Wikipedia:Arbitration Committee/Audit Subcommittee/October 2009 election/MBisanz

MBisanz

 * Nomination statement (250 words max.)
 * Hi, my name is Matt and I have been editing Wikipedia for several years now. In that time I have consistently pushed for greater accountability and participated in a wide range of activities in both content creation and policy debate.  Further, I am mindful of the responsibility that comes with access to private data, being an administrator for over a year and having access to OTRS and Internal WMF-wiki.  One principle I think that is paramount in AUSC members is that they avoid using CU/OV access in order to avoid the appearance of impropriety.  If selected, I pledge to avoid using the tools in non-emergency situations in general and in emergency situations when another user or steward can be found who can perform the task.  I am open to any questions individuals may have with regard to my editing and maintain a rather open policy as to my own personal information in the interest of informing others as to any factors they may find important to know with regard to my editing.

Standard questions for all candidates
Please describe any relevant on-Wiki experience you have for this role.
 * Former SPI clerk, advanced understanding of policy and historical context. I am the one who suggested AUSC use pivot tables to present statistics more regularly and can make charts, graphs, etc.  Also helped write the global rights policy and help maintain the MediaWiki:Robots.txt file.  And I am responsible for the creation of the Wikien-bureaucrats mailing list for privacy related renames.

Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * See User:MBisanz/Infobox for more details. I do serve on the WMF audit committee and am a former accountant, so I have an understanding of the concepts of professional skepticism, confidentiality, and document review.

Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * En.Wiki Admin and Bureaucrat, Commons Admin, Meta Admin, WMF-wiki access, Internal-wiki access, OTRS info-en(f), permissions, photosubmissions, Sisterprojects, and DAL queues, administrator of the Clerks-l and DAL mailing lists. Already identified to the Foundation.

Questions for this candidate
Please put any questions you might have in this section.


 * Questions from Xeno
 * Do you feel that members of the audit subcommittee should also be permitted to use the CU or OS bit for for "active duty" as would a regularly elected/appointed checkuserer or oversighter would in their regular course of duties? Why or why not?
 * A:From my candidate statement: "One principle I think that is paramount in AUSC members is that they avoid using CU/OV access in order to avoid the appearance of impropriety."
 * Do you agree to only use the checkuser/oversight bit as directly related to your duties as an audit subcommittee member or emergency situations where no other CU/OS is available (similar to Tznkai's 'personal policy' described here in the section prefixed with the statement "While serving on the Audit Subcommittee, I will not use the CheckUser and Oversight tools with certain exceptions")?
 * A:Also from my candidate statement: "I pledge to avoid using the tools in non-emergency situations in general and in emergency situations when another user or steward can be found who can perform the task."


 * Question from Mailer Diablo
 * Thank you for stepping forward to volunteer for the role. Just one question. How would you deal with editors who attempt to find or/and exploit loopholes in the Checkuser/Suppression policies in a manner that go against the spirit of privacy and community well-being, and then use it to cry wolf?
 * If you could give me a specific example, it would be helpful. But generally, I think it is a balancing test.  From an AUSC point of view, I suppose the best example is someone complaining they were caught socking by a checkuser who didn't have strong cause to check them or a person walking the tightrope of being out but not wanted to be outed.  Simply put, as long as the checkuser didn't have a COI to doing the check, they have broad discretion to perform checks based on behavioral indications.  Also, if someone is complaining about being outed while publicizing their information, it is important to remember that generally oversight only removes information involuntarily disclosed.  If a person has disclosed their information in some manner onwiki, they cannot validly complain if another person cites it at a later date, that is simply a risk of going public in the first place.


 * Question from SilkTork
 * Would you give one example each of 1) appropriate use of CheckUser; 2) inappropriate use of CheckUser; 3) borderline use of CheckUser - and how you would view such borderline use; 4) appropriate use of Oversight; 5) inappropriate use of Oversight; 6) borderline use of Oversight - and how you would view such borderline use.  SilkTork  *YES! 12:05, 2 November 2009 (UTC)


 * 1)A WP:SPI.
 * 2)Checking someone you just reverted on an article you got to FA.
 * 3)Checking someone who has just threatened to kill themselves; I'd view it positively if the information was then communicated to the WMF Office and dimly if the check was done for random interest.
 * 4)Removing an IP of someone who accidentally logged out.
 * 5)Removing a post from someone who thought it will embarrass them later.
 * 6)Removing a post of someone who you nominated for RFA; I'd view it dimly since OVs should avoid the appearance of bias.


