Wikipedia talk:Confidential evidence

From discussion at WT:BLOCK. Merits its own page rather than a section in WP:BLOCK, if the communal sense is that this is likely to recur and a policy to prevent abuse is required.

Draft only - comments and improvements welcomed. FT2 (Talk 19:45, 20 November 2007 (UTC)

Blocks only by uninvolved persons
I would suggest that the person assembling the secret evidence not be the one who issues the block. The blocking administrator should be a person not involved in any dispute with the editor being blocked not should they have been involved in assembling the information. To do otherwise is to create the appearance of being the prosecutor, judge and jury. JodyBtalk 21:07, 20 November 2007 (UTC)
 * Concur, see below. FT2 (Talk 21:14, 20 November 2007 (UTC)

Transparency
After the block is placed, a notice naming the person assembling the evidence and the persons reviewing and approving the block are to be listed under their own signatures. JodyBtalk 21:08, 20 November 2007 (UTC)
 * Concur, see below. FT2 (Talk 21:14, 20 November 2007 (UTC)

Name
Considered:
 * Evidence presented in secret (long; may never have been "presented")
 * Evidence in secret (better)
 * Secret evidence (short but "secret" carries negative overtones?)
 * Confidential evidence (neutral but less intuitive?)
 * Sensitive evidence (I like this one most I think)  —Preceding unsigned comment added by FT2 (talk • contribs) 21:48, 20 November 2007 (UTC)

Thoughts? FT2 (Talk 21:14, 20 November 2007 (UTC)


 * Update - "secret" as in "secret evidence" carries a pejorative tone, tending to imply drama, rather than simply a need for privacy or other concerns. FT2 (Talk 21:59, 20 November 2007 (UTC)


 * I think "Sensitive evidence" best describes the reasoning for keeping such evidence secret. It is secret because it could cause vulnerabilities in someone, ie sensitive. 1 != 2  22:21, 20 November 2007 (UTC)
 * I like confindential evidence. though sensitive is ok, also.  --Rocksanddirt (talk) 00:18, 21 November 2007 (UTC)

JodyB's suggestions
Further to JodyB's comments above, try this:


 * {| style="border:black solid 1px" width="90%"

-- Process--

Administrative sanction actions should not be imposed by a person involved in any dispute with the editor being blocked or involved in assembling the secret information. This is to avoid the appearance of being the prosecutor, judge and jury.

In the case of emergency, a short term block which does not relate to secret evidence may be used, to allow time for proper review.

After sanctions are imposed, a notice naming the person assembling the evidence and the person(s) reviewing and approving the block are to be listed under their own signatures. If communal consensus so decides, a review by a mutually agreed independent administrator (who may be an arbcom member) may be requested, to state whether they feel the matter was justified and appropriate, and whether reasonable doubts exist.
 * }


 * Strongly Support this section The section below. Administrators gathering the evidence shouldn't be imposing blocks, since this would be about as non-transparent as possible. -- B figura (talk) 21:42, 20 November 2007 (UTC)

Slight modification below from me. JodyBtalk 21:45, 20 November 2007 (UTC)


 * {| style="border:black solid 1px" width="90%"

-- Process--

In all but presently occurring vandalism, blocking based upon secret or confidential information occurs only after prior review. In such cases, block as usual for the vandalism.

Blocking should not be imposed by a person who assembles the secret evidence. This is to avoid the appearance of being the prosecutor, judge and jury.

After blocking is imposed, a notice naming the person assembling the evidence and the person(s) reviewing and approving the block are to be listed under their own signatures.

The person blocked retains all usual rights of appeal.
 * }
 * Striking my comments above. I think it's important to clearly make the point that the evidence needs to be reviewed and endorsed before the block is imposed. I also would suggest rewording the first sentence to"In all cases, blocking based upon secret or confidential information occurs only after prior review"After all, if there's ongoing vandalism, a block can be issued for that without the need for confidential evidence. (Thus including this as an exception seems to open up the process to harm). -- B figura (talk) 22:28, 20 November 2007 (UTC)
 * I'm fine with that. What I was trying to do was separate the immediately occurring, ongoing vandalism from the secret review. Of course, that's really a separate issue that would be handled differently. JodyBtalk 00:25, 21 November 2007 (UTC)

Demonstrating review
One fairly basic point that appears to have been missed in at least one case recently. When evidence is circulated cofidentially, agreement of reviewers has to be evidenced by them actually commenting in agreement. Absence of comment does not indicate agreement or disagreement, it may very well indicate that the recipient of the circulated evidence has either not yet read it or not yet investigated themselves and come to a conclusion. GRBerry 22:10, 20 November 2007 (UTC)
 * Agreed. That's why we suggest each reviewer adding themselves to the block notice to evidence that review. Since the person assembling the evidence would not do the blocking, someone else would have to have reviewed, blocked and accepted responsibility for doing so. JodyBtalk 00:27, 21 November 2007 (UTC)

