Wikipedia:Arbitration Committee/Audit Subcommittee/October 2009 election/Frank

Frank

 * Nomination statement (250 words max.)
 * I believe I have shown the judgment, experience, and maturity necessary for these very sensitive tasks. Those who know my work will, I think, generally agree I'm a low-key, drama-free guy, although I suspect I've been around here long enough that there may be some who will disagree. I have the real-world experience to handle both the technical aspects and the perceived stress, and I have the on-wiki experience to know what to do and when to do it. Thank you in advance for your consideration; questions and comments are welcome and will be given my sincere attention, as I do with all my efforts around here.

Standard questions for all candidates
Please describe any relevant on-Wiki experience you have for this role.
 * I've been an active editor since early 2008 (registered since 2006) and an administrator since July 2008. The two areas I've spent the most time in are biographical articles and deletion of articles, particularly CSD. Some of the biographical articles fall under WP:BLP policies (Bill Bradley, Frank Lorenzo, Delano Lewis, Marcia Fudge, and Richard Ravitch, for example) and some do not (Farrah Fawcett, Leroy Grumman, and, just recently, Allie Beth Martin - a new article). Regarding deletion, it is a "necessary evil" around here; in order to be considered a serious resource, we must have standards and they must be kept up. After more than 3500 deletions, I think I have a pretty good track record; a glance at my last 500 deletions shows they are overwhelmingly still red. The ones that are no longer red links generally either now meet criteria for inclusion or are redirects elsewhere. In both areas, I think I've been able to very accurately enact community policies, and I hope to be able to do that in additional ways.
 * How do these relate to AUSC? I think the issues associated with WP:BLP track closely to privacy issues of (and, alas, abuses by) both editors and functionaries, and I think that understanding and implementing CSD criteria (particularly WP:COPYVIO and G10) are also related. We need to be mindful that Wikipedia is literally by, for, and (largely) about real people, and that as a result, the way it is managed can have effects on all of those people: its editors, users, and subjects.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.


 * I have long experience with data analysis in general. I've been a spreadsheet and database guru of sorts for years, and I've also at times been a web-hosting provider using the Apache web server. I'm certainly "geeky" and experienced enough to understand the technology behind HTTP requests and how people might try to avoid detection. I'm very familiar with IP subnetting, ssh, text-based browsing, remote X, Remote Desktop, multi-tasking, proxy servers, the concept of "sticky" sessions regarding web applications, public shared IPs, spoofing, log files, and tools for examining log files. I'm aware of the items that are generally logged with http requests and why they are important. I'm also aware that use of both Checkuser and Oversight permissions is logged and documented, which strikes me as a good thing.


 * On a related note, in my professional life, I am using the Mediawiki software in a (non-public) system which requires me not only to have editing capability (and explain it to others), but also to be the administrator of the system. I won't pretend it is nearly as large or complex as Wikipedia, of course, but I do have some insight into how the system itself works from the inside out.


 * Having said all that, I expect that a member of the AUSC will be expected to analyze the results of others' actions regarding this technical information more so than be expected to generate it directly, but I'm not intimidated either way.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * I hold no permissions beyond those of an administrator on this wiki.

Questions for this candidate
Please put any questions you might have in this section.


 * Questions from Xeno
 * Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
 * A: Generally, the purpose of a subcommittee is to serve a committee. I am standing for election to this subcommittee on the basis that its purpose is to be a check on the committee itself. "Active duty" use of these bits would defeat the purpose of the subcommittee, so I don't feel active duty use would be appropriate. (I want to be careful with the use of the word permitted here, though; I'd rather think of it as expected since the permission is granted with appointment to the committee.)
 * Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
 * A: I agree that if appointed to the AUSC, I will only use the checkuser and oversight tools as directly related to duties as a member of the subcommittee or emergency situations. I expect directly related to be defined by the Arbitration Committee and/or the Wikimedia Foundation, in advance of any such action I take, and not by any single individual. I furthermore reserve the right to decline to use the tools even if directed by ArbCom if I feel such use contravenes existing policy, process, or common sense. Finally, it is not unreasonable to think that there may be WP:IAR cases for oversighting an edit rather than waiting for another oversighter to take action. I have run across only one edit that qualified, and the oversighter I contacted took the action I would have taken. This IAR note does not apply to checkuser.


