Wikipedia talk:CheckUser

Archives:

• /Archive1 - to April 2008 (old page, prior to creation of policy page)

See [1] and [2] for discussions. FT2 ^{(Talk | email)} 22:04, 12 April 2008 (UTC)[reply]

The policy says: "Complaints of abuse of CheckUser or privacy policy breaches may also be brought to the Ombudsman committee."

The Foundation has said the ombudsmen may only deal with breaches of the privacy policy. Has this been changed? SlimVirgin ^talk|edits 12:07, 13 April 2008 (UTC)[reply]

The Ombudsman commission deal with violations of the privacy policy; that is to say, inappropriate release of information. Complaints about misuse of the tool that do not result in release of information should be referred to Arbcom, which on this wikipedia at least, is the body that has the authority to grant or revoke access. Thatcher 15:50, 13 April 2008 (UTC)[reply]

Okay, thanks, Thatcher. The policy should probably make clear that the ombudsmen currently aren't allowed to look into checkuser misuse alone. SlimVirgin ^talk|edits 03:42, 14 April 2008 (UTC)[reply]

I wouldn't say not allowed, exactly. The members of the commission have said (on the CU-L mailing list) that they do not believe use of the tool falls into their scope unless it involves release of information. For one thing, community norms are very different on different wikis. I believe on huwiki all requests must be public, are publicly logged, and require at least 5 votes in favor of running the check with no more than 2 opposed. The privacy policy is a Foundation-wide standard; the commmission is not really set up to judge whether just checking (without release) violates local standards for checking. Thatcher 17:34, 14 April 2008 (UTC)[reply]

I'm not sure I follow. We have a situation where we have two ombudsmen for the English Wikipedia — Rebecca and Mackensen, and until last year we had Uninvited Company. They are tasked by the Foundation with investigating privacy policy violations. Whenever anyone has tried to raise a checkuser violation with them, we have been told by various people, including Florence, that ombudsmen may not investigate checkuser violations in the absence of privacy policy violations.

No explanation for this has ever been given, except that to allow them to investigate checkuser misuse would significantly increase their workload. But if the number of complaints about checkuser is such that to allow the ombudsmen to deal with them would increase their workload to the point of making it unreasonable, we need to appoint more ombudsmen. It is also not clear how anyone can know it would significantly increase their workload if the complaints are currently not being made, because there is no one to make them to.

As things stand, if anyone wants to complain about a checkuser on the English Wikipedia, they have to initiate a full ArbCom hearing, which a lot of people will not want to do for reasons of privacy. If someone feels that Checkuser X should not have obtained their IP address, they're not likely to want to make a complaint that might involve sharing it with the ArbCom mailing list of over 30 people, and drawing even more people's attention to it in the checkuser log.

It's therefore a real Catch 22 situation, and it's puzzling that it's allowed to continue, because it's completely unnecessary. SlimVirgin ^talk|edits 22:00, 14 April 2008 (UTC)[reply]

• I guess I share this concern. What or how does one ask about possible checkuser abuse? There is some anecdotal evidence that it goes on (CharlottesWeb arbcom hearing), what is the review mechanism? I don't have a problem with a quiet (not on wiki) review mechanism, but having one that is described on wiki, and place to ask for review of activity on wiki would I think aleviate a lot of concerns. --Rocksanddirt (talk) 22:51, 14 April 2008 (UTC)[reply]
  • What's the definition of "fishing" anyway? I'm sure I can find a post to the mailing list where someone was saying half the times checkuser is used its a private request. Everyone knows that CUs hang out in IRC and you can get hold of them quickly if you want them there. So how do we define checkuser abuse, precisely? Does it merely mean that someone else other than the CU has to ask? Its OK if so, but it should be stated up front. In these off-wiki requests, is the name of the other person asking listed as well? --Relata refero (disp.) 23:29, 14 April 2008 (UTC)[reply]
    • yes! these are all important questions! (but not rush ones) I'm sure whatever abuse there is is very limited and mostly abusive requests are ignored, but a fuller discussion of some of these kinds of potentials is important. --Rocksanddirt (talk) 23:53, 14 April 2008 (UTC)[reply]