Entire proposal needs retooling
This proposed policy is poorly worded and full of loopholes. It contains much wording such as "They are expected to use -- and expected to be able to demonstrate -- independent advice was sought and reasonable good faith employed, in case of review." Such awkward phrases mean nothing as they require nothing. Instead policy should avoid all such ambiguity -- use wording instead like "must use" and "must demonstrate." The entire document should be retooled with an eye to avoiding such gaping loopholes. The proposal also contains too much expository text which can be wikilawyered. Maybe if a succint policy is given in bold and for any accompanying expository text it is made clear that it is elucidation rather than the policy itself. Quatloo (talk) 22:38, 20 November 2007 (UTC)
 * An expectation isn't necessarily a loophole. The significance is that failure may be considered a lack of judgement, or one more in a series of lack of judgement, and lack of confidence in their judgement may be ultimately, a problem for an administrator. The issue here isn't that they must do this without fail; it's that they are expected to, and if they slipped up without a good basis or thought, then their judgement is called into question, which is actually the underlying concern. That's why it's drafted that way. Good question though. FT2 (Talk 22:53, 20 November 2007 (UTC)


 * This proposal is an excellent beginning towards a good guideline. Removing the guidance so it can be turned into a policy would ruin it. WAS 4.250 (talk) 23:17, 20 November 2007 (UTC)
 * Even policies have explanatory text and guidance comments - WP:NPOV is the canonical example, but see also: WP:CONSENSUS and WP:COPYRIGHT for other examples. The level of comment here is also fairly comparable to many policies (WP:BLOCK for example). So no need to worry. FT2 (Talk 00:21, 21 November 2007 (UTC)


 * Quatloo, this is all of about three or four hours old. Of course it needs work and retooling. There is no problem making it more succinct. However, explanation of some degree is evident in every policy and while some can probably be dropped, some needs to stay. JodyBtalk 00:31, 21 November 2007 (UTC)

Some comments on the ArbCom's role
A few comments on the current proposal:

''If there is a question how to handle a matter like this, it should be referred to the Arbitration Committee (or an uninvolved Arbcom member) for advice, as the representative body best placed to advise on confidential matters that may have disclosure concerns. For matters specifically related to oversight and checkuser issues, those two lists may be suitable instead.''


 * Referring things to a single member typically results in nothing but extra work in trying to collate bunches of emails; we generally consider such matters en banc anyways. Asking the Committee as a whole to begin with would save us some work.
 * The CheckUser and OverSight lists aren't particularly well-suited for reviews of this sort, as they're not en:wp-only lists.

''Disclosure of non-public evidence relevant to a decision can be requested for examination by any bona-fide arbcom member, oversight, or checkuser user. An involved individual should nontheless recuse if this would show good judgement, and such evidence should not be circulated on the relevant email lists.''


 * Are there non bona-fide ArbCom members?
 * I'm not sure what the point of trying to prevent discussion by the Committee as a whole would be; and, in any case, it's not at all clear whether this policy can legitimately prohibit the Committee from operating as it feels necessary.

Kirill 22:43, 20 November 2007 (UTC)


 * The purpose for stating "or an uninvolved member" comes from slow external experience of arbcom communications at times in the past. It seems to be the case that as with most groups, some arbcom members are very responsive, others may not always be so (to external email). Mailing to the list itself may be perceived to require consensus by all/most of arbcom, a slow process, whereas often all thats wanted is one reputable independent and experienced person who can be trusted with the confidential evidence, and who will check it and say "yep, thats fair (or not), and here's my advice". So there is a fair case that it might pay to allow individual arb members to check such concerns rather than requiring the list as a whole to be involved. Maybe that's not how it works -- but it seems to be a perception of some editors.


 * The concern about lists and exclusions comes from thinking through, what if the confidential information relates to an arb member. Perhaps one day there'll be a concern that an arb member has engaged in serious misconduct (for example). In such a case, should we require the evidence be sent to arb-l? Should it be presumed that a user will feel safe to report it, if they worry it might go direct to arb-l, to be read by the person concerned (and maybe reacted to, as they fear)? Maybe we should reassure them it can be sent to any arb member they feel safe with, first, and won't go onto the arb list if it would worry them to do so? Those kind of concerns and allowances were in mind in that item. It really does need arbcom to advise and daft what's required, but something had to be written first in the draft, to allow discussion. Meantime, those kinds of considerations for users who may feel themselves in a "tough spot" of who and how it might be passed around, were the basis of the draft wordings.


