Wikipedia:Arbitration Committee/Audit Subcommittee/2013 appointments/TParis

Nomination statement (250 words max.)

 * Greetings. I believe I would make a suitable if not desirable addition to the Audit Subcommittee because of my commitment to trust, justice, and transparency.  I meet the technical qualifications for the checkuser right and I have already demonstrated trust as a developer of the Unblock Ticket Request System which I have access to the private data of users who submit unblock appeals (I have been identified to the foundation prior to the launch of this tool).  My goal as an AUSC member would be to strengthen the trust between Arbcom, the functionaries, administrators, and ultimately the users.  Realistically, each of these entities requires some level of trust and also another level of transparency to be effective and honest.  I would like to use this opportunity to develop strategies that encourage an acceptable and transparent flow of information that is committed to the WMF privacy policy and the protection of the identities of Wikipedians and all users.  I believe that Wikipedia needs a process that primarily focuses on privacy, followed by protection of the encyclopedia against those who would grossly abuse it, and also with a firm level of communication and transparency.  If selected, I will do my utmost to leave this position in a better condition within the community than when I accept it.

Standard questions for all candidates
Please describe any relevant on-Wiki experience you have for this role.
 * A: Before I became a sysop, even before Wikipedia had Child protection, I was already aware of the issue of protecting the identities of children. I wrote this essay on the subject.  As experience on-wiki grew, I came to respect the right of editors to edit behind a pseudo-name.  As an administrator, I've revdel'd and deleted personally identifiable information (pending an OS).  Not exactly "on-wiki" but I also developed the WP:UTRS tool with Hersfold, DeltaQuad, and Thehelpfulone (and others after the launch).  As a developer, I have access to the same data that CUs see (I was identified before the launch).

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.


 * A: I'm not CCNP or Net+ certified, but I have networking experience when I was a Web server and Database administrator for my job. I've also played with the CU tool on my own Mediawiki installs.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * A: No, I do not.

Questions for this candidate

 * 1) As a member of AUSC, you will be a member of the functionary team. Do you believe functionaries should be held to a higher standard of conduct on the English Wikipedia and all WMF sites than an ordinary admin or editor? Explain. (Note that the scope of AUSC is only to investigate violations of the CU/OS policies). --Rschen7754 04:51, 9 April 2013 (UTC)
 * A: "Yes, but..." The civility policy does not change depending on if someone is an Administrator, 'Crat, OS, CU, or none of the above.  It holds editors to a professional standard of conduct that allows for a collaborative environment.  In short, we are all equal.  However, because of the difficulty in removing advanced tools from Administrators ect., the community has generally expected that those granted the tools behave in a stricter sense to the letter of the policy.  If I were to judge myself here and now, I'd say that I've failed many times to live up to the community's expectations of behavior for an administrator.  Just today I've been arguing with Animate on WP:ANI and I've been less than pleasant.  I've likely put a very sour taste in Animate's mouth when it comes to seeing my initials around the 'pedia.  All I can say is that I will remain accountable to the community and if it sees fit to forgive me of the occasional outburst, I'll continue to try my best to contain them.  When the community decides it's had enough, I'll graciously step away.
 * 1) What are your views on how to handle underage editors sharing personal information? --Rschen7754 04:51, 9 April 2013 (UTC)
 * A: I think my views are adequately explained on User:TParis/Protecting_Children, but as someone who started using the internet at a very young age and when there was less law enforcement and oversight on the internet, I have experience to lean back on about how it feels to use the internet while underage. Sometimes it's necessary to protect kids from themselves.  I'd like to keep Wikipedia welcoming to children, but I do not think identifying their age is needed and we should continue to suppress that information and block if it continues to be posted.  Further, under all circumstances should we block editors who try to out children especially.
 * 1) What are some of the criteria you would use to determine if a CU check was valid? --Rschen7754 04:51, 9 April 2013 (UTC)
 * A: It's simple, the checkuser must have had legitimate reason to suspect abusive behavior that links two or more accounts together before using the tool, the checkuser should not be involved with the user, and the information should not be available by other means. I would investigate what information led the checkuser to conclude that tool use was necessary.  The result may not have led me or another checkuser to perform the same action, but if it is within reasonable to come to the decision already made and there are no reasons to assume the checkuser is doing so out of bad faith and it adheres to the WMF privacy policy, then we've has a successful use of the tool.

