Mailing List Archive

On Fri, 2008-05-09 at 01:53 +0200, Florence Devouard wrote:
> Hello,
>
> During the last board meeting, the board approved the following resolution
>
> The Wikimedia Foundation Board of Trustees will amend its privacy policy
> to notify, when possible, those members of the community whose
> personally identifiable data has been sought through, or produced as a
> result of, civil or criminal legal process, except when such
> notification is forbidden by state or federal law in the United States
> of America.
>
>
> This change of policy was suggested early march by Nsk92, following the
> Video Professor incident.


Cool. I remember this either at the time it came up, or some other
earlier incident which resulted in such a proposal.

Question : will the notification occur before WMF actually produce the
information so that the member of the community can challenge the
information request through whatever legal process that may be available
to them?

KTC

--
Experience is a good school but the fees are high.
- Heinrich Heine

Kwan Ting Chan wrote:
> On Fri, 2008-05-09 at 01:53 +0200, Florence Devouard wrote:
>
>> Hello,
>>
>> During the last board meeting, the board approved the following resolution
>>
>> The Wikimedia Foundation Board of Trustees will amend its privacy policy
>> to notify, when possible, those members of the community whose
>> personally identifiable data has been sought through, or produced as a
>> result of, civil or criminal legal process, except when such
>> notification is forbidden by state or federal law in the United States
>> of America.
>>
>>
>> This change of policy was suggested early march by Nsk92, following the
>> Video Professor incident.
>>
>
>
> Cool. I remember this either at the time it came up, or some other
> earlier incident which resulted in such a proposal.
>
> Question : will the notification occur before WMF actually produce the
> information so that the member of the community can challenge the
> information request through whatever legal process that may be available
> to them?
>
The resolution covers both the case where information has only "been
sought", as well as where it has been "produced" already. It also
acknowledges that in some cases the notice itself may be forbidden
(compare the recent news story about the Internet Archive, which
successfully resisted an FBI attempt to extract information, but was
forbidden to disclose it while the matter was being litigated).
Otherwise, clearly we would prefer to notify affected parties prior to
producing information, but given the varied circumstances that might
lead to such a request, we cannot promise this in every situation.

--Michael Snow


_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Thu, 2008-05-08 at 18:32 -0700, Michael Snow wrote:
> >
> > Question : will the notification occur before WMF actually produce the
> > information so that the member of the community can challenge the
> > information request through whatever legal process that may be available
> > to them?
> >
> The resolution covers both the case where information has only "been
> sought", as well as where it has been "produced" already. It also
> acknowledges that in some cases the notice itself may be forbidden
> (compare the recent news story about the Internet Archive, which
> successfully resisted an FBI attempt to extract information, but was
> forbidden to disclose it while the matter was being litigated).
> Otherwise, clearly we would prefer to notify affected parties prior to
> producing information, but given the varied circumstances that might
> lead to such a request, we cannot promise this in every situation.

My question did have the implicit assumption that the foundation are
legally able to notify the member before the information were produced.
Thanks for the response.

KTC

--
Experience is a good school but the fees are high.
- Heinrich Heine

Just as a matter of interest: roughly how many of these cases are
there (currently) per year?

Is it already clear what would be done in case person A's information
has been sought, but person A has no other communication methods
available other then talkpage? Would this mean the notification would
be posted there? (I guess I would not very much appreciate posting
that kind of things to my talk page, but maybe others think otherwise
of it) I assume it is a detail, but not something that would occur
very rarely I guess...