 * As for the rest, fairly well agreed. Individual checkusers and oversighters not the list, and "non bona fide" can be killed :) FT2 (Talk 23:03, 20 November 2007 (UTC)


 * There's nothing wrong with contacting inidividual Arbitrators, so long as people understand that what they're getting is private advice from a fellow Wikipedian (who happens to be an Arbitrator), not an official mandate from the Committee. In particular, we tend to look quite dimly on people claiming that the Commitee told them to do something when most of the Committee hasn't even been asked.  The onus is on the person asking to go through official channels if they want an official response.
 * As far as exclusions go, confidential evidence of serious misconduct on the part of the Committee would probably go directly to Jimmy anyways. I doubt it's worth writing a general policy around such degenerate cases. Kirill 23:18, 20 November 2007 (UTC)


 * Agree to both. The bottom line is almost, consult with someone reputable. Whether arbcom or a specific arbitrator, but if you're going to claim "nobody can see the evidence, its a secret!" then it's your job to find someone trustworthy and independent who can verify the need, and the fairness, and the interpretation, and then one should do so in good faith, get good advice, and act with careful thought.


 * So for review and advice purposes, Arbcom (as a committee) is fine, but an individual arb member would work just as well too (and may be perceived as more approachable and faster on the response). The purpose is around "arranging for general communal reassurance that the matter has been reviewed by someone very experienced, or more than one person, who is prepared to say so, and that the matter is valid and fair according to [multiple?] independent people". Or something to that effect :) FT2 (Talk 23:59, 20 November 2007 (UTC)

Note - "who to contact" now fixed per Kirill's suggestions. FT2 (Talk 13:30, 21 November 2007 (UTC)

Question
Wasn't Esperanza decentralized because of lack of transparency, or that was part of the reasons anyway? Wouldn't this be exactly the same thing again? Kwsn  (Ni!)  23:31, 20 November 2007 (UTC)

This is much different subject than Esperanza. Thanks This is a Secret account 00:03, 21 November 2007 (UTC)


 * EZ was killed because it ended up as a clique within Wikipedia, with its own bodies, own organizations, own agenda and subculture, which led away from its aims as a "self help group" to a situation where it was perceived people were thinking of themselves as "Esperanzans" instead of editors. That was the problem. (See: Wikipedia:Miscellany for deletion/Wikipedia:Esperanza, especially the close by Mailer Diablo, and the nomination by Dev920)


 * The situation here isn't that. No extra bodies are proposed, no subcultures. Evidence has always been allowed in camera - for example over half of checkuser requests, many BLP subjects with concerns, and an unknown number of arbcom submissions, are made by email. This proposal is simply deciding how we want to handle it, when someone feels some other editor's doing Bad Stuff on the wiki or some such, but the evidence is sensitive and they don'tr want to cause problems or aren't sure how to approach it. In some cases users have been blocked and then told "I'm not telling you why". The vast majority it was probably quite sound... but no real norms exist to help ensure good practice.


 * So this is just a page to decide, now it's a current issue - how do we want to handle the situation where part of the evidence in some conduct or dispute case, isn't really for public. And that's a situation that has happened, and will happen, so its no bad thing to decide with more consensus, how we expect it to be handled. FT2 (Talk 00:10, 21 November 2007 (UTC)

"Acted upon" to do what?
Perhaps we could make clear what exactly the words "acted upon", in the nutshell (Evidence that is not publicly available can be presented, and acted upon, in certain unusual cases), or in the proposed guideline itself? Perhaps something like "blocking or otherwise restricting the actions of an editor"? Otherwise (particularly when the "background" box is removed, as I assume it will be eventually) this guideline is a bit mystifying to those unfamiliar with Wikipedia. ("Confidential information" for lawsuits? Firing an employee? Reverting all of an editor's prior edits?)

I realize that experienced editors know that there isn't much that Wikipedia can do to an editor other than revoke sysop privileges, restrict editing and/or block or ban an editor, but I'm hoping it's possible to spell things out a bit for less experienced editors who happen on this (not to mention trolls who want to cite the guideline as enabling Wikipedia to do anything to anyone on the basis of information that isn't made public. -- John Broughton  (♫♫) 02:22, 21 November 2007 (UTC)
 * A "what actions or approaches might be relevant" note, that explains what can happen? Maybe as part of background? FT2 (Talk 03:16, 21 November 2007 (UTC)

Veto
Would just like to add that I put in a negative vote for this proposed policy. If it can't be an open process then it can't be presented. There are many people in jail today (Jonathan Pollard being one of them) who are rotting due to "confidential evidence". I abhor this. Thus, I veto it (for whatever it's worth). Bstone (talk) 02:47, 21 November 2007 (UTC)