There was extensive discussion of this issue on checkuser-L in the last couple of weeks, with participation by Rebecca and Mackensen (from the ombudsman commission) as well as many other checkusers from other projects. The question was framed as "Who do we complain to when a checkuser runs a check for no reason." Both Rebecca and Mackensen were of the opinion that the Foundation privacy and checkuser policies prohibit inappropriate release of information, but that checks which do not result in release of private information do not violate the privacy policy, by definition, therefore they do not have the authority to investigate claims of inappropriate checking that do not involve data release. This was also the consensus of non-enwiki checkusers because, as I said above, different local wikis have different standards of privacy and what constitutes "sufficient reason." And of course, there may be differences of opinion even among checkusers on the same project as to what constitutes sufficient reason for a check. So the outcome of that discussion was that the ombudsman commission will deal with complaints about inappropriate release of results but not inappropriate checking. If that bothers you, take it to m:Talk:Ombudsman_commission. There is nothing that can be done about it here.

Exactly how to deal with accusations of inappropriate checking was never really dealt with conclusively. At one point I suggested forming a grand jury of other checkusers, but that didn't go over very well. The discussion ended without a satisfactory resolution; the consensus was that on projects that have a mechanism for granting checkuser, that same mechanism has the power to take it away. (Some large wikis have Arbcoms, some smaller wikis have elections.) The Foundation does not appear to want a role micromanaging checkusers on individual projects, either. So the issue was sort of left hanging.

It is, of course, practically impossible to talk about this issue without having a specific complaint to look at, and obviously someone who is concerned that their privacy has been violated will not want to make a public complaint. That leaves either checkuser-L, or Arbcom. Arbcom is theoretically the body that has the power to investigate misuse of checkuser and revoke access--I really don't know what to say about editors who mistrust one checkuser or the other, and are afraid that making a complaint will draw the attention of untrustworthy checkusers. Certainly the arbcom-L mailing list is not secure at the present time. I suspect that if a complaint was made to checkuser-L, with sufficient details to allow an investigation, and if a majority of checkusers felt that the check had been run without sufficient cause, that Arbcom would take the results seriously. A jury of non-enwiki checkusers would avoid the catch-22 posited above, but I'm not sure you could get enough volunteers to take the job, and they certainly couldn't do it without full cooperation from all parties. Perhaps a complaint could be heard by a small subset of checkusers who were trusted by both sides, and a recommendation made to Arbcom.

Ultimately, this is a situation that can arise only rarely, when one checkuser looks in the log and tells a friend, "I saw you were checkusered." The majority of checks are carried out quietly and without drama and result in no action, or result in blocks or warnings or other action that makes the fact of the check obvious. It is rarely a good idea to try to write policy to fit rare, unusual and difficult circumstances; better to try and work it out one way or the other. In any event, it is presently the view of the ombudsman commission that no privacy violation occurs unless the results are released, and the place to discuss that is m:Talk:Ombudsman_commission. Thatcher 00:57, 15 April 2008 (UTC)[reply]

Thanks for that, Thatcher. I'll reply properly when I have more time, but I just wanted to say that the privacy policy issue is a red herring. The issue is purely who is checking that checkuser is not misused; who should be complained to if it is; and how are users supposed to know whether it has been. Also, the point about misuse happening rarely — we have no idea whether it happens rarely. All we know is that misuse rarely comes to light, because there is no mechanism for checking that. The cases I know of where it has come to light have been because, in one case (when I was checked in 2006), I asked someone whether I had been (and checkusers are allowed under this policy to answer that question); and on another occasion where the checkuser discussed his check of an admin on IRC; and in yet another example, where the checkuser himself told one of the people he checked that he had done it.

