Wikipedia:Arbitration Committee/Audit Subcommittee/Reports


 * For statistical reports on Checkuser and Oversight, see Arbitration Committee/Audit/Statistics.

The Reports and Findings of the Audit Subcommittee will be posted to this page. The Audit Subcommittee procedures approved by the Arbitration Committee state that "The Committee shall announce the results of the investigation on-wiki in as much detail as is permitted by the relevant policies." Until 2009, a summary of all closed investigations was posted here. As of 2010, current practice is:
 * 1) The Subcommittee will publish anonymised summaries of its activity. Most complaints received by the Subcommittee are concluded without action, and will only be listed in the summaries of activity. These are listed in the second section of.
 * 2) If a complaint leads to a full investigation, the Subcommittee will at its discretion publish a full report. These are listed at.
 * 3) Only closed matters will be published publicly. Closed complaints will not be published until the next round of statistics are published. Full reports will usually not be published until the matter is closed, although the Subcommittee may announce updates if the matter is of special interest.

2009
As explained in the preface, before 2010 all complaints were announced publicly in as much detail as possible. The findings for these cases are listed as a Log in the first section, in as much detail as is permitted by the relevant policies. After 2009, the Subcommittee instead published anonymised summaries of reports. With the change in practice after 2009, where a complaints became a full investgation that resulted in action or formal recommendations to the Arbitration Committee, the practice of publishing an additional Full Report was not changed; these can be found under, as explained in the preface.

November 2009 to September 2010
This summary is prepared in anticipation of future elections/appointments to the AUSC, currently scheduled for October 2010.


 * Total requests = 20


 * Resolution of requests

Of the requests that were not publicly reported: Risker (talk) 06:12, 25 September 2010 (UTC)
 * 3 requests were publicly reported on this page (see below), with one resulting in a reminder to the functionary involved
 * 1 request resulted in an Arbitration Committee statement on administrators being expected to review checkuser blocks with a checkuser before unblocking
 * 3 requests resulted in an AUSC statement to the Functionaries mailing list defining best practices for checkusers and oversighters
 * 1 request was referred to another, more appropriate venue
 * 2 requests resulted in reminders to the functionary involved
 * 10 requests were resolved informally, with a determination that either (a) actions were acceptable or (b) no action on the part of the AUSC was required

Some further information on the distribution of the requests, with approximate time to completion:


 * 2 requests carried in to November 2009, average completion 15 days
 * 3 requests in November 2009, average completion 100 days
 * 7 requests in December 2009, average completion 66 days
 * 1 request in January 2010, completion 10 days
 * 2 requests in March 2010, no action taken on either request
 * 1 request in April 2010, completion 74 days
 * 3 requests in June 2010, average completion 10 days (including one referred to Arbitration Committee)
 * 1 request in August 2010, completion 1 day

Risker (talk) 00:33, 26 September 2010 (UTC)

October 2010 through June 2011
From late October, 2010, through June, 2011, the Audit Subcommittee reviewed a total of eleven cases:


 * Three cases were not within the scope of the AUSC.
 * Two cases did not involved the use of CheckUser or suppression by a user with advanced permissions.
 * Two requests were denied.
 * Two requests alleging abuse resulted in endorsement of CheckUser and/or Oversight.
 * One case was overturned, and a best practices notice sent to the oversight mailing list and to the oversighter in question.
 * One case was closed and sent with a recommendation to the Arbitration Committee.

For the subcommittee, Keegan (talk) 18:50, 7 July 2011 (UTC)

July 2011 through February 2012
From July 2011 to February 2012, the Audit Subcommittee reviewed a total of eight cases:


 * One case did not involve the use of CheckUser or suppression by a user with advanced permissions.
 * In two cases, the use of advanced permissions was endorsed.
 * In one case, the decision to decline a request for suppression was endorsed.
 * In one case, the request to disclose why an edit was suppressed was declined.
 * In one case, the request was outside of the scope of the subcommittee, and was referred to the proper channels.
 * One case resulted in a caution to the functionary and development of a best practice guideline, which was shared with all functionaries.


 * One case was closed and sent with a recommendation to the Arbitration Committee.

Of these eight cases, one review was requested by another functionary, one review was initiated by a member of the subcommittee, and six were requests by non-functionaries.