Optional question(s) from 

4: To it's critics, at least, ArbCom has a reputation for keeping things secret when there is little or no valid reason to do so, and for making decisions (or, at the opposite end of the spectrum, not pursuing matters) with an eye towards the good of ArbCom's image first and the community's best interests second. Whether or not you agree with this assessment, it colors the way that members of the community would deal with you as an AUSC member. With this in mind, how do you balance the secrecy that AUSC work entails with the community's best interests, which may not always be best served by that secrecy? Is there ever a time for willfully ignoring the requirements that AUSC-related discussions be kept secret?
 * A: I think that a real serious discussion should be held community-wide on the amount of secrecy Arbcom should operate under.  It's undeniable certain that some level is required.  Anyone who makes a counter-argument to that just isn't seriously looking to make an objective point but rather trying to force their own version of idealism.  But it's also the case that Arbcom has made it's own rules about secrecy and those rules have led to a situation that is ideal for them.  We need a good faith, no pitchforks, talk about what is necessary to perform the role that Arbcom does and part of that role is dealing with stuff that is private.  I don't know what the answers are, I suspect that Arbs have been pondering the same thing and haven't come up with answers themselves.  My hope is that we might have a community discussion where someone comes up with a good idea, Arbcom likes it, and the WMF gives it their stamp of approval.

5: Do you currently have any aspirations for running for Arb in the next election?
 * A: I wouldn't run for Arb if it was a six figure job. (Ok, maybe I would, but I'd need my arm bent).  No, the fact of the matter is that I barely forced myself to volunteer for the AUSC.  I've zero interest in solving other people's disputes.  I just do not have the calm and well reasoned demeanor of NYB.  I admire the courage of and appreciate the amount of time that the Arbs give up even if I do not always support their decisions.  I believe I was quite vocal on Kevin's desysop.  Whatever my opinions, the Arbs had to make a tough decision and they made it.  I don't fault them for that.  You can be critical of their decisions all you like, but that they stay up late at night in an effort to fix Wikipedia's trenched-in conflicts is something to thank them for.

6. Lately, certain segments of the community have repeatedly asked for more information regarding material that has been suppressed. If you were to receive a request from a community member asking for more information regarding a suppressed edit, i.e. who suppressed it, what the logged reason was, etc, what would be your response? Beeblebrox (talk) 17:09, 9 April 2013 (UTC)
 * A Right now, my opinion is that too much secrecy is given to the actions of CUs and OSs. However, in my discussion with the OSers, they hinted that they had a reason that was, itself, secret.  I believe that privacy is utmost important in their role but that privacy has finite edges.  If elected to AUSC, I would like to discuss with Arbcom and the OSes what those edges are.  Until we had a firm proposal and community endorsement, I would continue to obey the status quo.  As far as I am concerned, at this time, they are the experts at what they do and barring additional insight, I must defer to their judgement.  I would hope that as I come to understand what they do a little better, I can bridge a discussion between the OSers and the community about this topic.  I participated in this discussion, which I think you're aware of, in which I described my feelings on the subject.

7: In question 3 you state that a "checkuser must have had legitimate reason to suspect abusive behavior that links two or more accounts together before using the tool". I've personally ran many CUs without this aspect. The nature of CU requests are not black and white, it just might appear that way through SPI. I've personally gotten requests from people to disclose the IP to a suicidal user to notify authorities (though I don't handle these, but that's a different story that people can use my talk to ask about). I've gotten many request where there is no master account to suspect, but very suspicious returning user behavior. Sometimes I don't even have an account, but have been given an IP address which shows someone possibly evading scrutiny. These are just a few examples. Your work as an auditor will bring cases like this up. How would your decisions as an auditor be affected by these situations that are not black and white textbook cases? -- DQ   (ʞlɐʇ)  07:59, 14 April 2013 (UTC)
 * A Yes, I'm aware there are emergency circumstances and I'm aware that when there is evidence of sock puppetry that the tool can be used to discover what those accounts out.  The question remains, did the checkuser make a reasonable decision, in good faith, that abides by the privacy policy, and protects the WMF?  The circumstances will change, but that's why we are people are auditors and not machines.  We use conscience, logic, compassion, and discretion in determining what was reasonable which allows for grey areas to be treated with care and diligence.  I would treat exceptional cases for what they are.

8: Last year around this time, you thought that SPI work wasn't for you. Since one of the main CU areas is SPI, do you think this would affect your work as an auditor or your motivation to do this work? -- DQ   (ʞlɐʇ)  07:59, 14 April 2013 (UTC)
 * A I'm not ignoring these, I just haven't decided how I feel about the issue you've brought up. Giving it more thought.--v/r - TP 23:09, 15 April 2013 (UTC)
 * The truth is that I hated working as an SPI. I volunteered, I was assigned a mentor, and then it felt like I got lost.  At the time, I had little experience with socks as I rarely touched controversial topics (still avoid them), and I felt unqualified and awkward about the WP:DUCK test.  That insecurity and discomfort has been tempered with experience.

