Wikipedia:Arbitration Committee/Audit Subcommittee/2013 appointments/Richwales

Nomination statement (250 words max.)

 * I am offering myself as a candidate to support the English Wikipedia as a community member of the Audit Subcommittee. I have been involved with Wikipedia for eight years (including 1-1/2 years as an administrator), and I have significant experience with Internet networks and firewalls (giving me an understanding of the concepts a CheckUser needs to know).  My "day job" has given me lots of experience dealing with confidential personal data (so I believe I have a fair understanding of what an Oversighter needs to know).

Standard questions for all candidates
Please describe any relevant on-Wiki experience you have for this role.
 * A: I have been an administrator on the English Wikipedia for 1-1/2 years (since September 2011). I have been an SPI clerk on the English Wikipedia for the past two months (since mid-February 2013).  Additionally, I ran unsuccessfully in the December 2012 ArbCom election (see my candidacy page here).

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.


 * A: I have about 30 years of experience managing Internet networks and firewalls, so I understand the underlying concepts behind IP addresses, subnets, the WHOIS command, VPNs, open proxies, etc. I believe I have the necessary skill set to be able to function as a CheckUser (which means, in the context of the AUSC, that I think I have a good understanding of what is involved in doing their job).  I have lots of experience working with confidential personal data (e.g., the past 15+ years during which I have worked for a major university's student housing office and have ready access to students' housing assignment information but am required to keep this information strictly private).

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * A: I do not hold (and never have held) any of the above permissions on any WMF project. I do understand that if I am selected for the AUSC, I will need to identify myself to the WMF — something which I have never had to do up till now, but I have no qualms about doing this.

Questions for this candidate
Optional question(s) from 


 * 1) As a member of AUSC, you will be a member of the functionary team. Do you believe functionaries should be held to a higher standard of conduct on the English Wikipedia and all WMF sites than an ordinary admin or editor? Explain. (Note that the scope of AUSC is only to investigate violations of the CU/OS policies). --Rschen7754 04:51, 9 April 2013 (UTC)
 * A: Yes and no, but more "yes" than "no". As an AUSC member, I would have access to confidential information that is not available to an "ordinary admin or editor" — and the adverse consequences to others (as well as to myself) of misusing this access or leaking information obtained through these tools could be considerable.  On the other hand, we already acknowledge that administrators are to "lead by example", and I would like to think that admins in general are expected to behave themselves (though, sadly, this doesn't always happen).
 * 1) What are your views on how to handle underage editors sharing personal information? --Rschen7754 04:51, 9 April 2013 (UTC)
 * A: No one should be using Wikipedia to share personal information that isn't relevant to editing the encyclopedia (see WP:NOTBLOG). While this applies to everyone, it definitely applies to underage editors, who may be vulnerable to online stalking, and who are more likely than other editors to lack the necessary maturity to understand what is or is not appropriate to share about themselves in a public forum.  Inappropriate personal information should generally be RevDel'ed and Oversighted, and this applies "in spades" when minors are involved.  As an admin, I was recently involved in a case where someone asked me to help him expunge information that he had unwisely incorporated into the WP article about his high school; I identified the relevant edits, RevDel'ed what needed to be deleted in order to hide the inappropriate material, and then asked the Oversight team to expunge the revisions I had deleted (and they did so).
 * 1) What are some of the criteria you would use to determine if a CU check was valid? --Rschen7754 04:51, 9 April 2013 (UTC)
 * A: There needs to have been a proper reason for the CU (such as in a sockpuppetry investigation), and the editor requesting CU action must have been able to articulate a plausible reason why this information would significantly help an investigation. The CU tool must never, ever be abused for personal advantage.  And great care must be taken to make sure the results of a CU check are not disclosed in a way that could result in "outing" someone.  In general, I would be suspicious of any situation where a CheckUser performed a check on his own initiative, or if there is any connection between the CheckUser and the user(s) being checked or the article or topic area in which the user(s) being checked have been working.
 * The reason I said I would be suspicious of a case where a CU performed a check on his own initiative is that when a sensitive and abuse-prone tool like CU is involved, it's best (or, at least, better) if two people (e.g., an SPI clerk and a CU) have independently agreed that a check is reasonable in a given situation. This concern probably wouldn't apply if a case obviously calls for a CU — and I'm not by any means proposing a witch hunt that would cause CU's to be afraid to exercise their own judgment for fear of incurring my wrath.  If I'm still out of step here with the generally accepted view on CU use, I'm certainly willing to moderate my position to conform to what is needed.  —  Rich wales (no relation to Jimbo) 17:19, 12 April 2013 (UTC)