For the Audit Subcommittee, AGK  [•] 23:14, 19 February 2012 (UTC)

March 2012 through April 2013
From March 2012 through April 2013, the Audit Subcommittee heard thirteen cases:


 * In one case, the oversighter voluntarily reversed their suppression and no further action was taken.
 * In one case, the complaint related to the use of advanced permissions on another Wikimedia Foundation project, and was outside of the subcommittee's remit.
 * In one case, a checkuser inadvertently linked an account with an IP address when there were no grounds to do so. The functionary was cautioned and a reminder of best practice was sent to all checkusers. The log entry linking the account with the IP address had separately been suppressed after a request to the oversight team.
 * In one case, no further action was required.
 * In one case, a steward had blocked an account after mistakenly selecting the "suppress account" option (which they have access to but are not permitted to use except in an emergency). The action was overturned and no further action was required.
 * In two cases, the complaint did not relate to the use of advanced permissions and was therefore dismissed.
 * In one case, a functionary was instructed to recuse from using their checkuser tools in certain circumstances (which will not be disclosed in this report), but no deliberate misuse of the checkuser permission was detected and no further recommendation to the Arbitration Committee was made.
 * In one case, a use of suppression was overturned and the functionary was warned to take greater care in the future.
 * In four cases, a functionary's actions were held to be appropriate and correct and no further action was taken.

Of these thirteen cases, six reviews were requested by another functionary, two reviews were initiated by a member of the subcommittee, and five complaints were received from non-functionary editors.

For the Audit Subcommittee, AGK  [•] 15:09, 1 May 2013 (UTC)

April 2013 through November 2014
From April 2013 until November 2014, the Audit Subcommittee heard twelve cases:


 * In two cases, the subcommittee agreed that no policy breach had been committed and the functionary’s decision was upheld.
 * In one case, changes to Wikimedia Foundation internal policy were requested and subsequently made.
 * In one case, the complaint was dismissed as out of scope because it related to administrator, not functionary, access rights.
 * In one case, a complaint was filed that a checkuser block was reversed by a non-checkuser. This complaint was dismissed as out of scope.
 * In one case, the subcommittee agreed that no policy breach had been committed, but the functionary being investigated was instructed to (a) recuse in relation to certain matters and (b) better document the rationale for their use of advanced permissions.
 * In one case, a request by a non-functionary for checkuser log information to be provided was summarily denied.
 * In one case, a minor error of judgment was recognised and communicated to the functionary, the subcommittee agreed that no serious policy breach had been committed, and the functionary’s action was overturned.
 * In one case, the complaint was dismissed as out of scope because it was about persistent vandalism.
 * In one case, the subcommittee agreed with the functionary’s decision and the complaint was dismissed.
 * Two cases are pending and their result is not yet known.

Of these thirteen cases, three reviews were requested by another functionary, one review was a self-review request by the functionary involved, no reviews were initiated by a member of the subcommittee, and eight complaints were received from non-functionary editors.

AGK [•] 23:06, 7 November 2014 (UTC)

December 2014 through September 2015
From December 2014 until September 2015, the Audit Subcommittee investigated and closed seventeen cases (they are listed in no particular order, some continued over from the previous report):


 * In four cases, AUSC (on auditors' initiative) contacted the Arbitration Committee regarding functionaries who were failing to satisfy the activity requirements in one or both tools.
 * In three cases, a request was filed but checkuser or oversight tools had not been used.
 * In three cases, the subcommittee agreed that no policy breach had been committed and the checkuser's decision was upheld.
 * In one case, the subcommittee agreed that no policy breach had been committed and the oversighter's decision was upheld.
 * In one case, a user requested information on whether their account had been checked.
 * In one case, there was ongoing discussion about the situation on the Oversight mailing list and the report was referred there as AUSC had established, prima facie, that there had been no misuse of oversight.
 * In one case, concerns were raised regarding a suppression performed by a WMF staffer and the matter was referred to WMF Community Advocacy.
 * In one case, a checkuser publicly connected an account with an IP address. There was no policy breach but the functionary was advised on best practice to avoid a similar situation.
 * In one case, AUSC made a recommendation to the Arbitration Committee (arbitration case)
 * In one case, AUSC determined that a use of the CheckUser tool was not appropriate but as it was made in good faith so the checkuser was reminded of best practice.

