Wikipedia:Wikimedia Strategy 2018–20/Provide for Safety and Security

This recommendation proposes the idea of the safety and security of Movement stakeholders as a fundamental requirement. As such, the well-being, safety and security, protection, and privacy of any participant in the Movement is embedded in all other recommendations.

Intro section
These pages describe a major discussion process currently taking place at the website for Wikimedia.

If you wish to add comments to the main discussions for this process at that website, here is the link where you can do so:
 * Link to main page at Wikimedia website:
 * Strategy/Wikimedia movement/2018-20

What
In order to “become the essential infrastructure of the ecosystem of free knowledge”, as a Movement, we must ensure contributors have the proper conditions and resources enabling them to work without having their personal and communal security compromised. Any issue related to the safety of free knowledge contributors in one community will be considered a matter of utmost importance to the whole Movement.

We must provide policies and procedures for all stakeholders’ protection, based upon a contextual evaluation adapted to varying environments. These need to ensure participants have adequate safeguards to prevent and react to threatening situations. Necessary resources must be made accessible for all stakeholders to be able to deploy the infrastructure needed to protect them in their context.

Why
Geopolitical tensions often threaten individual liberties and restrict Internet use, making it crucial to guarantee safety and security if we want to allow for a diverse and globally relevant Movement. Many communities face government bans or threats, feeling isolated, and fear for their safety when contributing to Wikimedia. There is currently no systematic approach to support contributors at risk due to their participation in Movement activities, and a lack of the essential local capacity to protect contributors’ anonymity. If we want to stay inclusive and embrace future communities, we need to provide mechanisms to mitigate the barriers which threaten safety and security.

There is a structural and widening gap between the growth of the world’s online population and the areas where the Wikimedia Movement is trying to engage. Part of this is due to the lack of understanding of the possible threats and dangers, from online harassment and bullying to legal prosecution, that engagement in Wikimedia projects may imply in every context. Another part is a lack of knowledge of the actions required to tackle threats and potentially threatening situations. In some cases, these threats are rooted in political instability and can take the form of state-sponsored censorship and legal action against individuals.

In other cases, there can be organizations or groups that might try to harm contributors or the platform as a whole, or pressure them to change content. The consequences of these threats can be severe, including death because of suicide or murder. Ensuring anonymity, privacy, and access to the necessary security measures to address practices such as doxing and trolling is critical to strengthening and expanding the community in the future and to the sustainability of the Movement. We must ensure that the participation in our projects does not tolerate any kind of violence.

How
To ensure contributors have the proper conditions and resources, enabling them to work without having their personal and communal security compromised, we recommend an approach based on several actions. We must bring clarity to our policies on behavior and adopt a universal Code of Conduct developed through community consultations and contextualized for local circumstances, which determines acceptable behaviors essential for the entire Movement. Beyond the Code of Conduct for our internal relations, we will need a system that outlines procedures to provide for protection and safety from external factors. This system needs to encompass evaluating training needs in diverse contexts, providing training and technical solutions, and developing a system for emergency response.

We must establish a methodology of documenting the different contexts in which volunteers contribute, the current threats that might be encountered while contributing, and communication channels available in stakeholders’ environments. Based on those findings, we need to develop a digital security plan that includes processes to protect the safety and security of our stakeholders, as well as emergency procedures to follow if the need arises. It must be widely available and include best practices on suicide prevention and support for vulnerable consumers of knowledge.

We must offer training, as needed, to raise awareness and build response capacity to provide ways to safeguard the privacy and security of those contributors who put themselves at risk or face complex challenges due to their participation. For prevention, we need built-in platform mechanisms aimed at anonymization. When that is not possible, we must disseminate knowledge among contributors on preserving their anonymity through external mechanisms (such as VPN, IP masking, Tor, etc.), which might require some technical support and personalized training. Equally, training needs to be established for volunteers and staff dedicated to trust and safety (including members of communities, such as administrators or Arbitration Committee members) in order to provide psychological and resource support to participants.

In the event of an emergency, we need to have a clear, rapid response and support infrastructure ready and easily accessible, so that editors have available resources to mitigate harm, such as psychological support (e.g., psychologists, mediators), legal assistance (e.g., list of partner lawyers, facilitation of legal representation at a local level), or a fast-track escalation path in life-threatening situations. These might also include procedures for reacting to large-scale challenges, like Internet access shutdowns.

The entire Movement must be aware of the different risks involved in contributing from specific regions and balancing those conversations with our strategic needs for public neutrality. Nonetheless, for a matter of effectiveness, the training and support infrastructure needs to be provided by stakeholders in touch with the region who have a higher degree of knowledge of the legal aspects and cultural idiosyncrasies (in the frame of an emergent regional structure or another entity which can ensure this knowledge). Regional structures would be active participants in adapting and evaluating safety and security guidelines and procedures.

Expected outcomes

 * Create clarity and transparency around behavioral standards and enforcement/resolution processes/procedures for all Movement stakeholders. This would begin with a universal Code of Conduct and establish viable structures for conflict resolution across all Movement levels.
 * Develop a security plan, based on an analysis of contextualized environments and participant needs, which organizes technical, human, and legal support processes to protect the physical and psychological well-being, safety, security, anonymity, and privacy of all our stakeholders, along with rapid-response procedures to follow in emergencies.
 * Establish easily accessible incident reporting and support systems on and off-Wiki to provide stakeholders with solutions to protect themselves, take precautionary measures, and mitigate threats to their security, safety, well-being, and privacy.