've been able to very accurately enact community policies, and I hope to be able to do that in additional ways.
How do these relate to AUSC? I think the issues associated with WP:BLP track closely to privacy issues of (and, alas, abuses by) both editors and functionaries, and I think that understanding and implementing CSD criteria (particularly WP:COPYVIO and G10) are also related. We need to be mindful that Wikipedia is literally by, for, and (largely) about real people, and that as a result, the way it is managed can have effects on all of those people: its editors, users, and subjects.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.

I have long experience with data analysis in general. I've been a spreadsheet and database guru of sorts for years, and I've also at times been a web-hosting provider using the Apache web server. I'm certainly "geeky" and experienced enough to understand the technology behind HTTP requests and how people might try to avoid detection. I'm very familiar with IP subnetting, ssh, text-based browsing, remote X, Remote Desktop, multi-tasking, proxy servers, the concept of "sticky" sessions regarding web applications, public shared IPs, spoofing, log files, and tools for examining log files. I'm aware of the items that are generally logged with http requests and why they are important. I'm also aware that use of both Checkuser and Oversight permissions is logged and documented, which strikes me as a good thing.

On a related note, in my professional life, I am using the Mediawiki software in a (non-public) system which requires me not only to have editing capability (and explain it to others), but also to be the administrator of the system. I won't pretend it is nearly as large or complex as Wikipedia, of course, but I do have some insight into how the system itself works from the inside out.

Having said all that, I expect that a member of the AUSC will be expected to analyze the results of others' actions regarding this technical information more so than be expected to generate it directly, but I'm not intimidated either way.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?

I hold no permissions beyond those of an administrator on this wiki.

Questions for this candidate

Please put any questions you might have in this section.

Questions from Xeno

Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
A: Generally, the purpose of a subcommittee is to serve a committee. I am standing for election to this subcommittee on the basis that its purpose is to be a check on the committee itself. "Active duty" use of these bits would defeat the purpose of the subcommittee, so I don't feel active duty use would be appropriate. (I want to be careful with the use of the word permitted here, though; I'd rather think of it as expected since the permission is granted with appointment to the committee.)
Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
A: I agree that if appointed to the AUSC, I will only use the checkuser and oversight tools as directly related to duties as a member of the subcommittee or emergency situations. I expect directly related to be defined by the Arbitration Committee and/or the Wikimedia Foundation, in advance of any such action I take, and not by any single individual. I furthermore reserve the right to decline to use the tools even if directed by ArbCom if I feel such use contravenes existing policy, process, or common sense. Finally, it is not unreasonable to think that there may be WP:IAR cases for oversighting an edit rather than waiting for another oversighter to take action. I have run across only one edit that qualified, and the oversighter I contacted took the action I would have taken. This IAR note does not apply to checkuser.

Question from Mailer Diablo

Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
A1: WP:BLOCK them for WP:DISRUPTION?

A2: OK, so A1 is a bit humorous but maybe not feasible. The real answer is, of course, "it depends." I don't think the answer to such a situation necessarily rests on the shoulders of a single person, so my own personal response would likely be the same as it is for other things around here: do what is appropriate, possibly after consultation with fellow subcommittee members, ArbCom itself, or AN/I. I don't think this subcommittee will set policy; nor do I think that being a member of this subcommittee would mean that all the other policies we follow are somehow thrown out the window.

Anticipating any number of potential follow-up questions along the lines of "would that be enough?", I would say that I will certainly do my best to make sure that a response is early enough to avoid harm. I don't have any illusions that anyone around here can assure we prevent harm, and I don't assert that such a guarantee is a reasonable thing to even attempt. But I do think we can do our best as a community to establish, uphold, and update our policies and procedures such that they don't invite abuse.

As for my own actions specifically, when I get involved in disputes, I don't wield the admin bit as a blunt instrument, and I fully understand that for access to CU/OS, the community (and, indeed, Wikimedia Foundation) expectation is the same, only on steroids. I take that seriously.

Question from SilkTork

Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use. SilkTork * ^YES! 12:03, 2 November 2009 (UTC) reply
I'm choosing to be generic in this answer and not directly reference any existing cases. The reason for this is that I don't want to dig through earlier cases and second-guess someone, and there's no need to pick on individuals or previously decided cases. If there is a desire for me to comment on a specific case, please point to it and I can decide at that point if it's appropriate (because, let's face it: there is the possibility of drama being created in re-hashing old stuff).