Initiator statistics
 * Nine cases were reported by community members
 * One case was self-reported
 * Six cases were initiated by a member of the sub-committee
 * One case was referred by the Arbitration Committee

Monthly statistics (including activity investigations)
 * September 2014: 5 requests
 * October 2014: 1 request
 * November 2014: 1 request
 * December 2014: 2 requests
 * January 2015: 1 requests
 * February 2015: 3 requests
 * March 2015: 0 requests
 * April 2015: 2 requests
 * May 2015: 1 request
 * June 2015: 0 requests
 * July 2015: 1 request
 * August 2015: 0 requests
 * September 2015: 0 requests

User:Law and User talk:Law
The audit subcommittee has investigated a complaint dealing with the suppression of four edits on User:Law and 2 edits on User talk:Law. (Issue 09-014)

On August 16, an IP vandal identified Law as The_undertow both on User:Law and User talk:Law; the vandalism included a great deal of extraneous vulgarity. The edits were immediately reverted. On August 20, Law deleted and selectively restored the pages to delete the vandal revisions. On August 21, an Oversighter suppressed the revisions with the stated reason "outing."

The audit subcommittee has determined that the edits do not qualify for suppression; as Law was not an "approved" alternate account, identification of Law's prior account is not "outing." The suppression has been reversed, although the revisions remain deleted, as it is any user's prerogative to remove vulgar vandalism from their user and user talk pages.

The oversighter has confirmed that Law contacted him/her privately and that he/she knew that Law and The_undertow were the same person, but states that he/she either did not know or forgot that The_undertow had been under a block, and "interpreted his most recent departure (and return under a new name) as a RTV thing." Since the edits were deleted and there was no urgency, consultation on the oversight list or with another oversighter privately would have been best practice. If a stranger contacts oversight asking for allegations of sockpuppetry to be suppressed, this should normally provoke questions. Here, the circumstances (including Law resigning his sysop status immediately after deleting the edits) should have raised questions. Instead, the oversighter did not take steps to confirm Law's status, and essentially gave him the benefit of the doubt. The audit subcommittee finds this to be an error in judgement, but not one so serious as to provoke further inquiry or action. We are unable to independently determine whether the oversighter knew more about Law than he/she has said.

The audit subcommittee has adopted a policy of not disclosing the names of oversighters or checkusers involved in complaints where there is no finding of wrongdoing, although the individual is free to identify themself and post their own explanation.

This report was approved 5-0 with John Vandenberg recusing.

For the Audit Subcommittee, Thatcher 16:02, 5 October 2009 (UTC)

"Randy in Boise" suppressions

 * Background

For many years, Oversight has been used to remove edits that include privacy violations and a limited number of other material. Removal of these edits was irreversible without intervention from a developer, and had other adverse effects on the database. Therefore the use of this tool was tightly limited and only those edits that were clearly problematic were oversighted. In February 2009, an improved tool, known as "suppression", was made available to oversighters. Suppression is fully reversible, and is now the standard tool for removing privacy violations and other material meeting the suppression criteria. Oversighters are now able to remove potentially problematic edits from public and administrator view at an earlier stage, and review the use of the tool after the fact. This feature is particularly valuable where there is an alleged breach of privacy on a heavily watched, rapidly edited page.


 * History of the event

On 12 November 2009, during a discussion on Administrator noticeboard/Incidents, an editor posted a comment that included a reference to a Wikipedia critique from some years ago; this reference was incorrectly but reasonably interpreted by another editor as being an attempt to reveal personal details about the second editor. The second editor, aware that there is a significant time factor involved in suppressing edits to AN/I, alerted both the Oversight mailing list (Oversight-L) and contacted another administrator on IRC to try to locate an oversighter for suppression of the edit that was mistakenly thought to be an outing attempt. While the request was being discussed on Oversight-L and the link to the Wikipedia critique article was identified, the administrator on IRC had contacted a steward and had requested suppression. The steward acted on the request for suppression, as per standard procedure. The suppression was reviewed on Oversight-L and, several hours later, was reversed by a Wikipedia oversighter.

The Audit Subcommittee finds that all parties acted in accordance with policy during the course of this event, but that several misunderstandings and gaps in practice complicated the situation.


