Wikipedia:Arbitration Committee/Audit Subcommittee/October 2009 election/Dominic

Dominic

 * Nomination statement (250 words max.)
 * Hello. I am Dominic (formerly Dmcdevit), a former arbitrator, CheckUser, and oversighter, and current administrator and OTRS respondent. I have years of experience with using both of the tools in question, without a lot of controversy. I remember before there was a CheckUser or oversight, was one of the first users given each of them, and hopefully I have even helped to train new CheckUsers and oversighters over the years. In Audit Subcommittee inquiries, I can offer this experience in dealing with sensitive matters, as well as expertise in cases where interpretations of CheckUser results may be relevant. My feeling is that the Audit Subcommittee is about investigating the conduct of holders of sensitive information, and not alleged privacy violations themselves, which should be referred to the Ombudsman Commission. As a former CheckUser and oversighter, I have been involved in the issues that the Audit Subcommittee deals with for a long time, and I have put a lot of thought into how how the tools should be used and who should have them. (One feeling I have is that they are far too common. Our policy on removing inactive users is too lax and in the past we have added new ones without regard to actual necessity.) I understand that the Audit Subcommittee is still a new body, and I think can help it develop procedures and standards. 250 words is not much, so feel free to ask me questions.

Standard questions for all candidates
Please describe any relevant on-Wiki experience you have for this role.
 * I had CheckUser and oversight for several years. I was also an arbitrator. As such, I have been trusted with confidential data for quite a while, and have dealt with sensitive matters and performed investigations of abuse before. I feel that I can offer a thoughtful approach to the role of auditor, aided by my experience and familiarity with the issues that are involved.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * I have a degree in Latin American history and have never done any programming. ;-) That said, I have the most CheckUser experience among the candidates, and I think my experience as a CheckUser speaks for itself. I started out clueless, but abundantly cautious. After learning from the best and years of experience, I am confident with my ability to interpret CheckUser results, deal with rangeblocks, open proxies, and all the stuff that goes along with CheckUser. My experience with CheckUser is one of the primary reasons I could help AuSC. Dominic·t 03:07, 29 October 2009 (UTC)

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * Not currently, but I am a former arbitrator, identified to the WMF, and have had CU on en.wp and en.wikt, and OS on en.wp. I have OTRS access (info-general, info-en (full access), and Sister projects). Dominic·t 03:07, 29 October 2009 (UTC)

Questions for this candidate

 * Question from NuclearWarfare
 * You very recently resigned your use of checkuser and oversight. I have two questions regarding this.
 * 1) I believe that one of the reasons you resigned was because your perceived lack of time for Wikipedia in the upcoming months. Has your situation changed enough so that you believe you will have time for AUSC work?
 * Before talking about myself, I will note that a heavy workload is not a major issue with the AuSc, as it is with ArbCom. I think the statistics at Arbitration Committee/Audit Subcommittee/Reports agree with this assessment. I would not consider joining if I did not believe I would be active enough for the job. I think my past as one of the most active arbitrators in my tenure, and one of the most active CheckUsers and oversighters historically show that if I commit to doing a particular job, I will take that commitment seriously. My previous resignation was not about my free time per se, but rather my activity level. I believe only accounts which use CheckUser and oversight actively enough to need them should have them any any particular time. These tools give an account access to sensitive information, and so that is why I decided not to have those flags when I was not putting them to good use. Our current CheckUsers and oversighters do a good job, and are sufficient in number. I do admit that my level of editing activity is less than the average candidate. My low activity level was because I have recently been involved in a lot of moving and traveling (and am currently out of the country). I am, however, nearly always reachable, and will have much more normal activity for the foreseeable future. Dominic·t 03:07, 29 October 2009 (UTC)
 * 1) You were active as a CU and OS until just a month or so ago. Do you feel that it is appropriate for you to handle AUSC, given your recent activity in the area?
 * It is not clear to me what in particular you think could be of concern, but I do not really think that CU and OS activity is relevant in this regard. If you are concerned there are still potential complaints that could be made about actions I took previously, I think any complaints regarding a sitting auditor should probably be referred to ArbCom. If the concern is that I am too close personally to some of the people who may need judging, I think that will occasionally be true for any potential auditors, not just ones who have had the same flag at one point, and I promise that, as I have done in the past, I will recuse wherever I feel my neutrality is compromised. Dominic·t 03:07, 29 October 2009 (UTC)
 * Regards, NW ( Talk ) 00:27, 29 October 2009 (UTC)