Appropriate CU: Credible evidence of socking, as in any number of discussions/debates such as AfD or RfA. "Credible" would include sudden appearance of opinions from infrequently-used accounts, or accounts that don't ordinarily frequent the particular venue. Often these are first tagged as single-purpose accounts or "this account has made few or no other edits outside this discussion". I'm not saying that these are automatically sufficient, but they're a start. Other clues that would lend further credibility would be if the accounts started showing up mid-way through a debate, if they all seemed to reference the same opinion ("...per XXXXX"), or if they showed a high correlation of page editing with the suspected account(s).
Inappropriate CU: Any type of fishing expedition. These often show up as a user feeling like s/he is being "attacked" or tag-teamed. I'm not saying that such cases aren't good candidates for CU, but I don't assume they automatically are just because several people are on the opposite side of a debate. This is similar to AIV; people sometimes report users at AIV without warning (or sufficient warning) just because they are upset about one edit; sometimes it's a content dispute and sometimes the "vandal" is truly a new editor and the "vandalism" isn't obviously so. We have to have proper judgment as to what is appropriate; CU is the same way.
Borderline CU: Obviously this is the toughest to determine in advance. I guess one example is the accusation that a well-respected user (possibly an admin) is either a sock or a sock-master. Yes, there have been some well-publicized cases these last few months - and I think (without getting specific as I said above) that all of them were borderline at the outset. So my position (if even called upon in such a case, which I doubt I would be as an AUSC member) would be to examine closely before digging in. Another similar example is the equally absurd cases where an editor is accused and simply laughs it off; I saw that recently as well. But the key is: many of them are laughed off initially - even though some turn out to actually be socks. So, wrapping up this section: borderline is along the lines of RfAs that are near the perceived discretionary range, or editors who show up in a debate that has the {{ notavote}} template at the top. Just because something unusual happens doesn't automatically mean it's the result of socking; more judgment must be applied.
Appropriate OS: Personal information provided by a user, especially one who is or appears to be a child, is completely appropriate to oversight. The argument can be made that since only admins can view deleted pages, that a deletion by itself is sufficient. However, there's a reason OS exists, and we unfortunately are aware that admins can behave inappropriately just like anyone else, so the case where people post inappropriate information is an easy one. This can be about themselves or others, such as in WP:OUTing another editor (which needn't specifically have to do with outing).
Inappropriate OS: When a person claims that something is "wrong" because they know it differently than what reliable sources report, they might make OS requests to remove information. This might be medical or other personal information (lovers, sexual orientation, place of residence, prior legal troubles supposedly "sealed"). We can't remove everything that is (or might be) negative just because someone "knows" it isn't correct.
Borderline OS: I'm pretty sure this is far less likely to occur. I personally feel like no harm is done by removing information that others might deem borderline. There's nothing that would stop it from being replaced if it were deemed appropriate after all. I don't know what harm is done by exercising a little caution here. Having said that, I doubt my participation as an AUSC member would be likely to venture near any borderline cases.

Question from Emufarmers

Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
A: Since the appointment is specifically for one year, I don't see any reason the mandate to retain the tools could extend beyond that. Further, if there were a credible, sufficient reason to have me removed prior, I like to think I'd have the good sense to request removal myself rather than go through some ugly online drama. (I'm not expecting that, mind you.)
As far as I can tell, you will retain the tools once your term expires unless you request that they be removed. Will you request that they be removed once you are no longer on the AUSC? — Emufarmers^(
T/
C) 08:26, 4 November 2009 (UTC) reply
Yes, if they haven't been otherwise granted through some other means. That caveat isn't a sign of ambition ( far from it, actually) but rather a recognition that things do change around here; I note that at least two of my co-candidates have held or do hold these permissions already. Incidentally, I think much of the perception of inappropriate use of permission bits around here could be eliminated if we were to have defined terms for positions (not necessarily limits but end points), enforced breaks between terms, or a combination of the two.

Questions from Cenarium

Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?

oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list
A: I'm not big on creating policy on the fly. In general, I think all three of the things you list could be within the purview of the AUSC, but are not necessarily. I view the committee as having a limited scope: when ArbCom calls, the committee answers. If ArbCom assigns one or more of those tasks as a regular part of its requests, then that's fine with me.

Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.
A: Same general answer applies; I don't think this position is going to make policy but rather perform duties requested of AUSC by ArbCom or WMF. I think any editor that makes this particular error in judgment should be alerted to it and an explanation requested. If some sanction were to become necessary, then normal channels should be followed. While one hopes that those with CU and OS privileges will already have displayed sufficient judgment that these situations do not occur, we do know that expectation is not always met. Having said all that, I believe there is community consensus that certain individuals should be held to a higher standard, and therefore the leash, so to speak, should be shorter. Whether administrators fall into this category or not is a constant subject of debate; I don't think there is any question that bureaucrats, checkusers, or oversighters do fall into the short-leash category.

