Hi, Trillium-

As I pointed out to you the last time we discussed the privacy
policy[1], this issue (and the rest of the policy) were discussed
extensively with the community, with the board, and with the previous
Executive Director. It was then approved by the Board.

This particular topic was discussed particularly thoroughly, with a
separate consultation and additional discussion with the Board. We did
all that because, as we said in our blog post on the topic[2], this
was a tough question that required everyone involved to balance
difficult privacy concerns with the risks and practical difficulties
of identifying volunteers. There was no magical answer that could
please everyone, despite sincere efforts to find creative solutions
informed by several years of experience building and operating the
previous policy.

Since we made that post (and since the Board approved the decision)
nothing has changed. The factors being balanced are still difficult,
and Legal would still come down the same way we did in February (when
we finished the public consultation) and April (when we presented our
recommendation to the Board).

Perhaps when we next look at the question in a few years the facts
will have substantially changed and it will make sense to revisit this
decision and tighten the requirements. But right now, within months of
board approval after a lot of discussion, is not that time.

For what it is worth-

[1] https://www.mail-archive.com/wikimedia-l@lists.wikimedia.org/msg12552.htm
[2] http://blog.wikimedia.org/2014/02/14/a-new-access-to-nonpublic-information/

P.S. Tangentially, and speaking mostly for myself, I want to thank the
many Wikimedians I've talked with in the past ~18 months who have been
patient and supportive as we try our best to talk with you, weigh
costs and benefits with you, and make difficult decisions - not just
about privacy but also about many other things large and small. We'd
love to be perfect, have infinite time and infinite resources and
infinite patience, or no hard problems. Since we don't, we have to
just try our best. I'm grateful for and deeply appreciate all the
people who understand that and have worked with us in patient good
faith to move ahead the mission we all share. Corny, I know, but true.

On Thu, Jun 26, 2014 at 9:06 AM, Trillium Corsage
<trillium2...@yandex.com> wrote:
> Dear Ms. Tretikov,
> Would you please speak on the new revision of the "Access to Non-Public 
> Information" policy? Can you express your objection to it? Can you express 
> your support of it? You'll find it here:
> http://meta.wikimedia.org/wiki/Access_to_nonpublic_information_policy
> This governs the conditions by which the WMF grants access to potentially 
> personally-identifying data such as IPs and web-browser profiles of Wikipedia 
> editors. It grants these to particular administrative participants, for 
> example checkusers and oversighters and arbitrators, of the various 
> "communities," for example the Wikipedias of various languages.
> Under the terms of the prior access policy, those administrative participants 
> were required to send a fax or scanned copy of an identification document. 
> Editors were led to believe that the WMF kept record of who these people 
> actually were. It was repeatedly claimed that they had "identified to WMF." 
> This soothed the concerns of editors like me that thought, okay, well at 
> least someone knows who they are. The truth was that a WMF employee marked a 
> chart of usernames only that the administrative participant's ID showed 
> someone 18 or over, and then shredded or otherwise destroyed those records. 
> The phrase that so-and-so "has identified to WMF" or "is identified to WMF" 
> was so commonly stated, including by the WMF, that I regard it as a great 
> deception and betrayal that it really was shredding and destroying the 
> identifications.
> The new policy is even worse. It abandons the mere pretense of an 
> identification. So while it goes the wrong direction, at least it ceases to 
> deceive. All it calls for now is an email address, an assertion that the 
> person is 18 or over, and an assertion that the owner of the email account 
> has read a short confidentiality agreement. The person need not provide a 
> real name. You are well aware that various web-email services offer basically 
> untraceable email addresses. You are well aware that only a named person can 
> enter into agreement on confidentiality. An agreement by a Wikipedia username 
> with an untraceable email address is not only unenforceable, it is a 
> ludicrous proposition.
> The webpage says the policy is not in effect yet. I urge you to reject it as 
> written and instead have it amended to actually require identification for 
> those faceless entities you prepare to turn loose with potentially 
> cyberstalker tools.
> Whatever your stance, I do call on you to speak on the question. Say "yea," 
> say "nay," or say "not my concern," but at least speak.
> Trillium Corsage
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: 
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 
> <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>

Luis Villa
Deputy General Counsel
Wikimedia Foundation
415.839.6885 ext. 6810

This message may be confidential or legally privileged. If you have
received it by accident, please delete it and let us know about the
mistake. As an attorney for the Wikimedia Foundation, for
legal/ethical reasons I cannot give legal advice to, or serve as a
lawyer for, community members, volunteers, or staff members in their
personal capacity. For more on what this means, please see our legal

Wikimedia-l mailing list, guidelines at: 
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Reply via email to