 * Question from Majorly
 * Are you Wikileaker on Wikipedia Review?  Majorly  talk  02:15, 29 October 2009 (UTC)
 * No, I am not. I have never engaged in that sort of behavior, and I found it to be repugnant. From an auditor's point of view, such activity should be treated as a clear breach of the community's trust, and if there is evidence that someone has violated the privacy policy, the Ombudsman Commission should be made aware. Dominic·t 03:07, 29 October 2009 (UTC)


 * Questions from Xeno
 * Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
 * I have yet to be convinced that abstaining from normal use of the tools by auditors (or ombudsmen) is really meaningful. I understand the sentiment behind such pledges, and the appearance of impartiality is indeed important, but such abstaining does not make a person any more impartial. Regular use of the tools risks that an auditor will have a complaint made for an action they have taken. (This is possible even when an auditor commits to restricting the tools to emergency use.) It is unclear to me how that possibility compromises an auditor's neutrality in unrelated cases. Though this has never occurred, I also think such cases would be better referred to ArbCom, than have than AuSc investigate its own. As an analogy, it seems to me that this is akin to asking an arbitrator to abstain from editing, so that they can judge editors, rather than to ask them to recuse from arbitrations related to their editing. I am willing to hear an argument about why using the tools has any practical disadvantages, but I don't see the harm.
 * Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
 * Actually, I wouldn't. I think that the pretense of greater impartiality that abstaining from use of the tools offers is not worth the cost. If I, as someone who holds the tools anyway, can ensure that by using them there is need for one less account with CheckUser or oversight, than I have provided a much more substantive gain in terms of of privacy and security than abstaining offers.


 * Question from Mailer Diablo
 * Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
 * The question is a bit vague, but I gather that an example of what you have in mind is someone getting a hold of CheckUser or oversight logs, either though a leak or a bug, and whistleblows on either real or imagined abuses. Being careful not to expand AuSc's mandate, I would conservatively note that first and foremost, AuSc is about investigating complaints people with those tools. If people feel they have damning evidence, they ought to communicate it to AuSc, and they certainly should not in any way violate the letter or spirit of our privacy policy. But essentially anything that such an editor does, even if stirring up drama about CheckUser and oversight, is outside of the scope of the AuSc and up to the community, and possibly ArbCom eventually, to resolve. I do commit to investigate any and all credible complaints, even if the complainant is acting distastefully, but it is also part of an auditor's job to vet complaints and not to subject CheckUsers or oversighters to unfounded investigations, since that can have a chilling effect. We do not want people afraid to run good checks or suppress edits, or to run for CheckUser or oversight, because they have been cowed by frivolous complaints. Dominic·t 01:59, 31 October 2009 (UTC)


 * Question from SilkTork
 * Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use.  SilkTork  *YES! 12:03, 2 November 2009 (UTC)
 * Appropriate uses of CheckUser include giving a technical assessment of suspected sockpuppetry, finding an IP or range to block to prevent persistent or egregious abuse, and so on.
 * While any violations of the privacy policy using the CheckUser tool are obviously innappropriate, other inappropriate uses of CheckUser include using the tool with political motivations, when one is involved or there is any other conflict of interest, out of curiosity, when there is not sufficient suspicion of sockpuppetry, and so on.
 * Borderline cases of CheckUser usage include those in which there can be a reasonable disagreement about the possibility of sockpuppetry or conflict of interest. There are other cases, like using the tool to release IP data to ISPs or law enforcement, which can be quite uncertain depending on the circumstances. The fact that a case is borderline is not license for all borderline cases to avoid scrutiny or be deemed allowable. Indeed, in most cases, CheckUsers—elected for their good sense—should be able to avoid even borderline cases by consulting with other functionaries, referring a case to another when there is even the appearance of impropriety, and avoiding any public release of private data, even when it may be acceptable according to the privacy policy.
 * There are three cannonical acceptable uses of suppression (oversight): (1) outing of non-public personal information, (2) libel, and (3) copyright violations. Copyright violations needing suppression are exceedingly rare and would probably be taken care of by WMF staff, in any case. Libel can be egregious vandalism perpetrated against editors (the "User:Dømíníç is a rapisţ" variety), in which case we usually remove it on-sight as a courtesy, or it can be main namespace attacks on biographies of living persons, who usually make complaints via OTRS. Occasionally personal information, usually about editors, will also be posted, either accidentally or maliciously. Suppression is actually fairly uncommon, and so most uses are a result of mass vandal attacks which combine both personal information and libel issues.
 * Anything which does not fit into the three cases above is inappropriate, including material that is simple vandalism and not libel, material which turns out to have not been private, using suppression when deletion is sufficient, and so on. Also, the same prohibitions against using the tool when there is a conflict of interest or political motivation.
 * Borderline cases of suppression use might include cases where there is some disagreement as to whether an edit is egregious enough to be deemed libelous or nonpublic, or whether there is a conflict of interest. My same advice about avoiding borderline cases applies, and my same assurances that the existence of disagreement among oversighters does not mean AuSc should shy from making its on conclusions. Dominic·t 00:40, 3 November 2009 (UTC)