As to your specific request to consider the dispute scenario, you are describing a specific situation of abuse which I think is highly inappropriate. If the evidence were incontrovertible, I'd likely support and/or recommend removal of the bits. I have a hard time imagining a situation in which it's appropriate to violate several core policies without fairly immediate and serious consequences.

Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.
A: I think an investigation would probably be warranted, and without being able to know specifics, I generally would lean toward holding CU/OS users to a higher standard. (In my own case, I'd rather have the bits removed pending the outcome of an investigation than continue under a cloud.) If there's no breach of WP:SOCK found to have occurred, the answer is less clear; I think that the appearance of impropriety is sometimes just as bad as the actuality, and I guess I'd have to say my response would really depend on the specific situation. Still and all, I remain mindful that the purpose of the AUSC is to monitor and investigate, not necessarily to take action.

Comments

Jredmond

Jredmond ( talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement (250 words max.)

Hello, everyone.
For those of you who don't know me, my name is Jim Redmond, and my username is Jredmond. I've been an admin on the English Wikipedia since July 2005, a member of the volunteer response team since February 2006, an administrator on the OTRS interface since February 2007, and an admin and bureaucrat on the private OTRS wiki since it was created in November 2007. My identity has already been confirmed with the WMF office.
During the day, I work as a system and network administrator in an academic research environment. Previously, I did the same sort of work for a large local non-profit organization.
As a member of the Audit Subcommittee, I hope to help resolve complaints quickly, effectively, discreetly, and with an appropriate level of decorum. Our primary goal here on Wikipedia is to create a good, neutral, and well-sourced encyclopedia. I'd like to help good editors get back to that work as soon as possible.
I look forward to any questions, comments, or concerns you may have for me. Thank you for your time.

Standard questions for all candidates

Please describe any relevant on-Wiki experience you have for this role.

I have been an administrator here for over four years. In that time, I've done everything from RC patrol to BLP cleanup, and while I can't go into great detail I have been involved in a number of oversight-related cases through my work on the volunteer response team.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.

For the past ten years, I have worked in system and network administration. A signifiant portion of my current job deals with management of my department's public and private address spaces and with investigation of suspicious accesses.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?

I am an administrator on the OTRS system, and consequently hold administrtor and bureaucrat rights on the private OTRS wiki. I have run (unsuccessfully) for steward, but have not pursued advanced rights on any other WMF wikis.

Questions for this candidate

Please put any questions you might have in this section.

Questions from Xeno

Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
A: The checkuser tool can aggravate privacy concerns, and extremely urgent cases are rare, so in the interest of impartial review AUSC members should usually wait for someone else to use their bit.

The oversight bit is another matter, as its primary function is to reduce privacy or copyright or libel concerns. Additionally, oversight cases are often more time-sensitive than checkuser, so it's often more important to suppress a revision than it is to wait for a 'regular' oversighter. Impartial review is still important, of course, but in urgent and blazingly obvious cases AUSC members should be able to use their bit for 'active duty'.
Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
A: I do agree. However, I expect there to be far more emergency oversightings than emergency checkuserings.

Question from Mailer Diablo

Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
I'm a big fan of WP:IAR. The ultimate goal of the Wikipedia project is to write a free, well-sourced encyclopedia. To that end, policies are often very useful, but when the text of the policies gets in the way of the project then the project should always win.

In a similar manner, the ultimate goal of the AUSC is to ensure that user privacy is maintained. The written checkuser and oversight policies are extremely useful, of course, but it's the underlying concept that's important, not the text.

I can't say exactly how I'll deal with editors who try to game the system - that will really depend on the specific context - but I can say that my response won't be very favorable. Does that answer your question?
Yep. Just wanted to hear a stance from each candidate. :) - Mailer Diablo 03:32, 31 October 2009 (UTC) reply

Question from SilkTork

Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use. SilkTork * ^YES! 12:04, 2 November 2009 (UTC) reply