 * Maybe I'm misreading it, but I believe the proposal seeks to establish standards for how confidential evidence is used so as to minimize the chance of its misuse. Confidential evidence is already used in some arbitration cases, without any standard in place to govern its use.  Arbcom will continue to make use of confidential evidence whether or not this proposal exists.--Father Goose (talk) 03:09, 21 November 2007 (UTC)
 * My reaction is the same as Goose's (if I interpret it correctly). We definitely don't want to disallow confidential evidence entirely. Do you feel that the standards outlined in the current revision of the proposal are too stringent? If that's a yay, stick around so we can balance it out better. =] — xDanielx T/C\R 04:28, 21 November 2007 (UTC)


 * I believe that if the evidence is too confidential to discuss in ArbCom then it's inadmissible. Jonathan Pollard's lawyer is not even allowed to see this "confidential evidence", but it is the crux of the Gov't claim against him. It would be wrong of me to abhor the use of such evidence in his case but not speak out against it here. Just my opinion and it looks like this evidence will already be used. Bstone (talk) 16:34, 21 November 2007 (UTC)


 * The issue is with evidence that would reveal personal information about a user. A recent ArbCom involved an email sent from one user to another which involved alleged threats. The email included personal information about the target of that threat. Should such a message simply be thrown out if the target does not want this personal information revealed? Would you support redacting the personal info? Finally, how would you reconcile the fact that an email (for instance) can't readily be verified "on-Wiki"? This is an instance where evidence would be considered by the ArbCom members, but not necessarily placed in the open for the community to view, due to privacy issues. -- Kesh (talk) 13:03, 22 November 2007 (UTC)


 * This was a private email sent from one person to another, both of whom who happen to be editors on wikipedia? In my opinion the only evidence which can be accepted is that which happens on wikipedia. Private emails are not sent through wikipedia. Thus, the email which you discuss is inadmissible. If threats are made, then it should be referred to the proper legal authorities. Bstone (talk) 04:03, 23 November 2007 (UTC)

Providing the "reason" should be standard
Now and again I've seen cases where condiential evidence is mentioned, and it mystifies me as to why it needs to be kept confidential. One of the things I'd like to see included in the proposal is that a rationale should be offered whenever confidential evidence is used: "to protect  identity" or the like. Ideally, it ought to be as specific as possible short of defeating the purpose of the condfidentiality; something like "for reasons of privacy" is pointlessly vague.--Father Goose (talk) 03:04, 21 November 2007 (UTC)


 * I think the standards of handling suggested, which include good cause, independent review, good and full communication, factual evidence, minimizing damage, non exaggeration, prompt clearing as able, and publication when possible, cover that rather thoroughly. Other proposals include the need for high quality review before any action can be taken, and the like. I think you'll find this one's going to be well and truly covered in whatever wording comes out. FT2 (Talk 03:12, 21 November 2007 (UTC)
 * I think this is an excellent point that would help mitigate some of the potential harms of confidential evidence. FT2 has a point that it is (somewhat implicitly) covered to some extent within the existing sections. For now, I think I'll add another sentence to the Good and full communication bullet, in an attempt to make the point more clear. Feel free to discuss and/or change this if there's a better alternative. — xDanielx T/C\R 04:35, 21 November 2007 (UTC)

Support
I support the effort to clarify where the correct parameters are and will abide by community consensus.

I also have a question: under the legitimate reasons section, involved parties are presumed to have a legitimate reason. That looks highly gameable. Let's say an editor stacked RFA votes using Exploit A, which was foiled by Sleuthing Skill B, and that B could be foiled by New and Improved Exploit C. What's to stop this editor from demanding the evidence, then coming back a few months later and implementing New and Improved Exploit C?  For that matter, what's to stop any banned troll from picking up a sockpuppet, heading over to a location where an investigation is taking place, and insinuating himself or herself into the status of an "involved party" to get a look at the investigation?

That'd be the worst of all worlds, wouldn't it? The community wouldn't be able to see what's going on, but the people who most want to abuse Wikipedia would get free classes in How to Exploit Wikipedia Better. Durova Charge! 04:50, 21 November 2007 (UTC)


 * Fair concern -- I think it has a place in the "why evidence may need to be presented confidentially" section, and will add it momentarily. — xDanielx T/C\R 05:18, 21 November 2007 (UTC)
 * Made two minor additions -- is that better? — xDanielx T/C\R 05:29, 21 November 2007 (UTC)
 * That seems reasonable to me. (Although I realize the question wasn't thrown my way :) -- B figura (talk) 07:01, 21 November 2007 (UTC)

Just to confirm a subtle point that's not necessarily obvious on reading: "legitimate reasons" is not in the policy as a basis for demanding information. That's an important subtlety. They are a basis for determining when information should be considered in practice, as being "confidential". If you have a legitimate interest in a case, but you are not allowed to know the evidence - that's the bright line test that some information is non-public/confidential.