When you say, "this is a situation that can arise only rarely" — that is actually part of the problem. SlimVirgin ^talk|edits 01:16, 15 April 2008 (UTC)[reply]

In part, you are correct. However, even if you empowered the ombuds or some other agency to investigate "checkuser abuse", it would only come to light under the same rare circumstances. Or do you propose a proactive and continual investigation of all checkusers? That's awfully big-brotherish. In any event, the ombuds have stated that if there is no release, there is no violation, and that can't be changed here. Thatcher 01:29, 15 April 2008 (UTC)[reply]

So, just to get this absolutely clear: we aren't going to define checkuser abuse, and we aren't going to get the ombuds involved unless there is a provable public release of info? I'm not objecting per se to those principles - since almost all checkusers are trusted by the community, one could assume that its not a problem - but is there any reason that cannot be stated directly, so people know exactly how much we must trust them? --Relata refero (disp.) 12:05, 15 April 2008 (UTC)[reply]

There is no single definition of "checkuser abuse" just like there is no single definition of "administrator abuse." Much depends on the circumstances. Arbcom has occasionally revoked admin access for cause, after investigating and considering all the facts, and the page already says that Arbcom can remove checkuser access for misuse. It also happens that there is an additional process to consider a subset of allegations of misuse (allegations involving inappropriate release). Thatcher 12:26, 15 April 2008 (UTC)[reply]

I wouldn't expect a perfect definition. But WP:ADMIN does, for example, make some effort, though it is necessarily incomplete. The point is: if we have no idea at all what abuse is short of actually releasing information, then that should be stated, saying that all other actions have their propriety determined by ArbCom. (I actually am quite uncomfortable with that, but whatever. At least the page should be open about it, because it makes it even more clear why all checkusers need to be trusted to an quite extraordinary degree. --Relata refero (disp.) 12:31, 15 April 2008 (UTC)[reply]

Someone removed this — "if the IP addresses returned by a check of a user account are also checked, the log will retain those IPs, and the timing of the check is likely to link the IP addresses to the user account" — which I've returned because it's important not to give the impression that IP addresses aren't retained at all. SlimVirgin ^talk|edits 03:42, 14 April 2008 (UTC)[reply]

For some reason FT2 and 1+2 keep reverting this from FT2's talk page: All I want is a straight and public answer.

I think I would like an explanation "on-wiki" please [51]. Thanks Giano (talk) 19:14, 14 April 2008 (UTC) - ::Sorry, FT2, I won't have this message quietly removed like this [52], I received your email, and quite frankly that is not the way Wikipedia can do business. Everything, but the most important has to be upfront, otherwise none of us ever know where we stand. It is my suspicion that checkusers are used secretly on many editors for no substantial reason. So please don't force this issue into a dark corner. There was nothing in your email that could not be said here, so why this clandestine behaviour.Giano (talk) 21:50, 14 April 2008 (UTC) - - - Giano - I'm waiting for other input on this, to check if what I was given other's concerns over is actually a reasonable concern, or an unnecessary one, and if so its implications. And to address your other points. I've already spent some time speaking to the other person involved. Please bear with me while some Q&A's go back and forward a bit. FT2 (Talk | email) 22:07, 14 April 2008 (UTC) - - ...and this silly behaviour [53] is getting beyond a joke. Giano (talk) 22:14, 14 April 2008 (UTC) (Giano (talk) 22:32, 14 April 2008 (UTC))[reply]

I have moved Giano's comment because it seems to refer to this. This is a WP:BEANS issue; a clever person already knows that IPs may be inferred from the log without direct checking, but non-clever people do not know it unless it is spelled out. And this is something I would prefer that non-clever people should not know about. The Foundation is frequently contacted by lawyers seeking information on editors; the Foundation resists such attempts to the best of its ability but must comply with lawful subpoenas. One of the reasons that the checkuser table itself expires (there is no technical reason why it must, of course) is to limit the Foundation's exposure to subpoenas. Knowing that IPs can sometimes be associated with names via the log gives a smart attorney another avenue of discovering an editor's IP address even after the main checkuser data vanishes. Given the reluctance of the Foundation to disclose editor's information, this could conceivable lead to a shortening of the log itself, which would make it that much harder to use checkuser to find and stop disruptive sockpuppets and banned users. Of course, whether or not the log is explained in detail has no effect on what is actually in the log, and because the log can only be seen by checkusers, the format of the log will only ever be a concern to an editor who does not trust one or more of the current (or future) checkusers. Thatcher 01:21, 15 April 2008 (UTC)[reply]