9a: One of the aspects in your role as an auditor would be to evaluate claims of CUs releasing IPs by blocking an IP or IP range after blocking accounts. Where do you draw the line between protection of the Wiki where the CU needs to block the IP to prevent the abuse, and a user's privacy? -- DQ   (ʞlɐʇ)  08:15, 14 April 2013 (UTC)
 * A: Until a technical solution is provided, the IP's privacy is actually protected by those blocks because they are prevented from drawing more attention to themselves. Also, blocking an IP range does not give personally identifiable information about the user.  At most, depending on the ISP, it gives a general geography.  A dedicated stalker person could theoretically use this information with other public information to perhaps build a clearer picture about the user, and that is a concern, though.  The WMF also holds that personally identifiable information may be released when it "reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."  If it is reasonable to conclude that a user will abusively sock puppet, a block of their range (which does not identify them by itself but could be used to build a picture) is acceptable to protect WMF property (the servers, the foundation) and the public (living people).  It really depends on the individual case: how abusive the user is and how likely they are to sock.

9b: Also, CUs at times will also ask another CU to block the IP or range for them. This allows for a users information not to be disclosed. If CU's can't find another CU easily to block it (especially at early morning hours) how would that affect a case coming through AUSC for that disclosure while blocking the IP? -- DQ   (ʞlɐʇ)  08:15, 14 April 2013 (UTC)
 * A: I'm sorry, but I am having trouble understanding the question. I've read the other candidates answers and they do not seem to address the question.  Can you clarify, if the original CU were to perform the block themselves, would that action reveal the identity of another user or subject another user to harassment?  If so, and if the situation were an emergency, than I think it would be perfectly acceptable to involve a steward.  Many stewards are bi-lingual with English being their second language because they are from non-English speaking countries, which equates to different time zones, and means that they may be online and available to help out in that emergency situation.  If it was not an emergency, then the mailing list or waiting personal contact with another CU would be acceptable.  I see no conflict with a CU passing the buck to another user with the access to the same material so long as the CU that accepts responsibility can personally justify their actions.

Comments

 * Comments may also be submitted in confidence to the Arbitration Committee privately by emailing 


 * I'm afraid I find it an awkward mismatch to appoint an AUSC member who intends to use their position to push for our privacy policies to change. An auditor's job is to evaluate whether functionaries have violated policy as it stands, not to use their position as a platform for policy change or even just to lead discussions about whether policy should change. This isn't to say that it isn't appropriate, if you think policy needs to change, for you to pursue or even spearhead discussions that would help the policy change, but I do think that you have to choose wanting to pursue those changes in policy or being a neutral party charged with evaluating whether people's actions were appropriate in relation to what policy actually is. Otherwise it would be far too easy to, entirely inadvertently, slant committee decisions in ways that unilaterally edge policy toward your preferred changes. A fluffernutter is a sandwich! (talk) 02:18, 10 April 2013 (UTC)
 * Unfortunately, my discussion with you gave me the impression that one had to be 'on the inside' to even approach the topic. Not that this led to my self-nomination, but it was a contributing factor.  If the community shares your concerns, then I would accept that my volunteer-ship is declined.  There are other worthy candidates and I'm certainly nothing special in that regard.  If I am elected, however, I would consider the responsibility of an AUSC member, responsibilities I volunteered for and take seriously, to have precedence.  I did link to where we discussed this topic, though, so I am open to fully transparency of my intentions.--v/r - TP 02:25, 10 April 2013 (UTC)
 * Right but you're not really applying to be "on the inside". You're applying to be an auditor of the "inside", which implies a level of neutrality with regard to policy. Applying to be an oversighter or checkuser while saying "I think the privacy policy needs to be revamped and I'll probably push for that" wouldn't be a problem in my mind; it's just applying to be someone who is supposed to neutrally judge policy adherence but who is also saying "I don't think this policy should necessarily be adhered to and I intend to push for that" that I find problematic. At any rate, if I gave the impression that you can't discuss privacy policy unless you're a functionary, I gave a wrong impression; that is not at all the case, and you don't need to apply for AUSC just to be allowed to speak on the topic. If you want to start an RfC on privacy or something, I encourage you just go ahead and do that. A fluffernutter is a sandwich! (talk) 14:32, 11 April 2013 (UTC)