If I'm willing to tell everyone who has a half-decent reason for needing to know, what the evidence in case X was, and I tell the person involved, the others who might give evidence, any admin who wants to check it, then it's not "confidential". It's got all the review it needs, even if not * every * user has seen it. But the moment I tell some party who has a decent genuine reason to ask, "sorry, not telling you", that's when it needs to be treated as "confidential information" and the other provisions to protect users kick in.

Essentially it's an anti-trolling criteria: not everyone needs to know evidence (so preventing users who don't really have a good reason from seeing sensitive evidence isn't going to cause a major problem in terms of fairness), but all those with actual legitimate involvement or who habitually watch cases, do have a good reason (and not letting them know does mean that review is less effective than it might have been, and makes unfairness more possible).

If you post that the evidence is available to anyone who wants it, but you aren't going to say it publicly, and you do in fact make it available to those involved in the case, and all admins, and non-admins who watch ANI, then its not really "confidential" even if you didn't tell it to well known troll X or unknown dubious IP user Y or casually curious 300-edit user Z. It's going to get plenty of review by anyone who matters and wishes to do so, and anyone who wishes and has a good reason, can.

It's at the moment you make clear you're actually not going to tell it to some user who is involved, or has a legitimate interest either -- then you have to consider it as being "confidential" and you have to comply with these precautions and processes to ensure its fair and necessary.

That's the concept anyhow. FT2 (Talk 13:05, 21 November 2007 (UTC)


 * May I ask a clarifying question? In the example below, the Joan of Arc Vandal was not a known troublemaker until I wrote up a report on him.  This vandal had flown below the radar for two years.  I'd like to see some room in the proposal for major problems that weren't known before.  Or for gameable exploits that can't be closed on a technical level.  Can you accommodate that?  Durova Charge! 16:09, 22 November 2007 (UTC)


 * It's already in there: "If the evidence is accessible to problem users, disclosing it might give them more insight on how to circumvent identification."


 * Does that cover the point you want? If not, what's the policy point you feel should be added? FT2 (Talk 02:17, 23 November 2007 (UTC)
 * Thanks, sounds useful. Durova Charge! 04:25, 23 November 2007 (UTC)

My concern here
Rspeer's thoughts here are the same for a lot of people. This policy proposal makes it "legal" for Durova to keep doing "sleuthing", while retroactively justifying the method used to block !! in the first place. Therefore, I oppose the creation of this policy as it is essentially gaming the system. Kwsn  (Ni!)  12:42, 21 November 2007 (UTC)


 * rather, it is intended to clarify that such practices are authorized, but provide an organized way to guard against possible misuse of them. That's the very opposite of gaming the system: it's intended to prevent such gaming, and it would do so. Incidentally, I would be reluctant to increase the role of arbcom, when overload there is already a problem. The person most often providing confidential evidence has always offered to show it to any responsible WPedian, and has followed up on this. DGG (talk) 12:46, 21 November 2007 (UTC)
 * Then explain why I have not seen the entire evidence in my email inbox? Kwsn   (Ni!)  12:48, 21 November 2007 (UTC)


 * I understand the concerns about secret evidence and sleuthing. But please consider that sleuthing is here and has been here for a while. It's very unlikely that it will go away. Unfortunately, there has been nothing to prevent the creation and secret use of secret evidence. All we are trying to do here is provide some framework where such evidence will be reviewed before a block and to prevent the "sleuther" (if that's a word)from being the one who places the block. This changes the method of the block and under this proposed system what Durova did cannot be done. There is still some work to be done, but this proposal offers a greater level of protection than what we have now. Thanks. JodyBtalk 13:01, 21 November 2007 (UTC)
 * The thing is, this policy is going to end up one of two ways. One allowing secret evidence outside of channels that already use them (arbcom, oversight, and checkuser for the most part), the other banning the use outside of those channels.  Sad thing is, I can also see this becoming a stalemate because there are people on both sides that think they're right and won't move (example: me, I'm not really afraid to admit it).  Kwsn   (Ni!)  13:12, 21 November 2007 (UTC)

I'm not sure I follow that. The essence of the proposed policy is:
 * The moment you have evidence in a case that you want to claim is important and should be taken into account, but won't show (some involved party, all admins, anyone with a legitimate interest), then you have to jump a load of very rigorous hoops and you're completey responsible if you mess up with it, so these are things you need to check, communicate, and how you're expected to handle such matters if you still want to make a claim that some evidence isn't "public".

Those measure involve some exceptionally stringent requirements for checking, communication, proactive disclosure when possible, and disclosing weakness in evidence not just strength, and advise in fact to say nothing until you've asked someone like an arbcom member, who's got a load of independence and good judgement, what they think. The requirements for a user who feels important evidence can't be publicly presented are fair to all interests... but some of the most demanding of any policy we have.

