Nathan, I’d like to respond to all three of your recent comments.

> Can you explain how this is so? I did a fair amount of work at SPI as a
> clerk, and I'm not sure I understand how the mere fact that a check was
> performed is giving sockpuppeters a roadmap for how to avoid detection. If
> you mean they could test the CU net by running a bunch of socks on
> different strategies to see which get checked and which don't, that seems
> like a lot of work that a vanishingly small number of abusers would
> attempt... and also basically the same information as they would receive
> when those sock accounts are ultimately blocked or not blocked per CU.
> ~Nathan

I think you might be amazed that the persistence and sophistication of some 
individuals. I personally haven’t dealt with them much on-wiki, but I’ve 
certainly seen them on IRC.

> Here are some problems with that rationale:
> 1) If a sock confirmation results from a CU check, the person is blocked,
> which is a pretty big tip off all its own. If a case is filed at SPI, then
> tons of evidence is submitted, then a CU check is performed in public, then
> a block is or is not imposed. That whole process is a pretty big tip off
> too, but we haven't shut it down for providing a road map to abusers.

You are correct that the start of the CU case is public at the time of filing 
at WP:SPI. The identity of the CU is also public when it is run for those filed 
cases. I believe that we are discussing in this thread are instances of the CU 
tool being used, or data from the tool being used and shared among 
functionaries who are permitted access to private data, when that use or 
sharing is not made publicly known at WP:SPI. I am not a Checkuser but perhaps 
someone who is a Checkuser can give some examples of situations when this 
happens. I personally know of at least two scenarios.

> 2) You can't dispute the use of CU on your information if you don't know
> that it was used. It's kind of like secret wiretapping with a FISA warrant;
> if you never know you've been wiretapped, how are you supposed to challenge
> it or know whether it was used improperly? As for "various groups can
> investigate", to some extent that's true. Most of them are checkusers,
> however, and they still tend not to disclose all relevant information. I'm
> not saying that any CU is doing anything improper or that it's likely, but
> such allegations have been made in the past, and it seems like a pretty cut
> and dried case of people having a right to know how their own information
> is being used. If Wikimedia were based in Europe, it would most likely be
> required by law.
> Nathan

When you use Wikipedia, information about what you do is logged. The same is 
true for other websites. In most cases on the internet in general, it’s 
impossible for the average user to know if their information has been used or 
disclosed in a way that is contrary to the site’s privacy policy. Sometimes 
misuse or preventable, improper disclosure of private data is made publicly 
known, as has happened with many online services being hacked for credit card 
or password information. The reality on the internet is that generally the 
information you provide can’t be guaranteed to remain private and secure. It is 
true that there can be abuses of investigative tools like CU, search warrants, 
and almost anything else. The best that can be done is to take reasonable 
precautions and to be careful about what you disclose in the first place, for 
the people who are trusted with special investigative tools to be honest and 
competent, to have sufficient “separation of powers” to help as much as 
possible to verify that the investigators are honest and competent, and for 
there to be penalties for investigators who misuse their authority. Regarding 
the investigative use of private information, as I think others have said also, 
sometimes there may be a good reason to keep an active investigation from being 
known to the individual who is being investigated. Like you, I value 
accountability and transparency, and I would gladly listen to suggestions that 
enhance accountability and transparency while maintaining reasonable safeguards 
for active investigations. There needs to be a balance. I prefer transparency, 
but sometimes there are good reasons for information to remain private.

Wikimedia-l mailing list

Reply via email to