Thank you. Now why could that be explained, on wiki, before without all this silly fuss? Giano (talk) 06:29, 15 April 2008 (UTC)[reply]

That's rather disingenuous, Giano. You had it (fully) by email, with exact and precise details of the concerns raised. It read (in part, my words):

"That may lead to speculation of a dangerous and unfair kind to users, in legal cases. It may be speculated that user A is IP B, because of various searches in close proximity, even though no information is held one way or the other. It may lead to allegations that are incorrect and speculative."'

which is the flip side of Thatcher's take on the problem. Further, when you said you wanted it on-wiki, you were also (fully) told without holding back^[3]:

"I'm waiting for other input on this, to check if what I was given other's concerns over is actually a reasonable concern, or an unnecessary one, and if so its implications. And to address your other points. I've already spent some time speaking to the other person involved. Please bear with me while some Q&A's go back and forward a bit."

In light of this, I feel most reasonable people will read that you were in fact given appropriate and reasonable answers. User privacy issues are not something to be ignored just because a single user is highly impatient, nor something to trivialize for "politics" as you do. You were told, by a user whose communal role includes insight on serious issues, that there was a genuine concern, you had this explained, you were then told discussion is in progress. Unfortunately you were apparently incapable of seeing this answer in terms other than "must.. be.. bad.. motive.." and decided to edit war, and then insult administrator/s who told you to stop it. That's not intelligent or witty, it's not what I'd expect from an intelligent or clued in user. It was a blinkered, narrow, view that ignored all input except the input it wanted.

Don't in future. FT2 ^{(Talk | email)} 09:37, 15 April 2008 (UTC)[reply]

Giano, the reason FT2 wanted to keep the discussion private is for precisely the reason I stated above, we do not want to help non-clever people figure this out. And I still hope to keep the information out of the page and hide this discussion in the archives. And FT2 is correct as well, using this information could lead not only to true conclusions that editors would prefer to keep quiet, but also to false conclusions. I am disappointed that you were blocked over this issue but I am also disappointed in your conduct. Preferring to keep quiet about some technical aspects is not a sign of dirty deeds being hidden. Thatcher 10:45, 15 April 2008 (UTC)[reply]

Thatcher, I don't mean to bang on about this unnecessarily, but I'm having difficulty imagining a lawyer drawing up a legal document requesting IPs who, assuming he knows checkuser exists, would not word the document in such a way as to include the checkuser log, regardless of anything this policy says. Could you address that issue?

The difficulty here is that, while it might be desirable not to say too much, we can't actively mislead either, and the wording as it was did mislead, and on an issue that many editors might care about. SlimVirgin ^talk|edits 05:50, 16 April 2008 (UTC)[reply]

<--I don't know what the typical legal threat looks like; I do know the Foundation has received some pretty clueless requests, like for all the identifying information of an IP editor. When I emailed FT2 about this I cc'd Mike Godwin but he has not replied. I disagree that not stating explicitly that inferences may be drawn from the log is intentionally misleading. It could also be argued that it is still misleading in its current form, since many inferences that could be drawn from the log will be wrong or incomplete. (If I check 5 users and 2 IPs, for example, there is no way to really know which belonged to whom or what the findings were.) Thatcher 12:19, 16 April 2008 (UTC)[reply]

I've added m:Steward requests/Checkuser, the meta requests page for multi-project checkusering. Any comments or opposition to this? Anthøny 23:12, 15 April 2008 (UTC)[reply]