Better for you? FT2 (Talk 13:20, 21 November 2007 (UTC)


 * Brings me to my second big concern, and probably the biggest one regarding this, what will happen in cases of abuse, it has to be similar to IAR in that it can't be fall back to block people for no publicly justifiable reason or similar (see where I'm going with that?) Kwsn   (Ni!)  13:28, 21 November 2007 (UTC)


 * No, I don't see where you're going. I assume you mean the abuse of this guideline? Remember that editors are expected to follow guidelines, and if they consistently fail to abide by them they could potentially be stripped of privileges, blocked, etc. If someone consistently blocks users using confidential evidence without consulting other experienced users, or without considering the faults of the information, or any other instruction included in this guideline, they could be sent to ArbCom and be stripped of administrative privileges, independent of the fact of the validity of the information. This would force them to send any evidence in the future to other neutral admins or the ArbCom for blocking. However, whether this guideline is sufficient to curb the Judge Dredd-type investigations is another issue still being discussed. - Mtmelendez (Talk) 14:30, 21 November 2007 (UTC)


 * I think people are being a little over-dramatic about confidential evidence. Durova has posted some samples of her detailed investigations, and many of us have seen others. The basic technique she uses is a careful lineup of all the contributions from all the possible parties. Her exceptional success in using this,is dues to her exceptional patience in the analysis. Sometimes evidence is truly confidential--anything that comes in my email is necessarily so, as are any details from checkuser, or anything that might disclose a real name. But most of the work is done without this.Let's not exaggerate the problem. 01:48, 22 November 2007 (UTC)
 * Would you mind posting a link to such analysis? So far, the only examples I've seen have been on the ANI sub-thread (or the !! example), which probably isn't the most neutral source. The reason I'm asking is that while I've heard a number of editors who I respect state their confidence in such techniques, I'd like to to examine it for myself (assuming it's posted on-wiki somewhere). Best, -- B figura (talk) 02:13, 22 November 2007 (UTC)


 * If it's an analysis performed on publicly available information, there's no reason why the analysis itself must be confidential. Is that the case with Durova's investigations?  I haven't heard any explanation as to why they must be kept confidential.--Father Goose (talk) 04:25, 22 November 2007 (UTC)


 * Not so. I have a good case in mind. I keep tabs on a well known vandal-warrior (WP:DENY refers). Ive tracked him some years now. He's a habitual reincarnator with several community bans and at least two arbcom bans on his record. He has to be identified without checkuser due to his sock work. I do regularly identify his latest aliases -- about 60 of them so far since 2005. The first thing he'd do with any evidence I or others published would be to use it to prevent us doing so. I do discuss the evidence in depth with other trusted users - typically crats, and those who are also know him well - and I watch till I'm sure, sometimes weeks or months, but no... just because the page is public doesn't mean that how a "bad actor" was detected from it is also public. For this sneaky vandal and reincarnator, that comes under the heading of "not a suicide pact". FT2 (Talk 06:17, 22 November 2007 (UTC)

Kwsn, might you be persuaded to reconsider your opposition? Different editors have supported (implicitly or explicitly) some pretty different standards concerning permissibility of confidential evidence. I think the big problem with the status quo is that there's no central set of community standards, so outliers are free to act as they please (within reason). We can't satisfy everyone entirely, but with codified standards I think we'll see less extremity being pushed on both sides of the issue. If you feel the proposal doesn't currently reflect a balanced view of the community, I hope you'll stick around so that we can ensure that it does. I suggest that after the proposal has had some time to mature, we conduct a straw poll with options like "I feel the standards for using confidential evidence outlined in the current proposal are too lenient," and likewise for too stringent. — xDanielx T/C\R 03:57, 22 November 2007 (UTC)

Reply to a request: examples
I've been asked to give examples for this discussion. So I'll start with examples that are already public and work from there.

The first in-depth investigation I did is documented at User:Durova/Complex vandalism at Joan of Arc. A single individual had been disrupting articles on the topics of Catholicism, Christianity, homosexuality, and cross-dressing for two years. Occasionally he had gotten blocked, but he kept shifting accounts and tactics and exploited the untraceability of AOL accounts until that loophole got closed.

The Midnight Syndicate arbitration case is another good example: Requests_for_arbitration/Midnight_Syndicate/Evidence. That was a business relationship turned bad in a gothic rock band.

The core of my method is to examine Wikipedia site history files. Most investigations are simple, but some rabbit holes are pretty deep. I may look through thousands of edits over scores of pages. Sometimes there's a smoking gun to be found: during the BooyakaDell investigation we had trouble getting a checkuser since the suspected sockmaster had been blocked for too long. So we looked at edit patterns. The suspected sockmaster, JB196, had disclosed his real name on his original account and wrote for some online publications. He liked to link to his articles and so did the new account. BooyakaDell claimed to be a fan of the real-life JB196. We spotted BooyakaDell citing the author by name on an article that had no byline.