An appropriate use of CheckUser: Confirming that two or more vandals or spammers share the same IP address space.
An inappropriate use of CheckUser: Using CheckUser information to harass a user who has been involved in an edit war.
A borderline use of CheckUser: Releasing CheckUser information to someone claiming to be a law-enforcement official without first trying to verify that claim. Remember, on the Internet nobody knows you're a dog, so it's important for users with the CU bit to confirm credentials before handing out private details. The exact details of my response would rely on the exact context of the case, of course, but in general I'd be inclined to remove the bit for a period of time.
An appropriate use of Oversight: Removing unsourced allegations of a heinous crime, like rape or murder, from a biography.
An inappropriate use of Oversight: Removing well-sourced material that does not violate copyright or disclose private personal information.
A borderline use of Oversight: Removing heinous-crime allegations from a BLP when those allegations are only tangentially mentioned in a reliable source or only mentioned in an unreliable source. In potential-libel cases, I'd rather the oversighter err on the side of caution until a better source can be found.

Does this list answer your question? - Jredmond ( talk) 18:40, 2 November 2009 (UTC) reply

Yes. Your borderline responses are very good - you give examples, and give your view on how you would respond. That is exactly what I wanted. SilkTork * ^YES! 11:53, 4 November 2009 (UTC) reply

Question from Emufarmers

Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
I'll relinquish the bits at the end of my time on the AUSC, unless I get them on my own in the meantime. - Jredmond ( talk) 00:36, 3 November 2009 (UTC) reply
So you might run for CU/OS while you're still on the AUSC? That doesn't strike you as problematic? Would you resign from the AUSC if you were granted CU/OS through that process? — Emufarmers^(
T/
C) 08:30, 4 November 2009 (UTC) reply
It depends on the timing, really. I'd only enter my name if the "new" CU/OS bits were allocated within a month of the end of my AUSC term. In that situation, I would refrain from regular use of the tools until after the new AUSC was in place. - Jredmond ( talk) 21:38, 4 November 2009 (UTC) reply

Questions from Cenarium

Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?

oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list

Oversee tool use by monitoring logs? It never hurts to browse logs (says the sysadmin), and intense log-monitoring should be the first step in any investigation, but routine deep scouring is overkill.
Advise on best practices? I would upon request, and when the improvements would help that person avoid any potential misuse. Since the AUSC would be policing use of the tools, though, friendly-but-unsolicited advice could easy be misinterpreted as dogma even when not meant that way.
Verify that matters are handled properly on functionaries-en? Yes, this is well within the scope of the AUSC.

Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.

Ultimately, this will depend on intent (which, I know, is extremely difficult to divine). An investigation and a temporary suspension of bits would be appropriate in every case, but the permanent removal of bits should only be necessary in the event of malicious or spiteful disclosure. In your particular example, I would tend towards removal of bits, though I'd also need to know more details about the case.

Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.

If the alternative account is clearly maintaining or improving the wiki, encyclopedia, or editing community - the legitimate uses listed on WP:SOCK qualify here - then there is no need (IMHO) for an investigation or formal sanction. Beyond that, it would be appropriate to suspend bits pending investigation, and to remove them permanently if the alt-account had been used to damage the wiki, encyclopedia, or community.

Comments

KillerChihuahua

KillerChihuahua ( talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement (250 words max.)

I have the requisite technical experience for this position; I believe I also have the maturity and temperament for it. I pledge to remain conscious of and respectful to the concerns of privacy; not to misuse any access granted me; and to remain open to feedback and constructive criticism. I will remain neutral inasmuch as my human nature will allow, and where neutrality may be difficult, to recuse myself.

Standard questions for all candidates

Please describe any relevant on-Wiki experience you have for this role.

Five and half years on en.Wikipedia; admin since January 2006. I have been involved with the development of a number of policies, and have a strong understanding of them. Two years with OTRS, fulfilling a number of requests which often involve dealing with information of a delicate or private nature.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.

I have 15 years in Datacomm / IT / SW development, 8 of that with an eLearning company specializing in randomly generated content for certification examinations; my roles over my time in that company involved working with all aspects of that with the exception of the eCommerce module, which naturally would have been of no benefit here. My extensive experience with relational databases and in dealing with strongly protected content (our clients were largely fortune 500 and guarded the exams for technical certification closely) have given me ample experience with both the technical and the privacy aspects of this role.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?

No other permissions. I am OTRS; I have access to the Quality, Permissions, and Info queues.

Questions for this candidate

Please put any questions you might have in this section.