Optional question(s) from 

4: To it's critics, at least, ArbCom has a reputation for keeping things secret when there is little or no valid reason to do so, and for making decisions (or, at the opposite end of the spectrum, not pursuing matters) with an eye towards the good of ArbCom's image first and the community's best interests second. Whether or not you agree with this assessment, it colors the way that members of the community would deal with you as an AUSC member. With this in mind, how do you balance the secrecy that AUSC work entails with the community's best interests, which may not always be best served by that secrecy? Is there ever a time for willfully ignoring the requirements that AUSC-related discussions be kept secret?
 * A: The Audit Subcommittee is responsible for making sure that the CheckUser and Oversight functions are used in ways that conform to our privacy policy (a policy which comes from Wikipedia's parent organization, the Wikimedia Foundation). It has not been set up to be a watchdog think tank, nor is it supposed to be a soapbox for debate or civil disobedience regarding the appropriateness of the WMF privacy policy.  Of necessity, most details regarding a given case are going to have to remain confidential, or else the privacy of the people involved would be compromised.  I'm very much in favour of open, public deliberating and reporting of issues to the extent that they can be made public, but I expect that most details of what I would do on the AUSC would remain confidential.  If there were a valid question of whether some particular issue could or should be opened up, I would expect that such a determination would (for better or for worse) need to be made by ArbCom, and not by the AUSC or its individual members.

5: Do you currently have any aspirations for running for Arb in the next election?
 * A: I'm not sure. I did run (unsuccessfully) in last December's ArbCom election, and I'm not opposed to the idea of doing it again sometime, but it's too early for me to decide whether that "sometime" might be this coming December, or if I might wait an additional year and run again in December 2014.

Optional question(s) from 

6. Lately, certain segments of the community have repeatedly asked for more information regarding material that has been suppressed. If you were to receive a request from a community member asking for more information regarding a suppressed edit, i.e. who suppressed it, what the logged reason was, etc, what would be your response? Beeblebrox (talk) 17:09, 9 April 2013 (UTC)
 * A: As a member of the AUSC, I would not consider myself at liberty to go beyond the specified remit of the subcommittee or the bounds of the WMF privacy policy. If members of the community want our [ policy on access to and release of personally identifiable information] to be changed, they will need to bring this up with the legal muckamucks of the Wikimedia Foundation.  So if I were presented with a request of the type you describe, I would unhesitatingly decline and would refer the requestor to the WMF and its privacy policy.

Optional question(s) from 

7a: One of the aspects in your role as an auditor would be to evaluate claims of CUs releasing IPs by blocking an IP or IP range after blocking accounts. Where do you draw the line between protection of the Wiki where the CU needs to block the IP to prevent the abuse, and a user's privacy? -- DQ   (ʞlɐʇ)  08:21, 14 April 2013 (UTC)
 * A: While we are supposed to make every reasonable effort to avoid outing an editor — even a disruptive editor — the harassment / outing policy is not a suicide pact, and if a user is being so seriously disruptive that the only really effective way to stop them from harming Wikipedia is to block them and then follow up with a range block, I would support the range block even if a side effect was that it might become easier to identify the location or workplace of the disruptive user.  The same principle, in my view, would apply as well to a block of an individual IP address done together with blocking an account — though I wouldn't expect this scenario to happen nearly as often, since most such IP blocks would presumably be taken care of by the autoblock mechanism.  It would be different, though, if the IP/range block clearly was not necessary.  —  Rich wales (no relation to Jimbo) 01:02, 15 April 2013 (UTC)

7b: Also, CUs at times will also ask another CU to block the IP or range for them. This allows for a users information not to be disclosed. If CU's can't find another CU easily to block it (especially at early morning hours) how would that affect a case coming through AUSC for that disclosure while blocking the IP? -- DQ   (ʞlɐʇ)  08:21, 14 April 2013 (UTC)
 * A: If reasonable people would agree that the situation was urgent and extreme measures needed to be taken right away, then I don't think I would see a problem here (see my answer to 7a above).  If the IP/range block pretty clearly could have waited a few hours — or if the IP/range block clearly was not necessary — that would be a different matter.  When I'm saying "clearly", though, I'm not trying to suggest I would advocate getting down hard on a CU over a judgment call on which reasonable people could reasonably have disagreed.  —  Rich wales (no relation to Jimbo) 01:02, 15 April 2013 (UTC)