 * Question from Mailer Diablo
 * Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
 * A1: WP:BLOCK them for WP:DISRUPTION?
 * A2: OK, so A1 is a bit humorous but maybe not feasible. The real answer is, of course, "it depends." I don't think the answer to such a situation necessarily rests on the shoulders of a single person, so my own personal response would likely be the same as it is for other things around here: do what is appropriate, possibly after consultation with fellow subcommittee members, ArbCom itself, or AN/I. I don't think this subcommittee will set policy; nor do I think that being a member of this subcommittee would mean that all the other policies we follow are somehow thrown out the window.
 * Anticipating any number of potential follow-up questions along the lines of "would that be enough?", I would say that I will certainly do my best to make sure that a response is early enough to avoid harm. I don't have any illusions that anyone around here can assure we prevent harm, and I don't assert that such a guarantee is a reasonable thing to even attempt. But I do think we can do our best as a community to establish, uphold, and update our policies and procedures such that they don't invite abuse.
 * As for my own actions specifically, when I get involved in disputes, I don't wield the admin bit as a blunt instrument, and I fully understand that for access to CU/OS, the community (and, indeed, Wikimedia Foundation) expectation is the same, only on steroids. I take that seriously.


 * Question from SilkTork
 * Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use.  SilkTork  *YES! 12:03, 2 November 2009 (UTC)
 * I'm choosing to be generic in this answer and not directly reference any existing cases. The reason for this is that I don't want to dig through earlier cases and second-guess someone, and there's no need to pick on individuals or previously decided cases. If there is a desire for me to comment on a specific case, please point to it and I can decide at that point if it's appropriate (because, let's face it: there is the possibility of drama being created in re-hashing old stuff).


 * 1) Appropriate CU: Credible evidence of socking, as in any number of discussions/debates such as AfD or RfA. "Credible" would include sudden appearance of opinions from infrequently-used accounts, or accounts that don't ordinarily frequent the particular venue. Often these are first tagged as single-purpose accounts or "this account has made few or no other edits outside this discussion". I'm not saying that these are automatically sufficient, but they're a start. Other clues that would lend further credibility would be if the accounts started showing up mid-way through a debate, if they all seemed to reference the same opinion ("...per XXXXX"), or if they showed a high correlation of page editing with the suspected account(s).
 * 2) Inappropriate CU: Any type of fishing expedition. These often show up as a user feeling like s/he is being "attacked" or tag-teamed. I'm not saying that such cases aren't good candidates for CU, but I don't assume they automatically are just because several people are on the opposite side of a debate. This is similar to AIV; people sometimes report users at AIV without warning (or sufficient warning) just because they are upset about one edit; sometimes it's a content dispute and sometimes the "vandal" is truly a new editor and the "vandalism" isn't obviously so. We have to have proper judgment as to what is appropriate; CU is the same way.
 * 3) Borderline CU: Obviously this is the toughest to determine in advance. I guess one example is the accusation that a well-respected user (possibly an admin) is either a sock or a sock-master. Yes, there have been some well-publicized cases these last few months - and I think (without getting specific as I said above) that all of them were borderline at the outset. So my position (if even called upon in such a case, which I doubt I would be as an AUSC member) would be to examine closely before digging in. Another similar example is the equally absurd cases where an editor is accused and simply laughs it off; I saw that recently as well. But the key is: many of them are laughed off initially - even though some turn out to actually be socks. So, wrapping up this section: borderline is along the lines of RfAs that are near the perceived discretionary range, or editors who show up in a debate that has the notavote template at the top. Just because something unusual happens doesn't automatically mean it's the result of socking; more judgment must be applied.
 * 4) Appropriate OS: Personal information provided by a user, especially one who is or appears to be a child, is completely appropriate to oversight. The argument can be made that since only admins can view deleted pages, that a deletion by itself is sufficient. However, there's a reason OS exists, and we unfortunately are aware that admins can behave inappropriately just like anyone else, so the case where people post inappropriate information is an easy one. This can be about themselves or others, such as in WP:OUTing another editor (which needn't specifically have to do with outing).
 * 5) Inappropriate OS: When a person claims that something is "wrong" because they know it differently than what reliable sources report, they might make OS requests to remove information. This might be medical or other personal information (lovers, sexual orientation, place of residence, prior legal troubles supposedly "sealed"). We can't remove everything that is (or might be) negative just because someone "knows" it isn't correct.
 * 6) Borderline OS: I'm pretty sure this is far less likely to occur. I personally feel like no harm is done by removing information that others might deem borderline. There's nothing that would stop it from being replaced if it were deemed appropriate after all. I don't know what harm is done by exercising a little caution here. Having said that, I doubt my participation as an AUSC member would be likely to venture near any borderline cases.


