> > MMORPG players
:-( Richard Symonds Wikimedia UK 0207 065 0992 Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects). *Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.* On 27 June 2014 14:18, Trillium Corsage <trillium2...@yandex.com> wrote: > Hi again Luis, > > Thank you for commenting my open letter to Lila. I guess if I send an open > letter I should expect open responses, however I surely hope Lila will > speak on the matter, "yea," "nay," or "not of concern to me," as I asked. > > Yes, I recall your previous response to my previous email (which was > actually larger in scope, criticizing the now-effective overall privacy > policy, whereas I now focus on the access-to-non-public information > sub-policy, not yet in effect). In it you said the policies would never > attain "perfection." Below you assert "there is no magical answer." These > are examples of thought-terminating cliches. Presented with reasoned > criticism of the policies, you attempt to stop discussion by saying they > can never be perfect or magical. To give you credit, a lot of times > thought-terminating cliches are effective in debate with non-lawyers. > > I'm going to go ahead and answer your "perhaps when we next look at the > question in a few years" with the obvious observation that the procedures > the policy lays out now are going to affect contributors mightily within > the next few years. The access policy is not effective yet and can still be > amended. So I'm going to resist your kicking the can down the road a few > years. > > Now, to dig into the actual merits of what you say, I respond that these > policies were not "discussed extensively with the community." You obtained > input almost exclusively from the *administrative subset* of the community, > and none no more so than the individuals that currently have or stand to > obtain the accesses in question. Should we be surprised that they prefer > anonymity for themselves, as they explore the IPs and browser signatures > and so on of the rank and file content editors? No. "The community" > according to Lila is *all* the editors, a mere fraction (though powerful) > of which are the insider and involved administrative types that commented > on the policy drafts. I'm confident you'll agree that this distinction is > more or less accurate, that in fact it is the administrative participants > particularly that tend to comment this stuff, and not so much > representatives of the great masses of content editors that actually built > Wikipedia. Please do not gloss over this distinction in the future when > claiming immense "community" participation. I'm not saying it's your fault > that the discussion wasn't representative though. I'm just saying that's > how it is. > > Neither am I faulting, or at least I shouldn't fault, anything about > Michelle Paulson's hard work on the matter. I think the bad decision to > accord anonymity to the checkusers and so forth was made higher up. In fact > it's interesting to look back in the discussion to see what she said: "1) > We do not believe that the current practices regarding collection and > retention of community member identification are in compliance with the > Board’s current Access to nonpublic data policy and hoped to bring the > policy and practices closer to fulfilling the original intent of the > policy" ( > http://meta.wikimedia.org/wiki/Talk:Access_to_nonpublic_information_policy/Archives/2014#Rethinking_the_access_policy:_Response_to_recent_feedback). > What she's saying is that WMF Legal became uncomfortable with the fact that > what the responsible individuals were doing with the identifications > (shredding, deleting) was at odds with what the policy clearly stated to > editors was the case (identifying). Faced with this problem, there were two > ways to go: 1) change the practice to conform with the policy (i.e. start > securely keeping the identifications), or 2) change the policy to conform > to the practice (i.e. grant anonymity to those granted access to > non-anonymous information of others). What I am saying here, and if Lila is > reading this far, is that you chose the wrong option. > > This email is already long, and I am not going to start commenting again > why I think the administrative culture has attracted exactly the wrong kind > of people, cyber-bullies, MMORPG players, creepers, and that this change to > the policy is going to magnify that. I guess I'll just close by saying that > it is not that hard to buy a secure file cabinet for the identification > faxes and, say, the removable hard-drive containing the identification > emails. There aren't all that great many checkusers and oversighters and > OTRS volunteers and so forth, and they're not being added that fast. The > existing ones can be accounted for in stages. So these "practical > difficulties" you refer to Luis, I don't see them as so severe. As for the > "risks to volunteers" what are you saying? Are you saying the WMF cannot > securely keep some copies of identifications? The real volunteers at risk > are those rank and file editors you propose to expose to a group of > anonymous and unaccountable administrative participants. > > Trillium Corsage > > 27.06.2014, 01:48, "Luis Villa" <lvi...