 * Recommendations


 * The Arbitration Committee, which is ultimately responsible for suppression usage on English Wikipedia, should contact the Stewards group and request that if a steward carries out emergency oversight/suppression on this project, the steward notify the Oversight-L list so that the suppression can be reviewed to ensure it is within project norms. Stewards should also be invited to submit their email addresses so they can be given write-only access to Oversight-L to facilitate this communication. The approach to the stewards should include recognition that stewards may take action in emergency or serious situations before all of the relevant information is known, and that reversal of a steward's decision under such circumstances is not a reflection on the action or the steward, but is based on additional information that the steward may not have at the time of the suppression.
 * The Oversight team is urged to review suppressions performed in unusually time-sensitive situations, regardless of who carries out the suppression, and to reverse suppressions subsequently determined to be outside of scope, as such suppressions are more likely to be made before full information is received.
 * The Oversight team is strongly urged to develop and communicate the situations in which suppression may be used to redact personal information of a user when that user has voluntarily revealed personal information in the past. Factors to consider include whether or not the editor is a minor, how long the information has been present on Wikipedia, the location of the information requested to be suppressed, how extensive the suppression would need to be in order to redact all references to the personal information, community standards (including those articulated by prior Arbitration Committee decisions) and whether other processes (e.g., revision deletion, reversion of edits) will provide a satisfactory resolution. Suppressions should be able to be justified within the WMF privacy policy.

For the Audit Subcommittee, Risker (talk) 05:09, 17 December 2009 (UTC)

'''Discuss this

Noroton/JohnWBarber
This report is solely concerned with the use of CheckUser by Versageek; the involvement of Lar and the administrative actions by Versageek are outside of the scope of the investigation. There is no evidence of improper use of CheckUser by Versageek. The check was reasonable and within CheckUser discretion.

History:
 * At 22:39, 18 October 2009 (UTC), User:MZMcBride began an Articles for Deletion debate on User:David Shankbone. Between 4:18, 19 October 2009 (UTC) and 19:49, 25 October 2009, JohnWBarber commented 12 times. About a day after the close of debate, at, 23:59, 26 October 2009 (UTC) JohnWBarber opened a deletion review, on which he commented, sometimes at great length a total of 25 times. The deletion review debate reached over 38000 words, JohnWBarber's contributions numbering at about 3300 words, not including several discussions that were on the adjoining talk page. During the course the debate, Lar (who was also involved in the debate) shared with Versageek a suspicion that the JohnWBarber was "an alternate account purely to participate in contentious discussions, and do so aggressively and disruptively." Versageek made several checks. As a result, the JohnWBarber, Reconsideration, and CountryDoctor accounts were blocked as sockpuppets, and the Noroton account was blocked for 1 week for abusing multiple accounts, and later JohnWBarber requested Arbitration, and the matter was given to AUSC for review.

Analysis: Recommendations:
 * The JohnWBarber account edited the David Shankbone AfD 12 times, and the DRV 22 times, showing high interest in a high profile debate that had already included accusations of sockpuppetry. His comments were frequently rude, tendentious, confrontational, and passive aggressive.
 * It was reasonable to suspect the JohnWBarber account as an account intended to avoid scrutiny.
 * The JohnWBarber, Noroton, Reconsideration, and CountryDoctor accounts all edited in overlapping periods in the month of October.
 * There was no clear indication or communication that JohnWBarber/Noroton/Reconsideration/CountryDoctor was attempting to make a clean start.
 * The Noroton account has had poor interactions with User:David Shankbone, the subject of the David Shankbone article.
 * There is no indication, or reason to suspect ulterior motives by Versageek.
 * Closure of this matter

Passed 3-0 with Risker, Rlevse and Kirill Lokshin recusing.

For the Audit Subcommittee,

--Tznkai (talk) 01:26, 15 January 2010 (UTC)

DeltaQuad and Int21h
This report was published on-wiki by the complainant, and therefore can also be made public here. AGK [•] 19:55, 10 April 2013 (UTC)