BR, Lodewijk

2008/5/9 Florence Devouard <anthere@anthere.org>:
> Hello,
>
> During the last board meeting, the board approved the following resolution
>
> The Wikimedia Foundation Board of Trustees will amend its privacy policy
> to notify, when possible, those members of the community whose
> personally identifiable data has been sought through, or produced as a
> result of, civil or criminal legal process, except when such
> notification is forbidden by state or federal law in the United States
> of America.
>
>
> This change of policy was suggested early march by Nsk92, following the
> Video Professor incident.
> http://en.wikipedia.org/wiki/Wikipedia:Village_pump_%28policy%29/Archive_25#Releasing_IP_addresses_of_registered_users:_the_Video_Professor_incident
> After I was informed of this request, I added it on the board agenda and
> asked Mike Godwin to come with an appropriate text.
>
> As a matter of interest, I had asked Mike to review entirely, and to
> work on a full update of our privacy policy. We should expect a full
> draft for this summer. However, I felt that this little update could
> anticipate the brand new summer version.
>
> Thanks
>
> Florence
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

>
> Is it already clear what would be done in case person A's information
> has been sought, but person A has no other communication methods
> available other then talkpage? Would this mean the notification would
> be posted there? (I guess I would not very much appreciate posting
> that kind of things to my talk page, but maybe others think otherwise
> of it) I assume it is a detail, but not something that would occur
> very rarely I guess...


talkpage is not notifying a person, but notifying whole community.
the real valid way we have of notifying people is by email they
specify in their account.

--
Domas Mituzas -- http://dammit.lt/ -- [[user:midom]]



_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

I suppose one could use a talk page to ask someone to activate their email.

-Robert Rohde

On Fri, May 9, 2008 at 2:19 AM, Domas Mituzas <midom.lists@gmail.com> wrote:

> >
> > Is it already clear what would be done in case person A's information
> > has been sought, but person A has no other communication methods
> > available other then talkpage? Would this mean the notification would
> > be posted there? (I guess I would not very much appreciate posting
> > that kind of things to my talk page, but maybe others think otherwise
> > of it) I assume it is a detail, but not something that would occur
> > very rarely I guess...
>
>
> talkpage is not notifying a person, but notifying whole community.
> the real valid way we have of notifying people is by email they
> specify in their account.
>
> --
> Domas Mituzas -- http://dammit.lt/ -- [[user:midom]]
>
>
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Pfew, thanks for clarifying :)

2008/5/9 Domas Mituzas <midom.lists@gmail.com>:
>>
>> Is it already clear what would be done in case person A's information
>> has been sought, but person A has no other communication methods
>> available other then talkpage? Would this mean the notification would
>> be posted there? (I guess I would not very much appreciate posting
>> that kind of things to my talk page, but maybe others think otherwise
>> of it) I assume it is a detail, but not something that would occur
>> very rarely I guess...
>
>
> talkpage is not notifying a person, but notifying whole community.
> the real valid way we have of notifying people is by email they specify in
> their account.
>
> --
> Domas Mituzas -- http://dammit.lt/ -- [[user:midom]]
>
>
>

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

2008/5/9 Robert Rohde <rarohde@gmail.com>:
> I suppose one could use a talk page to ask someone to activate their email.
>
> -Robert Rohde
>

That would still imply to the community that someone is falling under
this policy, and that the user is therefore "sought", something I'd
rather prefer to remain private information instead of public
knowledge :)

BR, Lodewijk

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Lodewijk writes:

> That would still imply to the community that someone is falling under
> this policy, and that the user is therefore "sought", something I'd
> rather prefer to remain private information instead of public
> knowledge :)

I made exactly the same point when we were discussing revisions of our
privacy policy with EFF. The EFF lawyers suggested that, in instances
where we don't have an active (working) e-mail for a User, we attempt
notifying the User on the Talk page. I suggested that many and
perhaps most users would prefer that we not do this in public for all
to see.


--Mike





_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Fri, May 9, 2008 at 7:28 AM, Mike Godwin <mgodwin@wikimedia.org> wrote:

> Lodewijk writes:
>
> > That would still imply to the community that someone is falling under
> > this policy, and that the user is therefore "sought", something I'd
> > rather prefer to remain private information instead of public
> > knowledge :)
>
> I made exactly the same point when we were discussing revisions of our
> privacy policy with EFF. The EFF lawyers suggested that, in instances
> where we don't have an active (working) e-mail for a User, we attempt
> notifying the User on the Talk page. I suggested that many and
> perhaps most users would prefer that we not do this in public for all
> to see.