8: In your answer to question 3, you said "If I'm still out of step here with the generally accepted view on CU use, I'm certainly willing to moderate my position to conform to what is needed." If you are still learning what is the usual norm for use of the tools, how can the functionary being audited and the community depending on you to audit be sure that they are getting an independent review? -- DQ   (ʞlɐʇ)  09:30, 14 April 2013 (UTC)
 * A: No one here is perfect — not even functionaries.  We all need to recognize that we are capable of making mistakes (though hopefully fewer and fewer as time goes on) and improving our performance.  And since you specifically asked about "independent" reviews involving me, I'll add that although I'm certainly prepared to learn and improve, respond to reasoned arguments, and even sometimes to back down if a particular dispute doesn't really seem worth fighting, I am still able to stick to my opinions when necessary, even if the result would be that a decision failed to be unanimous because I wouldn't agree with everyone else.  —  Rich wales (no relation to Jimbo) 01:02, 15 April 2013 (UTC)

9: In your answer to question 3, you talked about CUs running checks out of their own initiative would be suspicious, as two heads are better than one. Can you explain where the balance should be struck between CUs consulting each other to see if someone agrees with a check vs. checking on their own as it takes a lot of time sometimes to find another CU to review, especially late at night? -- DQ   (ʞlɐʇ)  09:30, 14 April 2013 (UTC)
 * A: Without a specific case to discuss, I can only deal here in generalities.  In general, if a CU can articulate reasonable grounds for doing a check ASAP, I would probably be inclined to support the check, even if the CU did it on his own initiative and without consulting with anyone else.  In my view, "going solo" is one of many factors which might cause a CU action to be questioned.  I'm sorry if I didn't explain this well enough and some people got the mistaken idea that I was saying every CU action done without recommendation from, or consultation with, someone else is to be presumed to be a horrible thing; instead of saying I would be "suspicious" of such a situation, a better way of expressing myself might be that I would definitely want to understand what was going on, and if no reasonable-sounding explanation were forthcoming, then my curiosity might very likely drift over into the domain of skepticism or suspicion.  —  Rich wales (no relation to Jimbo) 01:02, 15 April 2013 (UTC)

Comments

 * Comments may also be submitted in confidence to the Arbitration Committee privately by emailing 


 * Overall Rich has been helpful at SPI as a trainee clerk, but I don't get the feeling that they have all the procedures down yet . The comment about checks of own initiative also give me pause - that would mean that CUs would be reluctant to CU the next _ on wheels or Nipponese Dog Calvero or Mangoeater1000 or other LTA account out of risk of getting in trouble. --Rschen7754 10:56, 12 April 2013 (UTC)
 * I've taken another look and while the candidate could use more experience, I haven't noticed anything extremely inappropriate, and Richwales does have more experience in the relevant areas than some of the other candidates. So after thinking it over a bit, my position's more of a weak support. --Rschen7754 10:07, 16 April 2013 (UTC)
 * Strong oppose - I'm against lifting up election losers to other positions of trust, especially in the same department. This candidate had even a negative election result (more opposers than supporters)... Kraxler (talk) 14:59, 12 April 2013 (UTC)
 * Support. Good real-life background for the position in addition to Wikipedia experience; seems like he has the understanding of the importance of handling private/sensitive material with uttermost care under his skin. Iselilja (talk) 11:53, 13 April 2013 (UTC)
 * Support - My76Strat (talk) 07:11, 14 April 2013 (UTC)
 * Thank you Rich for your answers, especially number 8, which was a hard question to ask, and probably a difficult one to answer. Your answer to question 8 specifically and the rest of the questions are good answers, and shows that you would add value to AUSC. Also your work at SPI shows that you have a understanding of how CU works. After further review, I don't see anything that would cause concern, and I have no doubt that you would be a good Auditor if elected. -- DQ   (ʞlɐʇ)  09:34, 16 April 2013 (UTC)
 * Support As per Iselilja and DeltaQuad the user is a SPI trainee clerk and is a long term user and is trustworthy and competent and has been editing regularly without a break for years going back to 2005.Pharaoh of the Wizards (talk) 00:53, 17 April 2013 (UTC)