On 4 March 2013, the Audit Subcommittee received a complaint by Surturz against DeltaQuad related to DeltaQuad's use of their checkuser permissions to check and block Int21h. The results of our investigation and our recommendations concerning this complaint are as follows. Checkusers are expected to only take actions when they have a reasonable basis in fact to conclude that the action is permitted under the Checkuser Policy and that its performance will advance the purposes of the project. A reasonable basis in fact is evidence such that an impartial third-party possessing the same information as the Checkuser could reach the same conclusion as the Checkuser. The concurrence of other Checkusers as to an action may tend to indicate it had a reasonable basis in fact, but will not relieve the Checkuser who took the action of responsibility. If a Checkuser possesses a reasonable basis in fact to take an action, takes the action in good-faith, and the action is later determined to have been incorrectly taken, the Checkuser has erred, but not abused their access to the tool. Repeated or regular errors, even if they are based on a reasonable belief and taken in good-faith, may serve as grounds for removal of Checkuser status due to lack of competency. Use of open proxies, including Tor, is strongly discouraged. However, good cause may exist for an editor to participate via open proxies under exceptional circumstances. A user who has requested the IP block exemption flag is deemed to have consented to periodic monitoring with the Checkuser tool given the high risk of abuse. A user who has requested the IP block exemption flag is not deemed to have consented to disclosure of their private information beyond what is necessary to monitor their use of the IP block exemption flag. Int21h requested the IPBE flag via the unblock-en-l mailing list to edit via Tor and was granted the right on December 27, 2011. DeltaQuad Checkusered Int21h on December 27, 2012. Based on our review of all materials available to us, DeltaQuad had a reasonable basis in fact to Checkuser Int21h and we have found no evidence that DeltaQuad did so in bad faith. DeltaQuad blocked Int21h on December 28, 2012 with the block log reason of "". A Checkuser is not required to inquire with the target of a Checkuser block prior to enacting the block. Other Checkusers concurred in the actions DeltaQuad took. It was determined at a later date that DeltaQuad's block of Int21h was erroneous as a result of unknown information concerning the manner in which Tor and programs associated with Tor process certain technical information. DeltaQuad unblocked Int21h on January 19, 2013 and apologized for having made the block. Based on our review of all materials, DeltaQuad made a reasonable investigation to obtain relevant facts to support a block of Int21h. DeltaQuad further acted reasonably in blocking Int21h as a result of the facts that were available to them at the time. While there were facts unknown to DeltaQuad that resulted in the block being invalidated, DeltaQuad did not err in failing to obtain extraordinary information beyond the knowledge of the average Checkuser in forming the basis for the block. The blocking policy strongly encourages blocking administrators to leave notice on the blocked user's talk page regarding the terms of the block. This policy exists to provide notice to the blocked users and other users who may review the block as to the reason for the block. DeltaQuad [http://en.wikipedia.org/w/index.php?title=User_talk:Int21h&diff=530065965&oldid=529925458 left] notice on Int21h's talk page regarding the block. We find DeltaQuad satisfied their duty to provide notice to Int21h and other users as to the relevant terms of the block through their use of the template in the block log and via the talk page notice. All administrators are required "to respond promptly and civilly to queries about their Wikipedia-related conduct and administrator actions and to justify them when needed." A Checkuser is not required to disclose alternate accounts they find to a blocked user nor are they required to disclose to the blocked user the precise evidence they used as the basis of the block. While a Checkuser must disclose the information used as the basis of a block to fellow Checkusers and the Arbitration Committee, it is left to their discretion as to the amount of information to disclose to the blocked user. Int21h attempted to appeal the block to a mailing list and via an [http://en.wikipedia.org/w/index.php?title=User_talk:Int21h&oldid=530581411#Block obscene message] on his user talk page on December 31, 2012. Int21h refused to communicate with DeltaQuad via email. MaxSem summarily denied the on-wiki block appeal on December 31, 2012. DeltaQuad was not active on the English Wikipedia while the block appeal was pending on Int21h's talk page. Int21h failed to re-file the unblock request on-wiki or to contact DeltaQuad via email. As a matter of best practice, DeltaQuad should have responded on-wiki to Int21h. However, DeltaQuad did not breach their duty under WP:ADMINACCT as they was not active when the block appeal was made and rejected, nor were they contacted by the blocked user to contest the block via another means. DeltaQuad's failure to initiate communication in response Int21h's terminated obscene block appeal was not an abusive error or misconduct. We conclude that DeltaQuad acted reasonably in Checkusering and blocking Int21h. Even though the block was subsequently invalidated, DeltaQuad's block was appropriately made based on a reasonable interpretation of the evidence available at the time. DeltaQuad failed to promptly respond to Int21h's rejected obscene block appeal. DeltaQuad's failure was not the result of abuse, misconduct or indicative of incompetence in holding Checkuser status. Therefore, the AUSC has completed its investigation and is submitting this report to the Arbitration Committee with a recommendation that no further action be taken. For the Audit Subcommittee, Anthony (AGK)