Wikipedia:Arbitration Committee/Audit Subcommittee/October 2009 election/KillerChihuahua

KillerChihuahua

 * Nomination statement (250 words max.)
 * I have the requisite technical experience for this position; I believe I also have the maturity and temperament for it. I pledge to remain conscious of and respectful to the concerns of privacy; not to misuse any access granted me; and to remain open to feedback and constructive criticism. I will remain neutral inasmuch as my human nature will allow, and where neutrality may be difficult, to recuse myself.

Standard questions for all candidates
Please describe any relevant on-Wiki experience you have for this role.
 * Five and half years on en.Wikipedia; admin since January 2006. I have been involved with the development of a number of policies, and have a strong understanding of them. Two years with OTRS, fulfilling a number of requests which often involve dealing with information of a delicate or private nature.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * I have 15 years in Datacomm / IT / SW development, 8 of that with an eLearning company specializing in randomly generated content for certification examinations; my roles over my time in that company involved working with all aspects of that with the exception of the eCommerce module, which naturally would have been of no benefit here. My extensive experience with relational databases and in dealing with strongly protected content (our clients were largely fortune 500 and guarded the exams for technical certification closely) have given me ample experience with both the technical and the privacy aspects of this role.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * No other permissions. I am OTRS; I have access to the Quality, Permissions, and Info queues.

Questions for this candidate
Please put any questions you might have in this section.


 * Questions from Xeno
 * Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
 * A: I see no reason why they should not be "permitted"; if we're not trustworthy we shouldn't have the access, if we are, there is no reason not to help out with the workload. It seems silly to be granted Oversight only to have someone contact you because you're on the list of Users with oversight, only to tell them "Oh I'm sorry, your very personal information must remain visible while you track down a "regular" oversighter". OTOH, I'm not intending to actually go seek out CU or OS work, and if the community feels that the CU and OS bits given to the Audit Subcommittee are to be used only for Audit business, I won't demur.
 * Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
 * A: I have already pledged to recuse myself should there be any concern about neutrality. The "certain exceptions" are also already covered in my pledge in my statement above. Insofar as the "only use..." Tznkai has excepted "emergencies" which would cover my example above, as well. In short, I've already said as much, in far fewer words - depending upon how Tzn defines "emergencies" and whether anything regarding CU can ever be considered an "emergency". As I said above, I will abide by whatever guidelines are extant regarding the Auditing subcommittee - if we're expected to help out with the load, I'll do that. If we're expected to limit ourselves to Audit business only, I'll do that. I've seen no strong positions either way. I do not intend, as I have already stated, to seek out extra work. My intent is to investigate per WP:AUSC; however if someone grabs my name off the Oversight list and asks me to oversight highly personal information, I think it would be extraordinarily irresponsible of me to not do so and brush off the request with a lame "not my job" excuse. I will of course abide by any polices extant, and use my common sense and good judgement.


 * Question from Mailer Diablo
 * Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
 * A: Probably by telling them I'm not impressed with their pettifogging and to piss off. Ok, I probably wouldn't say "piss off". Seriously, this cannot be something which can be tolerated or indulged, and I have no problem saying "no" as many times as necessary. I can be quite redundant at times. I have three children; I'm a grandmother. I've been in management. I've dealt with scope creep as a project manager and as client POC. I can say "no".


 * Question from SilkTork
 * Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use.  SilkTork  *YES! 12:04, 2 November 2009 (UTC)
 * Answer:


 * 1) Appropriate use of CheckUser: Checking for technical evidence of sockpuppetry given due cause, often via a sock investigation
 * 2) Inappropriate use of CheckUser: Fishing is explicitly prohibited, but this must be examined with care, as what appears to be fishing may in fact have valid rationale - strong circumstantial evidence which is not immediately appartent, for example
 * 3) Borderline use of CheckUser: Marginal evidence of sockpupptry might be considered marginal; this would be a judgment call. How would I view it? Depends on how marginal, and whether it were a habit or an exception.
 * 4) Appropriate use of Oversight: To suppress outing of non-public personal information or clear libel. Copyvios are mentioned in the policy but generally speaking are not oversighted.
 * 5) Inappropriate use of Oversight: Suppression of anything which does not fit the criteria for appropriate. Most specifically, suppression of wiki-specific activities and postings in order to protect the oversighter or a friend of an oversighter.
 * 6) Borderline cases of Oversight:  I cannot think of any clear cut borderline examples. Perhaps libel might be borderline. Again, I cannot tell you how I would view it because it would depend upon the specifics of the case.


 * Question from Emufarmers
 * Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
 * Answer: Yes.


 * Questions from Cenarium
 * Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?
 * 1) oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
 * 2) advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
 * 3) verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list
 *  Answer: I will do what is required to correctly carry out my duties auditing. This may or may not include any of the above mentioned items, but I very strongly doubt it will contain advising per your item #3, and I feel it would be inappropriate in most cases. Generally speaking, I anticipate informing the ArbCom of findings, and allowing them to determine the best course of action. If however you are speaking of responding to general queries for advice from individuals, of course I am always available to help if I can.


 * Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.
 *  Answer: I think that is a very general question and I hesitate to offer a limited response. There is always the possibility, indeed the probability, that if something like that happens it is an error. Certainly no one should be penalized for an error. OTOH, if such errors become habitual, or if the individual in question seems to view their error lightly and without concern, then my concern would increase regarding their use of the tools. Given your last example, that the functionary was in a dispute, I find it extremely unlikely that would happen, for a number of reasons, but I would be highly concerned and would support an immediate investigation.


 * Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.
 *  Answer: If SOCK was not violated, there is nothing to investigate. If sock was violated, then there is very possibly nothing to investigate, as the policy has already been found to have been violated. This would be in the case of the individual having summarily lost their CU or OS bits for violation of SOCK already. If SOCK has been violated, and the individual retains their access, then an investigation is indicated. If SOCK may or may not have been violated, then an investigation is clearly indicated - but not necessarily by the AUSC.