 * Question from Emufarmers
 * Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
 * Personally, I gave the tools up because I felt my having them when we had an excess of CUs/OSers, and some that were more active than me, wasn't a good idea. I still believe that is the case, but accept that people on AUSC will receive the tools, so as long as I have them, I will put them to good use, hoping to reduce the demand overall. So, especially as someone who already had the tools regularly, I wouldn't make that commitment, but I would commit to resign them if the same conditions exist (excess of CUs/OSers) when my term is up, as I have already decided to do. Dominic·t 00:45, 3 November 2009 (UTC)


 * Questions from Cenarium
 * Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?
 * 1) oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
 * 2) advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
 * 3) verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list
 * 4) Monitoring logs is certainly within the remit of AuSc, but I would caution that it is not realistic to expect that 6 people can be on top of all of the thousands of log entries. So while auditors may monitor logs, their primary role is in responding to complaints.
 * 5) Auditors may informally offer opinions and advice when asked (like all functionaries) and perhaps even settle a question about good practice, but I don't think it's generally a good idea to give unsolicited recommendations or instructions in an official capacity. For example, I was strongly in disagreement with this arbitration remedy, which was so nonspecific that it ended up being vaguely accusatory, casting doubt on all CheckUsers, while accomplishing nothing, since no CheckUser should ever need to be reminded to abide by the privacy policy.
 * 6) In terms of monitoring func-en, I would point out that the same issues exist regarding monitoring versus responses to complaints that I noted in the first answer. The general question of including func-en conduct in AuSc's mandate is an interesting one. It makes sense to say consider members of func-en to be a third group of users whose conduct may be investigated upon a complaint to AuSc. func-en is a private discussion list for where private information, including that gained from CheckUser or oversight use, is often included. As such, it is similar to CheckUser and suppression in that a group with access and authority would be needed to investigate complaints. So, hypothetically speaking, I am willing to have AuSc be responsible for complaints about it, but I am not sure if I have ever heard of a complaint that would fit this description, so I won't make any guarantees before I know what it might involve. Dominic·t 00:39, 5 November 2009 (UTC)


 * Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.
 * There are several possible scenarios in which someone could make an edit with nonpublic information, including accidents. It is hard to give any definitive answer about what should happen to them without a more specific question. I would note though that my understanding of AuSc is that it serves to evaluate complaints of misuse of the CheckUser or oversight tools, not just any abusive behavior by CheckUsers or oversighters. If one of them does something bad like a malicious or negligently clueless outing, they should face the normal repercussions that anyone else would, up to and including ArbCom, but likely not including AuSc. Dominic·t 00:39, 5 November 2009 (UTC)


 * Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.
 * Again, I would not think this is necessarily within the remit of AuSc, unless the investigation of the alternative account discovers a conflict of interest or other abusive uses of the account. In that case, auditors should certainly complete an evaluation, with the possible recommendation that they lose their tool(s). If an undisclosed account is either abusive in a way unrelated to their use of CheckUser or suppression, or is not abusive, then the case is not a matter for AuSc, and should either be dealt with by the community or ArbCom (which has the ultimate say on undisclosed accounts for CheckUsers or oversighters). Dominic·t 00:39, 5 November 2009 (UTC)