 * Question from Emufarmers
 * Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
 * A: Since the appointment is specifically for one year, I don't see any reason the mandate to retain the tools could extend beyond that. Further, if there were a credible, sufficient reason to have me removed prior, I like to think I'd have the good sense to request removal myself rather than go through some ugly online drama. (I'm not expecting that, mind you.)
 * As far as I can tell, you will retain the tools once your term expires unless you request that they be removed. Will you request that they be removed once you are no longer on the AUSC? —Emufarmers(T/C) 08:26, 4 November 2009 (UTC)
 * Yes, if they haven't been otherwise granted through some other means. That caveat isn't a sign of ambition (far from it, actually) but rather a recognition that things do change around here; I note that at least two of my co-candidates have held or do hold these permissions already. Incidentally, I think much of the perception of inappropriate use of permission bits around here could be eliminated if we were to have defined terms for positions (not necessarily limits but end points), enforced breaks between terms, or a combination of the two.


 * Questions from Cenarium
 * Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?
 * 1) oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
 * 2) advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
 * 3) verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list
 * A: I'm not big on creating policy on the fly. In general, I think all three of the things you list could be within the purview of the AUSC, but are not necessarily. I view the committee as having a limited scope: when ArbCom calls, the committee answers. If ArbCom assigns one or more of those tasks as a regular part of its requests, then that's fine with me.


 * Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.
 * A: Same general answer applies; I don't think this position is going to make policy but rather perform duties requested of AUSC by ArbCom or WMF. I think any editor that makes this particular error in judgment should be alerted to it and an explanation requested. If some sanction were to become necessary, then normal channels should be followed. While one hopes that those with CU and OS privileges will already have displayed sufficient judgment that these situations do not occur, we do know that expectation is not always met. Having said all that, I believe there is community consensus that certain individuals should be held to a higher standard, and therefore the leash, so to speak, should be shorter. Whether administrators fall into this category or not is a constant subject of debate; I don't think there is any question that bureaucrats, checkusers, or oversighters do fall into the short-leash category.
 * As to your specific request to consider the dispute scenario, you are describing a specific situation of abuse which I think is highly inappropriate. If the evidence were incontrovertible, I'd likely support and/or recommend removal of the bits. I have a hard time imagining a situation in which it's appropriate to violate several core policies without fairly immediate and serious consequences.


 * Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.
 * A: I think an investigation would probably be warranted, and without being able to know specifics, I generally would lean toward holding CU/OS users to a higher standard. (In my own case, I'd rather have the bits removed pending the outcome of an investigation than continue under a cloud.) If there's no breach of WP:SOCK found to have occurred, the answer is less clear; I think that the appearance of impropriety is sometimes just as bad as the actuality, and I guess I'd have to say my response would really depend on the specific situation. Still and all, I remain mindful that the purpose of the AUSC is to monitor and investigate, not necessarily to take action.