Well if you want to be sneaky, you could also use a dummy account. Rather
than getting a message from User:MikeGodwin, they could get a request to
activate their email from User:SpunkyAngel525. ;-)

-Robert Rohde
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

2008/5/9 Mike Godwin <mgodwin@wikimedia.org>:
> Lodewijk writes:
>
>> That would still imply to the community that someone is falling under
>> this policy, and that the user is therefore "sought", something I'd
>> rather prefer to remain private information instead of public
>> knowledge :)
>
> I made exactly the same point when we were discussing revisions of our
> privacy policy with EFF. The EFF lawyers suggested that, in instances
> where we don't have an active (working) e-mail for a User, we attempt
> notifying the User on the Talk page. I suggested that many and
> perhaps most users would prefer that we not do this in public for all
> to see.

Surely if the message is something as simple as "could you please
activate your email? there's something we need to get in touch with
you over", then this won't imply anything to the community unless
there's no other possible interpretation of such a message.

I can't really imagine anyone digging deeply enough to figure out this
possibility on spotting such a message, but even if they do, one could
avoid this by making a habit of nagging users to enable their email,
thus creating plenty of misdirection ;-)

--
- Andrew Gray
andrew.gray@dunelm.org.uk

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

I am kind of concerned (not with the change btw). Basically if I wanted to
learn the IP of a user I dislike, all I need to do is file a criminal
charge? How does it work?
- White Cat

On Fri, May 9, 2008 at 2:53 AM, Florence Devouard <anthere@anthere.org>
wrote:

> Hello,
>
> During the last board meeting, the board approved the following resolution
>
> The Wikimedia Foundation Board of Trustees will amend its privacy policy
> to notify, when possible, those members of the community whose
> personally identifiable data has been sought through, or produced as a
> result of, civil or criminal legal process, except when such
> notification is forbidden by state or federal law in the United States
> of America.
>
>
> This change of policy was suggested early march by Nsk92, following the
> Video Professor incident.
>
> http://en.wikipedia.org/wiki/Wikipedia:Village_pump_%28policy%29/Archive_25#Releasing_IP_addresses_of_registered_users:_the_Video_Professor_incident
> After I was informed of this request, I added it on the board agenda and
> asked Mike Godwin to come with an appropriate text.
>
> As a matter of interest, I had asked Mike to review entirely, and to
> work on a full update of our privacy policy. We should expect a full
> draft for this summer. However, I felt that this little update could
> anticipate the brand new summer version.
>
> Thanks
>
> Florence
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

I'd prefer that no possible questions could be raised. Please also
note that this is not only about enwiki, but about wikimedia.
Certainly on small projects, such questions would raise attention. And
if a random user with User:SneakyHiddenName would ask me to turn on my
email... sorry, I doubt that would persuade me :) Maybe MikeGodwin
would, if his userpage tells that he is the general counsel of the
WMF, but that would raise the problems :)

I guess you need to draw a line somewhere, and I think that an
activated email address is a good line. It is the only way you know it
only ends up with the person intended, safe for privacy concerns and
not implying anything. I think it is not unreasonable to expect also
some effort from the user to help us if (s)he wants to be contacted in
such cases. The only not-normally possible action I could justify is a
developer looking into the database if there is either an unconfirmed
address either an address that does not allow to send emails to, but
is activated for password reminder purposes.

Lodewijk

2008/5/9, Andrew Gray <shimgray@gmail.com>:
> 2008/5/9 Mike Godwin <mgodwin@wikimedia.org>:
>
> > Lodewijk writes:
> >
> >> That would still imply to the community that someone is falling under
> >> this policy, and that the user is therefore "sought", something I'd
> >> rather prefer to remain private information instead of public
> >> knowledge :)
> >
> > I made exactly the same point when we were discussing revisions of our
> > privacy policy with EFF. The EFF lawyers suggested that, in instances
> > where we don't have an active (working) e-mail for a User, we attempt
> > notifying the User on the Talk page. I suggested that many and
> > perhaps most users would prefer that we not do this in public for all
> > to see.
>
>
> Surely if the message is something as simple as "could you please
> activate your email? there's something we need to get in touch with
> you over", then this won't imply anything to the community unless
> there's no other possible interpretation of such a message.
>
> I can't really imagine anyone digging deeply enough to figure out this
> possibility on spotting such a message, but even if they do, one could
> avoid this by making a habit of nagging users to enable their email,
> thus creating plenty of misdirection ;-)
>
>
> --
> - Andrew Gray
> andrew.gray@dunelm.org.uk
>
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Florence writes:

>> As a matter of interest, I had asked Mike to review entirely, and to
>> work on a full update of our privacy policy. We should expect a full
>> draft for this summer. However, I felt that this little update could
>> anticipate the brand new summer version.

We have been in discussions with EFF and other privacy experts, and
the feedback has been largely that our privacy policy is pretty good
(we keep far less information than most service providers), but that
we do need to strengthen our notification policy (e.g., by letting
people know their information is being sought, unless we are prevented
by law from doing so -- assuming we have the capability of notifying
them.).

So in some respects our "brand new summer version" will look similar
to the current version, but with some significant changes aimed at (a)
improving notification, (b) expressing the philosophy of our approach
to personal information (we retain as little of it as possible,
consistent with our mission and community norms) and (c) making the
policy more readable/accessible to non-technical users.

We plan to continue to adhere to American data-retention norms (very
narrow and short-term) rather than the broad data-retention
requirements of many other nations in Europe and elsewhere (very broad
and long-term).


--Mike





_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

A more specific question than what White Cat wrote below would be this: In
what situations does the WMF disclose information? Only as the result of a
subpoena? In response to a national security letter? To a non-binding
request from law enforcement (assuming that, in some locales, a request
other than a subpoena may be binding)?

I would assume that a request from a private lawyer for information relevant
to litigation which has not resulted in a subpoena valid in the United
States would not be honored? Somewhat relevant to me personally, as a
matter of fact, as I have reason to expect such a request for my
information.

Nathan

On Fri, May 9, 2008 at 11:30 AM, White Cat <wikipedia.kawaii.neko@gmail.com>
wrote:

> I am kind of concerned (not with the change btw). Basically if I wanted to
> learn the IP of a user I dislike, all I need to do is file a criminal
> charge? How does it work?
> - White Cat
>
>
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Just to clear things out, although I think I know the answer, what
about regular users' request to arbcoms etc? Are checkusers going to
be obliged to disclose that too? Or only if the request is made to the
*foundation*? (I think it is the latter, but please confirm :) )

BR, Lodewijk

2008/5/9, Nathan <nawrich@gmail.com>:
> A more specific question than what White Cat wrote below would be this: In
> what situations does the WMF disclose information? Only as the result of a
> subpoena? In response to a national security letter? To a non-binding
> request from law enforcement (assuming that, in some locales, a request
> other than a subpoena may be binding)?
>
> I would assume that a request from a private lawyer for information relevant
> to litigation which has not resulted in a subpoena valid in the United
> States would not be honored? Somewhat relevant to me personally, as a
> matter of fact, as I have reason to expect such a request for my
> information.
>
> Nathan
>
> On Fri, May 9, 2008 at 11:30 AM, White Cat <wikipedia.kawaii.neko@gmail.com>
> wrote:
>
>
> > I am kind of concerned (not with the change btw). Basically if I wanted to
> > learn the IP of a user I dislike, all I need to do is file a criminal
> > charge? How does it work?
> > - White Cat
> >
> >
> >
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On 5/9/08, White Cat <wikipedia.kawaii.neko@gmail.com> wrote:
> I am kind of concerned (not with the change btw). Basically if I wanted to
> learn the IP of a user I dislike, all I need to do is file a criminal
> charge? How does it work?

You need to file a criminal or civil case, send a subpoena to
Wikimedia, convince a judge not to quash the subpoena, and then
convince the judge not to punish you for filing false charges or a
frivolous lawsuit.

--
Mark

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l