 * Question from Emufarmers
 * Will you promise to resign your CU/OS rights once you are no longer on the AUSC? You would still be free to seek CU/OS permissions through the normal process. (There is a thread about this, although the proposal there goes beyond what I'm asking.)
 * Yes, I agree to resign them when I am no longer an AUSC member, unless I have acquired a permission to them under an alternate claim (such as a CU/OV election) in the interim.
 * So you might run for CU/OS while you're still on the AUSC? That doesn't strike you as problematic?  Would you resign from the AUSC if you were granted CU/OS through that process? —Emufarmers(T/C) 08:31, 4 November 2009 (UTC)
 * No, AUSC doesn't monitor CU/OV elections or vet candidates, so there is no overlap there. And if granted the tools while on AUSC, I would simply not use them until the expiration of my AUSC term, similar to how Thatcher has acted.  MBisanz  talk 06:30, 6 November 2009 (UTC)


 * Questions from Cenarium
 * Do you think the following are part or should be part of the Audit Subcommittee's written or unwritten responsibilities and would you do those ?
 * 1) oversee the use of the oversight and checkuser tools by monitoring the checkuser and oversight logs
 * 2) advise (through email) checkusers and oversighters on best practices, point out possible improvements in their use of the tools
 * 3) verify that CU, OS and privacy related matters are properly handled in the functionaries-en mailing list


 * I was under the assumption that given the private nature of the logs, periodic review by AUSC was an implicit part of the duties of investigating misuse of the tools, so I don't see an issue with #1. AUSC is an abuse investigation body, not a best practices commission.  Much like an accountant, if AUSC discovered a way in which CU/OV could be used more efficiently in the course of its investigations (say such as an IP range database), it should disclose that to the CU/OV, but it should not actively seek out techniques.  For #3 that is really an Ombudsman duty, since I take it you mean a breach of a privacy related matter through the tools, which is not an AUSC duty as AUSC deals with violations of polices located on enwp, Ombudsmen deal with violations of policies located on wmf/meta-wiki (yes, I know the current AUSC page says we deal with violations of WMF policy, but I read that more broadly to mean we deal with violations of the privacy policy by referring to the Ombudsmen, since they are the ones empowered by the Board of trustees to act.)


 * Suppose a checkuser or oversighter performs an edit which needs to be oversighted, for having added nonpublic information, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please consider in particular a situation where the functionary was in dispute with the user concerned by the nonpublic information.
 * I would need more context here. I remember one instance of an editor who had stopped using his real name onwiki, but still used it on IRC, and a person who visits IRC infrequently didn't know this an casually mentioned it onwiki, thereby requiring oversight.  I would support such a review if there was an indication of malice or intent to harm on the part of the trusted user and when deciding such a review would look at subsequent actions taken by the trusted user in deciding what to recommend to arbcom.


 * Suppose a checkuser or oversighter is found to posses an undisclosed alternative account (not previously known of ArbCom), used recently, what do you think should be done w.r.t. their CU/OS access ? Do you think this deserves a AUSC investigation and would you support as auditor to open one ? If not in general, then in which situations ? Please distinguish in particular between situations where breach of WP:SOCK clearly occurred, clearly did not occur, or is uncertain.
 * As stated on the AUSC page, AUSC reviews the CU/OV privileges and positions, therefore as it would not review something such as a checkuser violating 3RR (unless they also used CU), it should not review issues of sockpuppetry, unless there is an indication the CU/OV tools were used to aid the socking (oversighting a mistaken edit, rejecting an SPI, etc). Arbcom handles all behavioral disputes of that nature and it isn't within AUSC's remit to expand into their jurisdiction as it does not relate to the privilege or position directly.