I was looking for something unrelated in the archives and came across an email [1] that I believe people might find informative wrt to the Identification Policy which I believe has had discussion tabled for the moment. It seems to be the original suggestion that WMF needs some sort of identification policy by then volunteer/board-member Erik. He was *not* a staff member at the time of this message, just to be clear, since people seem to be fond of re-framing debate along such lines lately. Summary of the context follows (Not perfectly accurate chronologically speaking):
A female leader in the zh.WP community was harassed/threatened by the creation of an account User:Rape[HerRealName]. Advice was sought in handling the situation. There was talk about going to the authorities. There was talk about which information about the account creator could be given to the authorities under what circumstances. The existing privacy policy was quoted as "6 Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public." . There was talk about it essentially being a matter of mature judgment to differentiate between derogatory comments, which however reprehensible, do not merit violating a user's privacy and threats of violence which would compel the violation of privacy in order to attempt to prevent such threats from being carried out. The idea was suggested that perhaps those with the technical ability to access private information need to be identified to WMF so that WMF will know who deal with in case of abuse. It seemed to me that many people were quite surprised that the WMF was planning on recording the identifications of those with access to private information, instead on the non-recording of this correspondense which I believe has been the previous practice. It even seemed to me as though some were shocked at the implication that WMF may perhaps be looking for legal accountability for the judgments made by those with this access. So I found it very interesting when I stumbled across evidence of public discussion of the need to record the identities of trusted users in order to be able to deal with any abuse of private information by one of the Community-seat Board Members before the adoption of the resolution that has become controversial so recently. I don't mean to suggest that the surprise and shock were insincere, just that they seem to be rather uninformed as to the genesis of the resolution. It seems to me that those things were in fact the original intentions behind the resolution and the staff does have an obligation, however unpopular this obligation may have become during the time period it has been left unfulfilled, to see to recording such identities. Granted there are good reasons the obligation was left unfulfilled before, namely the lack of confidence in the WMF Office's technical and organizational ability to keep these records secure. But once the WMF Office reaches a level of reliability in organizational and technical competence where that objection is mitigated, they then must address their obligation to keep identification records. Also there are valid concerns over the ambiguity over whether the access to which particular tools should qualify people as subject to the Identification Resolution. What, however, in hindsight do not appear to be valid concerns to me are why the WMF "wants" to "change" things, or that the decision to keep such records was not in given a proper public place for discussion. I can imagine that the staff (who are much in contact with Erik who we must grant understood the intentions of a resolution he himself suggested the seed of in 2006) to some degree assumed that the trusted volunteers understood that the Identification Resolution's ultimate goal was the production of records and that practice of destroying correspondence was done out of responsibility for the fact that staff did not feel confident in their current ability to keep such records. I can also imagine the trusted volunteers who were upset by the idea of such records being kept to some degree assumed because there has sometimes been a practice of destroying identification correspondence that this practice was in fact the agreed upon policy of the Identification Resolution and also because they could not recall otherwise trusted volunteers to some degree assumed the potential policy of actually keeping identification records and why such records may be needed had never been brought up for public discussion until after it had been adopted. Certainly the exact thoughts and communications during this recent misunderstanding were rather more varied, less articulated, and altogether a shade more grey than my speculation. But I am confident that my speculations are not entirely inaccurate and that they are completely in good faith. There has recently been a lot of discussion about getting back to the tenet of assuming good faith. Here is as a good a place to start that journey as any. On the tabled issue we are still left at least two important questions that need resolution through an open discussion that succeeds in convincing those volunteers who may be affected: *How can volunteers be made be confident in the security of their identification as records are being collected, recorded, and stored? How can this confidence be maintained changes occur at WMF? Do these concerns merit the expense of security audits? *What tools that volunteers use in order to do the work of WMF will require them to become a subject of the Identification Resolution? As new tools are developed, who will be responsible for keeping track of their existence and seeing that it is determined whether or not those who will be given access to them will need to become a subject of the Identification Resolution? Birgitte SB [1] http://www.gossamer-threads.com/lists/wiki/foundation/74095#74095 _______________________________________________ foundation-l mailing list foundation-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