JB196 has created over 500 sockpuppets. Obviously he isn't going to cite himself by name for an article that lacks a byline again. If the wikisleuths disclose every method we use to crack a case, then the people who set out to exploit Wikipedia will just get more skilled at it. Not a whole lot of people do this work. Have a look at what we're up against.

Thanks for working out clear parameters in the interests of the site. I'd like to know where the green zone is so I can respect the community's concerns while I do this work. Durova Charge! 06:09, 22 November 2007 (UTC)


 * Thank you for being so forthcoming. - Mtmelendez (Talk) 10:35, 22 November 2007 (UTC)

Unusually, I think it matters; repost copy of my comment in a previous section. I do a lot of work with 'warriors'. I wrote previously (and its relevant here):
 * I keep tabs on a well known vandal-warrior (WP:DENY refers). Ive tracked him some years now. He's a habitual reincarnator with several community bans and at least two arbcom bans on his record. He has to be identified without checkuser due to his sock work. I do regularly identify his latest aliases -- about 60 of them so far since 2005. And the first thing he'd do with any evidence I or others published would be to use it to prevent us doing so. I do discuss the evidence in depth with other trusted users - typically crats, and the few admins and editors who also know him well - and I watch till I'm sure, sometimes weeks or months, but no... how a "bad actor" was detected is not always public. For this sneaky vandal and reincarnator, that comes under the heading of "not a suicide pact".

Hope this comment helps here, too. FT2 (Talk 02:23, 23 November 2007 (UTC)

Evidence vs conclusions drawn from evidence
I mentioned this on WT:BP in relation to a small change to the text there, but I think it's worth saying here too: the use of confidential evidence in certain circumstances should not abrogate from the general obligation to provide reasons for making a block. --bainer (talk) 11:46, 22 November 2007 (UTC)
 * I think that's a given. Even if the evidence itself must remain confidential, ArbCom has to explain why they're making a block. It might help to explain that a specific piece of evidence was examined in a confidential manner, though. -- Kesh (talk) 13:16, 22 November 2007 (UTC)

Checks and balances
I hope we all agree that there are some investigations for which it is not appropriate for the investigators to disclose every detail to the general public. The reasons are varied, and many are given above so I won't recount them. I hope we also agree that there has to be accountability for actions carried out. To a certain extent these are competing needs. So the practice up to now is that accountability has been achieved in a way that preserves confidentiality, and yet provides the check on rogue behaviour that is needed. The community places trust (or should) in ArbCom to be that check here at en:wp... and project wide, the board has created the ombudsman process to add accountability. I hope that this proposed policy, whatever the outcome, preserves these general notions, as they seem appropriate to me. ++Lar: t/c 16:07, 22 November 2007 (UTC)
 * See also Arbitration_policy ++Lar: t/c 16:33, 22 November 2007 (UTC)
 * I think that the arbitration committee is a perfectly satisfactory body to make the final judgment, but it serves best when it is asked to deliberate on evidence rather than undertake an investigation on its own. As such I think that confidential evidence should generally serve as a complement to an ordinary arbitration process rather than as the basis for a secret hearing. Christopher Parham (talk) 00:11, 24 November 2007 (UTC)

Who will review?
I think I represent a proper understanding when I say that most agree a block should not be implemented by the person assembling the confidential information/evidence. It seems that most agree that evidence should be reviewed before the block. But we have not answered the question of who is a reliable reviewer? Nor have we determined how many people should review the evidence before taking action. I am creating two subsections for that discussion. JodyBtalk 17:01, 22 November 2007 (UTC)


 * I'm answering up here because I can't separate the two sub-questions. There are two reasons for a review.  One is political: to say that the detective and any other reviewers are uninvolved parties and that the circumstances justify keeping the evidence confidential.  I agree with the general sense that this should be an ArbCom member.  The other reason for review is to confirm that the evidence is compelling and justifies a block of the proposed length.  This review may take more time, and given the burden already placed on ArbCom members I see no reason for any of them to get involved at this level of detail.  It could be done by any administrator.  Finally, a fourth person (neither the detective or either reviewer) should actually apply the block.  This person need not have access to the original evidence, but would act on the statements of the others.


 * To minimize the possible appearance of impropriety, the detective should not ask specific individuals to take on the necessary roles, but should post notices (either the ArbCom mailing list or the admin noticeboard, as appropriate) indicating that s/he is working on a case with CE and requires assistance. If possible, this notice should include a description of the case (e.g., vandalism of Joan of Arc or vandalism by sockpuppets of User:Puppetmaster).