 * Support based on the answer to question 6. I disagree with oversighter Fluffernutter. IMO "community representatives" on AUSC should not only be selected from the community, but also represent community concerns over CUOS transparency. --Surturz (talk) 03:18, 11 April 2013 (UTC)
 * Even though this isn't a !vote, I would also be very supportive of TParis in any duties he was willing to offer his services to. If I have ever disagreed with him on anything, I'm sure it was a productive discussion. — Ched :  ?  11:18, 11 April 2013 (UTC)
 * Not just no, but heck no, won't this take time away from babysitting the ever-popular MRM article probation? Oh you can do both? Nevermind, then, forget I said anything, changing to Support on the understanding that I won't get left all alone there again. Killer Chihuahua 15:38, 11 April 2013 (UTC)
 * Support Good admin who is outside of the "insider" CU/OS circles -- exactly what we want for an auditor. NE Ent 23:19, 11 April 2013 (UTC)
 * I'm still a bit ambivalent about this, after thinking for a few days. On one hand, I'd have to agree that sometimes the best critics of ArbCom are the better arbs, and to an extent that may be true with AUSC. On the other, it is not the role of ArbCom or AUSC to make policy, and TParis has indicated that he wants to make policy. Yet, they have indicated that they will attempt to keep the roles separate. But then there's Fluffernutter's concerns regarding being able to keep the two separate. What also concerns me a bit is TParis' interpretation of Fluffernutter's stance - having monitored the related discussion, I think it's partially a matter of TParis not having the data of what actually gets oversighted, and I don't think there would be such a wide difference of opinion. I think that were TParis to be on AUSC it would provide him with this data. But that's not the purpose of AUSC. So overall, I'm leaning oppose, but pretty weakly. --Rschen7754 10:11, 12 April 2013 (UTC)
 * Upon further reflection, moving to full oppose because the advocacy stance of the candidate is just something I'm not comfortable with. Also, the answer to question 9b really misses the mark - if a CU comments on a SPI saying IP blocked and then blocks an IP, without extra precautions that does give away the IP of the user. I'm not also exactly sure what a steward should be doing in the matter - the only option a steward can perform is a global block, which is not entirely appropriate if there is no global disruption, or a local block, which violates our global rights policy if the steward is not also an enwiki admin. --Rschen7754 19:42, 16 April 2013 (UTC)
 * The question said nothing about commenting at an SPI. That sort of context would've made the question a lot clearer.--v/r - TP 19:57, 16 April 2013 (UTC)
 * Well it's not just at SPI - talk page requested check, privately-requested check, accounts and IPs being blocked at the same time could fall in this category too. --Rschen7754 20:03, 16 April 2013 (UTC)
 * Your reply is just so far from accurate. I said "if the situation were an emergency, than I think it would be perfectly acceptable to involve a steward" and the global rights policy says "In emergency situations where local users are unable or unavailable to act, stewards are asked to use their global rights to protect the best interests of Wikipedia."  The question didn't make mention that the issue was publicly connecting the IP on-wiki in an SPI, or otherwise, which contributed to my confusion when I said "I'm sorry, but I am having trouble understanding the question."  So I had no idea to know the context of the question.  If the question is "Does a CU blocking an IP and an account in roughly a close timetable because no other CU is available violate the privacy policy" then the answer would be that it depends on the severity of the user's actions and the likelihood that it would continue before another CU is available.  The private policy states that revealing private information is acceptable "Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."  Given the context you've supplied, I'd have been able to answer that.  Perhaps you've seen DeltaQuad's question before, or discussed the matter elsewhere, but I was not privy to information that would've been helpful in answering the question.--v/r - TP 23:32, 16 April 2013 (UTC)
 * You're forgetting that stewards have global policies as well that they have to abide by, and not just those on the English Wikipedia - a global block where there is no clear evidence of crosswiki abuse is questionable at best. Furthermore, while stewards have the technical power to locally block any account on any WMF wiki on the SUL system, they will not do so on any of the large wikis (enwiki, dewiki) because it can easily be construed as a violation of our policies (that section refers to the complete absence of admins in the case of blocking, which is very unlikely to happen) and unquestionably is not in line with steward practices (many of the non-enwiki stewards that I have interacted with have said that they stay far from enwiki and dewiki out of concerns of alienating an independent community that can reasonably run itself). If it was truly enough of an emergency for a steward to act, then it would be enough of an emergency to allow the original CU to block in the first place. So overall this thing about "the stewards can do it" is largely incorrect, and concerns me greatly. --Rschen7754 00:31, 17 April 2013 (UTC)