@wikimedia.org>: > > Hi, Trillium- > > > > As I pointed out to you the last time we discussed the privacy > > policy[1], this issue (and the rest of the policy) were discussed > > extensively with the community, with the board, and with the previous > > Executive Director. It was then approved by the Board. > > > > This particular topic was discussed particularly thoroughly, with a > > separate consultation and additional discussion with the Board. We did > > all that because, as we said in our blog post on the topic[2], this > > was a tough question that required everyone involved to balance > > difficult privacy concerns with the risks and practical difficulties > > of identifying volunteers. There was no magical answer that could > > please everyone, despite sincere efforts to find creative solutions > > informed by several years of experience building and operating the > > previous policy. > > > > Since we made that post (and since the Board approved the decision) > > nothing has changed. The factors being balanced are still difficult, > > and Legal would still come down the same way we did in February (when > > we finished the public consultation) and April (when we presented our > > recommendation to the Board). > > > > Perhaps when we next look at the question in a few years the facts > > will have substantially changed and it will make sense to revisit this > > decision and tighten the requirements. But right now, within months of > > board approval after a lot of discussion, is not that time. > > > > For what it is worth- > > Luis > > > > [1] > https://www.mail-archive.com/wikimedia-l@lists.wikimedia.org/msg12552.htm > > [2] > http://blog.wikimedia.org/2014/02/14/a-new-access-to-nonpublic-information/ > > > > P.S. Tangentially, and speaking mostly for myself, I want to thank the > > many Wikimedians I've talked with in the past ~18 months who have been > > patient and supportive as we try our best to talk with you, weigh > > costs and benefits with you, and make difficult decisions - not just > > about privacy but also about many other things large and small. We'd > > love to be perfect, have infinite time and infinite resources and > > infinite patience, or no hard problems. Since we don't, we have to > > just try our best. I'm grateful for and deeply appreciate all the > > people who understand that and have worked with us in patient good > > faith to move ahead the mission we all share. Corny, I know, but true. > > :) > > > > On Thu, Jun 26, 2014 at 9:06 AM, Trillium Corsage > > <trillium2...@yandex.com> wrote: > >> Dear Ms. Tretikov, > >> > >> Would you please speak on the new revision of the "Access to > Non-Public Information" policy? Can you express your objection to it? Can > you express your support of it? You'll find it here: > >> > >> http://meta.wikimedia.org/wiki/Access_to_nonpublic_information_policy > >> > >> This governs the conditions by which the WMF grants access to > potentially personally-identifying data such as IPs and web-browser > profiles of Wikipedia editors. It grants these to particular administrative > participants, for example checkusers and oversighters and arbitrators, of > the various "communities," for example the Wikipedias of various languages. > >> > >> Under the terms of the prior access policy, those administrative > participants were required to send a fax or scanned copy of an > identification document. Editors were led to believe that the WMF kept > record of who these people actually were. It was repeatedly claimed that > they had "identified to WMF." This soothed the concerns of editors like me > that thought, okay, well at least someone knows who they are. The truth was > that a WMF employee marked a chart of usernames only that the > administrative participant's ID showed someone 18 or over, and then > shredded or otherwise destroyed those records. The phrase that so-and-so > "has identified to WMF" or "is identified to WMF" was so commonly stated, > including by the WMF, that I regard it as a great deception and betrayal > that it really was shredding and destroying the identifications. > >> > >> The new policy is even worse. It abandons the mere pretense of an > identification. So while it goes the wrong direction, at least it ceases to > deceive. All it calls for now is an email address, an assertion that the > person is 18 or over, and an assertion that the owner of the email account > has read a short confidentiality agreement. The person need not provide a > real name. You are well aware that various web-email services offer > basically untraceable email addresses. You are well aware that only a named > person can enter into agreement on confidentiality. An agreement by a > Wikipedia username with an untraceable email address is not only > unenforceable, it is a ludicrous proposition. > >> > >> The webpage says the policy is not in effect yet. I urge you to reject > it as written and instead have it amended to actually require > identification for those faceless entities you prepare to turn loose with > potentially cyberstalker tools. > >> > >> Whatever your stance, I do call on you to speak on the question. Say > "yea," say "nay," or say "not my concern," but at least speak. > >> > >> Trillium Corsage > >> > >> _______________________________________________ > >> Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > >> Wikimedia-l@lists.wikimedia.org > >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > > > > -- > > Luis Villa > > Deputy General Counsel > > Wikimedia Foundation > > 415.839.6885 ext. 6810 > > > > This message may be confidential or legally privileged. If you have > > received it by accident, please delete it and let us know about the > > mistake. As an attorney for the Wikimedia Foundation, for > > legal/ethical reasons I cannot give legal advice to, or serve as a > > lawyer for, community members, volunteers, or staff members in their > > personal capacity. For more on what this means, please see our legal > > disclaimer. > > > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > Wikimedia-l@lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>