Questions from Xeno

Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
A: I see no reason why they should not be "permitted"; if we're not trustworthy we shouldn't have the access, if we are, there is no reason not to help out with the workload. It seems silly to be granted Oversight only to have someone contact you because you're on the list of Users with oversight, only to tell them "Oh I'm sorry, your very personal information must remain visible while you track down a "regular" oversighter". OTOH, I'm not intending to actually go seek out CU or OS work, and if the community feels that the CU and OS bits given to the Audit Subcommittee are to be used only for Audit business, I won't demur.
Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
A: I have already pledged to recuse myself should there be any concern about neutrality. The "certain exceptions" are also already covered in my pledge in my statement above. Insofar as the "only use..." Tznkai has excepted "emergencies" which would cover my example above, as well. In short, I've already said as much, in far fewer words - depending upon how Tzn defines "emergencies" and whether anything regarding CU can ever be considered an "emergency". As I said above, I will abide by whatever guidelines are extant regarding the Auditing subcommittee - if we're expected to help out with the load, I'll do that. If we're expected to limit ourselves to Audit business only, I'll do that. I've seen no strong positions either way. I do not intend, as I have already stated, to seek out extra work. My intent is to investigate per WP:AUSC; however if someone grabs my name off the Oversight list and asks me to oversight highly personal information, I think it would be extraordinarily irresponsible of me to not do so and brush off the request with a lame "not my job" excuse. I will of course abide by any polices extant, and use my common sense and good judgement.

Question from Mailer Diablo

Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
A: Probably by telling them I'm not impressed with their pettifogging and to piss off. Ok, I probably wouldn't say "piss off". Seriously, this cannot be something which can be tolerated or indulged, and I have no problem saying "no" as many times as necessary. I can be quite redundant at times. I have three children; I'm a grandmother. I've been in management. I've dealt with scope creep as a project manager and as client POC. I can say "no".

Question from SilkTork

Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use. SilkTork * ^YES! 12:04, 2 November 2009 (UTC) reply

Answer:

Appropriate use of CheckUser: Checking for technical evidence of sockpuppetry given due cause, often via a sock investigation
Inappropriate use of CheckUser: Fishing is explicitly prohibited, but this must be examined with care, as what appears to be fishing may in fact have valid rationale - strong circumstantial evidence which is not immediately appartent, for example
Borderline use of CheckUser: Marginal evidence of sockpupptry might be considered marginal; this would be a judgment call. How would I view it? Depends on how marginal, and whether it were a habit or an exception.
Appropriate use of Oversight: To suppress outing of non-public personal information or clear libel. Copyvios are mentioned in the policy but generally speaking are not oversighted.
Inappropriate use of Oversight: Suppression of anything which does not fit the criteria for appropriate. Most specifically, suppression of wiki-specific activities and postings in order to protect the oversighter or a friend of an oversighter.
Borderline cases of Oversight: I cannot think of any clear cut borderline examples. Perhaps libel might be borderline. Again, I cannot tell you how I would view it because it would depend upon the specifics of the case.

Question from Emufarmers

Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
Answer: Yes.

Questions from Cenarium

Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?

oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list

Answer: I will do what is required to correctly carry out my duties auditing. This may or may not include any of the above mentioned items, but I very strongly doubt it will contain advising per your item #3, and I feel it would be inappropriate in most cases. Generally speaking, I anticipate informing the ArbCom of findings, and allowing them to determine the best course of action. If however you are speaking of responding to general queries for advice from individuals, of course I am always available to help if I can.

Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.
Answer: I think that is a very general question and I hesitate to offer a limited response. There is always the possibility, indeed the probability, that if something like that happens it is an error. Certainly no one should be penalized for an error. OTOH, if such errors become habitual, or if the individual in question seems to view their error lightly and without concern, then my concern would increase regarding their use of the tools. Given your last example, that the functionary was in a dispute, I find it extremely unlikely that would happen, for a number of reasons, but I would be highly concerned and would support an immediate investigation.

Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.
Answer: If SOCK was not violated, there is nothing to investigate. If sock was violated, then there is very possibly nothing to investigate, as the policy has already been found to have been violated. This would be in the case of the individual having summarily lost their CU or OS bits for violation of SOCK already. If SOCK has been violated, and the individual retains their access, then an investigation is indicated. If SOCK may or may not have been violated, then an investigation is clearly indicated - but not necessarily by the AUSC.

Comments

MBisanz

MBisanz ( talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement (250 words max.)