 * Rschen7754 is wrong here. The 9b question clearly states that another CU is unavailable to block the IP, with the implication that it is an emergency (otherwise the question is pointless). So we are talking about a hypothetical corner case with insufficient details for the candidate to answer "correctly". DQ should have provided details in his hypothetical situation - why an immediate block was required and could not wait - for 9b to be a fair question. --Surturz (talk) 03:31, 17 April 2013 (UTC)
 * Strong support - I am inclined to support TParis in just about any on-wiki endeavor. I fully trust his judgment and he obviously is someone dedicated to the project and well-versed in our policies. Go   Phightins  !  19:38, 12 April 2013 (UTC)
 * Support Knowledgeable about what the use of CU/OS entails, all-around competent admin. -- King of &hearts;   &diams;   &clubs;  &spades; 09:07, 13 April 2013 (UTC)
 * Support - My76Strat (talk) 07:12, 14 April 2013 (UTC)
 * Support - I think he is devoted and especially well-meaning. My only hesitation is that to me he appears sometimes to lean extra-hard to strive to be impartial--when it is clear there is a position to be taken, and I presume he has one.  But I don't expect that to be an issue here, and overall I think he is extremely responsible and has the interests of the project at heart.--Epeefleche (talk) 05:30, 15 April 2013 (UTC)
 * Support TParis is conscientious, thoughtful, humble, and honorable, and he would be an excellent member of this committee. I frequently disagree with his positions, but when I do his is the best of a bad bunch; I think that others would agree with me that even in disagreement he has our respect.  Kiefer  .Wolfowitz  11:22, 17 April 2013 (UTC)
 * Oppose - I had to think hard on this one and I hate to be the lone oppose but unfortunately after some discussions I have seen over the last week or so at ANI and at the Village pump I cannot support this. Some comments were made by you that give the impression that you would likely go along with a popular vote even if you disagreed with it. This isn't the type of position that needs another go along with the crowd mentality. With that said I think that most of our interactions have been positive and I don't have anything really negative to say. I just don't think you are well suited for this position. Kumioko (talk) 13:25, 17 April 2013 (UTC)
 * You're certainly not the lone oppose, but I hate to see yours for that reason. Not bringing this up as a plea as any sort of a quid pro quo, but I flowed against the current when I tried standing up for you while you were blocked over at WP:BON, if you can recall our conversation, where I was told to just ignore you as a troll but I tried to engage with you to help you come back.  Recently, though, my unblock of Kiefer Wolfowitz was strongly criticized and widely unpopular.  Not that you don't have plenty of reason to suspect I could be a crowd pleaser, but in my opinion I follow my own path and sometimes that coincides with the crowd and sometimes it doesn't.  The thread you and I most recently interacted on, the thread on the village pump about Malleus, shows an opinion that matches that of a large portion of the community but it's my own opinion.  Fluffernutter up above seems to take the opposite direction in her oppose.  She is saying that I am currently opposed to the community/crowd opinion of the blocking policy and that my position in this conversation is not the right mentality for AUSC because it's different than the standard model and she feels that AUSC isn't the appropriate place for advocating a community change in mindset on what level of secrecy is needed in these roles.--v/r - TP 13:47, 17 April 2013 (UTC)
 * I'm sure it won't affect your getting elected anyway espcially given how most editors here feel about my opinions anyway. That's just how I feel at the moment. Kumioko (talk) 14:17, 17 April 2013 (UTC)
 * Personally I disagree with the notion that TParis will go with the flow, I would say it's the opposite, that he will go against the flow if he feels it's needed. I do feel that the advocacy stance is a little forward for an AUSC candidate, but I think it would be a good refresher and allow us to get a clearer picture on what OSers OS. I know there have been discussions before to clear up what OS can do, I don't feel they have been fruitful enough, or that they are widely adopted. Regarding the confusion regarding the CU blocking the IP question, don't stress it. Like I said to another candidate, I think we were thinking along the same line. It's also not the only option available to a CU in this situation, i've many times found workarounds that don't reveal private info at all. All around, I'm confident TParis is a good candidate, and relatively confident he would make a good auditor. Thank you for your answers to my questions especially the SPI one which required a fair amount of thought. -- DQ on the road   (ʞlɐʇ)  21:16, 17 April 2013 (UTC)
 * Followup: I also note that TParis said he would follow currently accepted practice till the consensus changes which is what calmed my concerns about the privacy standpoint. -- DQ on the road   (ʞlɐʇ)  21:18, 17 April 2013 (UTC)