Hi, my name is Matt and I have been editing Wikipedia for several years now. In that time I have consistently pushed for greater accountability and participated in a wide range of activities in both content creation and policy debate. Further, I am mindful of the responsibility that comes with access to private data, being an administrator for over a year and having access to OTRS and Internal WMF-wiki. One principle I think that is paramount in AUSC members is that they avoid using CU/OV access in order to avoid the appearance of impropriety. If selected, I pledge to avoid using the tools in non-emergency situations in general and in emergency situations when another user or steward can be found who can perform the task. I am open to any questions individuals may have with regard to my editing and maintain a rather open policy as to my own personal information in the interest of informing others as to any factors they may find important to know with regard to my editing.

Standard questions for all candidates

Please describe any relevant on-Wiki experience you have for this role.

Former SPI clerk, advanced understanding of policy and historical context. I am the one who suggested AUSC use pivot tables to present statistics more regularly and can make charts, graphs, etc. Also helped write the global rights policy and help maintain the MediaWiki:Robots.txt file. And I am responsible for the creation of the Wikien-bureaucrats mailing list for privacy related renames.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.

See User:MBisanz/Infobox for more details. I do serve on the WMF audit committee and am a former accountant, so I have an understanding of the concepts of professional skepticism, confidentiality, and document review.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?

En.Wiki Admin and Bureaucrat, Commons Admin, Meta Admin, WMF-wiki access, Internal-wiki access, OTRS info-en(f), permissions, photosubmissions, Sisterprojects, and DAL queues, administrator of the Clerks-l and DAL mailing lists. Already identified to the Foundation.

Questions for this candidate

Please put any questions you might have in this section.

Questions from Xeno

Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
A:From my candidate statement: "One principle I think that is paramount in AUSC members is that they avoid using CU/OV access in order to avoid the appearance of impropriety."
Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
A:Also from my candidate statement: "I pledge to avoid using the tools in non-emergency situations in general and in emergency situations when another user or steward can be found who can perform the task."

Question from Mailer Diablo

Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
If you could give me a specific example, it would be helpful. But generally, I think it is a balancing test. From an AUSC point of view, I suppose the best example is someone complaining they were caught socking by a checkuser who didn't have strong cause to check them or a person walking the tightrope of being out but not wanted to be outed. Simply put, as long as the checkuser didn't have a COI to doing the check, they have broad discretion to perform checks based on behavioral indications. Also, if someone is complaining about being outed while publicizing their information, it is important to remember that generally oversight only removes information involuntarily disclosed. If a person has disclosed their information in some manner onwiki, they cannot validly complain if another person cites it at a later date, that is simply a risk of going public in the first place.

Question from SilkTork

Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use. SilkTork * ^YES! 12:05, 2 November 2009 (UTC) reply

1)A WP:SPI.
2)Checking someone you just reverted on an article you got to FA.
3)Checking someone who has just threatened to kill themselves; I'd view it positively if the information was then communicated to the WMF Office and dimly if the check was done for random interest.
4)Removing an IP of someone who accidentally logged out.
5)Removing a post from someone who thought it will embarrass them later.
6)Removing a post of someone who you nominated for RFA; I'd view it dimly since OVs should avoid the appearance of bias.

Question from Emufarmers

Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)

Yes, I agree to resign them when I am no longer an AUSC member, unless I have acquired a permission to them under an alternate claim (such as a CU/OV election) in the interim.

So you might run for CU/OS while you're still on the AUSC? That doesn't strike you as problematic? Would you resign from the AUSC if you were granted CU/OS through that process? — Emufarmers^(
T/
C) 08:31, 4 November 2009 (UTC) reply

No, AUSC doesn't monitor CU/OV elections or vet candidates, so there is no overlap there. And if granted the tools while on AUSC, I would simply not use them until the expiration of my AUSC term, similar to how Thatcher has acted. MBisanz ^talk 06:30, 6 November 2009 (UTC) reply

Questions from Cenarium

Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?

oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list

I was under the assumption that given the private nature of the logs, periodic review by AUSC was an implicit part of the duties of investigating misuse of the tools, so I don't see an issue with #1. AUSC is an abuse investigation body, not a best practices commission. Much like an accountant, if AUSC discovered a way in which CU/OV could be used more efficiently in the course of its investigations (say such as an IP range database), it should disclose that to the CU/OV, but it should not actively seek out techniques. For #3 that is really an Ombudsman duty, since I take it you mean a breach of a privacy related matter through the tools, which is not an AUSC duty as AUSC deals with violations of polices located on enwp, Ombudsmen deal with violations of policies located on wmf/meta-wiki (yes, I know the current AUSC page says we deal with violations of WMF policy, but I read that more broadly to mean we deal with violations of the privacy policy by referring to the Ombudsmen, since they are the ones empowered by the Board of trustees to act.)

Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.

I would need more context here. I remember one instance of an editor who had stopped using his real name onwiki, but still used it on IRC, and a person who visits IRC infrequently didn't know this an casually mentioned it onwiki, thereby requiring oversight. I would support such a review if there was an indication of malice or intent to harm on the part of the trusted user and when deciding such a review would look at subsequent actions taken by the trusted user in deciding what to recommend to arbcom.

Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.

As stated on the AUSC page, AUSC reviews the CU/OV privileges and positions, therefore as it would not review something such as a checkuser violating 3RR (unless they also used CU), it should not review issues of sockpuppetry, unless there is an indication the CU/OV tools were used to aid the socking (oversighting a mistaken edit, rejecting an SPI, etc). Arbcom handles all behavioral disputes of that nature and it isn't within AUSC's remit to expand into their jurisdiction as it does not relate to the privilege or position directly.

Comments

Tznkai

Tznkai ( talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement (250 words max.)

I am standing for election as an at large member of the Audit Subcommittee. I am most recently a one of the 3 interim appointed members of the subcommittee, before which I was an arbitration clerk, as well as unofficial election clerk and current administrator. I wish to serve on the Audit Subcommittee again in order to help protect the privacy of editors and deal with distracting problems, so the people best suited to writing and maintaining an encyclopedia can do so. I am not a CheckUser or Oversighter and am thus able to bring useful perspective - as (to my knowledge) the only interm member planning on staying, I can provide some institutional memory. I take privacy seriously - and the requirements of good judgment seriously as well. If I am elected, I will hold CheckUsers and Oversighters to a high standard of good judgment, expecting them to be conscientious of the serious privacy needs others have.

Standard questions for all candidates

Please describe any relevant on-Wiki experience you have for this role.

Current interim member of the subcommittee, former Arbitration Committee clerk, current admin.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.

I am proficient with computers and networking technology, (I can operate them and generally understand them, can run a traceroute, etc.) and like many I am the go to guy among family friends and colleagues for troubleshooting computer issues. I am not however, an expert (not a sysadmin, computer security specialist, cracker, or the like) in anyway shape or form.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?

CU and OS as a result of my interim appointment to the subcommittee, not a bureaucrat, steward, or OTRS team member.

Questions for this candidate

Please put any questions you might have in this section.

Questions from Xeno

Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
A: Yes, I believe they should be able to, although I have chosen not to use the tools except in narrowly defined "emergency situations" and reasonable exceptions. I believe fully that the core issue for the audit subcommittee is the good judgment, the reasonable discretion exercised by its membership. In my own judgment, I believe I have and would continue to serve best by not using the tools in an effort to maintain a certain distance from other functionaries, specifically those I should be watching. Another subcommittee member whose judgment and character I hold highly is of the opposite opinion, and uses the tools to good effect. I see both positions as reasonable. In the end, when you vote for against one of us, you're not voting for whatever positions we ascribe to, but to our good sense and character. Audit subcommittee members will have the tools - they will gain a significant amount of private and technical data even if they do not use them directly, and they should be elected with those concerns in mind.
Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (i.e. will you retain your 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
A: Yes, although in the interests of full disclosure, I've also just now added in an exception for OS use on my own edits for testing purposes, and a clarification that my self imposed restrictions and exceptions on OS use includes the use of suppression. The "personal policies" I have written are just that, they reflect my personal beliefs on best practices, and I'm a proponent of having such things written out publicly, and if amended, for that to be done publicly. I reserve the privilege to make certain reasonable changes, which will be written on that same page and clearly noted as an update. For example if I create another alternate account (for testing purposes), I will update my personal policy to allow running a CheckUser on that account since it is still "mine."

Question from Mailer Diablo

Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?

The short answer is to investigate the breach, if there is one, correct it, if need be, and all in a low drama fashion. Generally the solution is to avoid arguing with these users, but simply to do what is right as far as the problem is, if there is a problem. Its hard to get more specific because of that case by case basis thing, but it usually comes down to addressing the problem (if there is one) separate from the complainant, but when the complainant is clearly angling for attention, to deny them that attention.

Question from SilkTork

Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use. SilkTork * ^YES! 12:05, 2 November 2009 (UTC) reply

1. A check of an account that shows high familiarity with Wikipedia culture and personalities that is being used disruptively to make a point. 2. Checking an account you suspect to be a famous person to confirm your suspicion. (Barring further compelling reasons) Ch 3. Check of a vandal targeting the user doing the check. (In my case, an account editing random pages with TZNKAI SUCKS, for example) 4. Suppression of an outing attempt (Tznkai is an ugly woman named Jane Doe who lives on Drury Lane) (For the record, I am male, but I make no statements as to my attractiveness or proximity to The Muffin Man) 5. Suppression of an embarrassing but otherwise innocuous edit. (such as if I edited, I dunno, Sailor Moon some time ago) 6. Suppression of an attack vandal name, especially by the targeted name (Tznkai is a bad admin). The borderline cases I chose have two problems: one, not every vandal needs to be hunted down and all their traces obliterated to all views. I have no particular problem with the removal of vandal names from non-logged in user view (and the way the tools work now, all non-admins as a result), simply out of a sense of tidiness, but suppression of an edit from the view of all non-Oversight users is way over the top. The second issue is that tool users should restrain themselves from responding to attacks against themselves with checkuser, which violates privacy, and suppression, which is designed to protect privacy. These are not best practices but the damage done is relatively low, so it should be dealt with by the subcommittee promoting certain best practices, but without say, recommending removing tools.-- Tznkai ( talk) 00:48, 3 November 2009 (UTC) reply

Question from Emufarmers

Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)

I had already stated my intention to do so at User:Tznkai#Personal_policies upon my appointment.

Questions from Cenarium

Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?

oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list

1. is already (as far as I'm concerned) part of the mandate of the subcommittee. I'm not sure if you're implying something systemic to be organized, but at the barest of minimums any member can and should respond to any questionable action they run across on their own initiative. The subcommittee is not a court at all, and if it was one, it wouldn't be one that can react only to motions, (I'm unaware of any actual court in the world that isn't able to act on its own initiative in some way or another anyway) As to 2., advice: I believe is technically outside of the borders of the mandate to advise except in response to an actual problem, but as I've said earlier, we are not a court, and I am in favor the subcommittee publishing the standards by which it intends to hold CU/OS use to. Finally 3., monitoring the Functionaries-en (and presumably checkuser and oversight lists) job is first off, incredibly dull, and second off, part and parcel of monitoring CU/OS in general.

Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.

I'll answer the general question first and then move to the specific. As far as I'm concerned the audit subcommittee has a broad mandate to respond to problems concerning the CU and OS tool use and their users. This includes investigating and reporting to ArbCom whether a checkuser or oversighter has adequate judgment to be trusted with private data and the use of CU/OS permissions. The only place where this gets tricky is a "conduct unbecoming" issue, where an individual checkuser or oversighter is a total dick but is scrupulous in their respect for privacy and exercise of discretion. That is an area where I might defer to the full Arbitration Committee without comment from the subcommittee. In your specific example, you've raised two red flags: letting a personal conflict spill onto Wikipedia which is always problematic and irritating, and worse, managing provoke the fairly stringent oversight criteria. That goes to the sound judgment of a permission holder (rather, the lack of it) which is my primary concern with CU/OS.

Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.

Again, there is a tricky borderline area between "indicative of poor judgment" and general "conduct unbecoming." To the extent that using an undisclosed alternate account can be an incredibly foolish idea, that goes to judgment. On the other hand many of the concerns people have about sock puppet accounts have more to do with general outrage about interpersonal behavior rather than relevant judgment calls. Generally speaking however, the more clear of a breach against established sock puppet policy, use of that sock puppet to pursue personal battles and things like that, the more likley that is indicative of poor judgment.

It bears reminding that the subcommittee does not take binding action on its own. We issue no injunctions, no blocks, no public warnings or admonitions. The subcommittee as it stands now, is structured to observe, investigate, report, and recommend. I see the benefits in making the subcommittee more independent, but I've also heard compelling arguments against it. My overall point, is that the audit subcommittee reacts to issues closely related to the use of tools - not to general problems of those who hold those tool. There are some people who are just too much of a jerk to have around, however qualified they are, but that is not the audit subcomittee's call to make.

Comments

~~I will probably not be available to answer further questions until sometime Sunday night, EST. -- Tznkai ( talk) 13:00, 31 October 2009 (UTC)~~ Back now.-- Tznkai ( talk) 03:58, 2 November 2009 (UTC) reply

Invitation to participate in SecurePoll feedback and workshop

Interested editors are invited to participate in the SecurePoll feedback and workshop. SecurePoll was recently used in the Audit Subcommittee election, and has been proposed for use for the upcoming Arbitration Committee election at this current request for comment (RFC). Your comments, suggestions and observations are welcome.

For the Arbitration Committee,
Dougweller ( talk) 09:05, 12 November 2009 (UTC) reply