 * I'm not worried about raising the bar too high--I don't see this happening often enough for that to be an issue.


 * There's one other thing that just crossed my mind, keeping the Pollard case in mind. Should the accused have any rights here, such as being able to ask for additional review by an administrator of his/her choice?  Matchups (talk) 12:58, 23 November 2007 (UTC)
 * The accused editor retains all the usual rights for appeal. Nothing is taken away from him. This seeks to simply prevent one person blocks based on unreviewed evidence. After blocking he can request the block be lifted and state his case. JodyBtalk 13:58, 23 November 2007 (UTC)
 * I agree, but perhaps this needs to be made more clear. After all, what happens if someone uses confidential evidence to block someone as a sock of a banner user, then revert the comments of said user? -- B figura (talk) 14:59, 23 November 2007 (UTC)
 * On second thought, since the comments would be on the users talk page, a reversion is probably unlikely unless someone is really abusing unblock requests. Best, -- B figura (talk) 15:10, 23 November 2007 (UTC)

Who is a reliable reviewer?
Certainly ARBCOM members would be reliable in my mind. Are there others? JodyBtalk 17:01, 22 November 2007 (UTC)
 * Bureaucrats and stewards are possibilities, they have a mandate of trust from the community. Catchpole (talk) 23:03, 23 November 2007 (UTC)
 * Or people who work with the OTRS as well This is a Secret account 23:08, 23 November 2007 (UTC)
 * A reliable reviewer is an admin who will actually dig in and get their hands dirty in the evidence, while also looking independently for evidence that the facts are different than what was suspected. Admins have the necessary level of trust.  Any more trust than that is not needed, what is critical is the serious consideration of all evidence, not just that presented confidentially.  GRBerry 03:33, 24 November 2007 (UTC)

How many must review?
I would argue for at least two in addition to the person assembling the evidence. Is that enough? JodyBtalk 17:01, 22 November 2007 (UTC)
 * I'm somewhat afraid that if we raise the bar too high then peer review might become too much of a perfunctory process. One could imagine IRC conversations taking the form of "I'm gonna block this sock-troll-SPA, k?" / "Uh ya okay". I think one genuine review would be better than several of those. I think (somewhat tentatively) that 1-2 would be reasonable as a minimum, but would be reluctant to support something higher (again, keeping in mind that this is a minimum). Other thoughts? — xDanielx T/C\R 00:22, 23 November 2007 (UTC)
 * I see what you mean and I do not disagree. But remember, these reviewers will have to sign with the block so, hopefully, people will take the review serious. JodyBtalk 00:26, 23 November 2007 (UTC)
 * Aye, hopefully that will help. I just hope that predispositions don't play too big a role -- I've always thought that to be an issue with Template:Unblock. — xDanielx T/C\R 02:09, 23 November 2007 (UTC)


 * Won't it actually being the reviewers imposing the block, if we use the process outlined in the above section? (Where it states that the person accumulating the confid. evidence shouldn't be the person imposing the block). Best, -- B figura (talk) 05:20, 23 November 2007 (UTC)
 * Oh, yeah. — xDanielx</b> T/C\R 07:44, 23 November 2007 (UTC)
 * Agreed, having a reviewer place the actual block (or take other administrative action) is the best check and balance to ensure a serious review. GRBerry 03:36, 24 November 2007 (UTC)

Are we confident in the necessity of security through obscurity?
One of the provisions mentioned is "If the evidence is accessible to problem users, disclosing it might give them more insight on how to circumvent identification." Are we clear that this is really an important concern? In the most recent circumstance, the only insight I could see that a "problem user" might glean is that new accounts which know wiki-markup and know their way around Wikipedia might raise suspicion that that user has edited before under another username or as an IP. While I've never attempted to set up a sleeper account, my guess is that anyone who does would probably take this into account. Have there been other situations where investigative techniques alone (rather than privacy concerns in the evidence) are really so compelling and powerful that the need to keep them secret is more important than the need for transparency? JavaTenor (talk) 00:36, 24 November 2007 (UTC)
 * Well, given the present situation only, I would probably agree. But I envision this proposal as being created to avoid a future situation which we might not foresee at the moment. If there is a situation in which confidential evidence is a part, we will at least have a policy in place to properly deal with it. Regardless of the reason -- privacy or investigative techniques -- we need to be prepared to handle the material well. - JodyBtalk 00:44, 24 November 2007 (UTC)
 * I think this should go. There is nothing useful to be gained from keeping techniques for discovering abuse secret, and the potential for abuse and escalation of drama is vast. Zocky | picture popups 03:48, 25 November 2007 (UTC)
 * See comments above. At least one major sock-vandal who engages in sneaky damage, and probably others, are identified through experience of their previous aposts. The exact evidence is usually compelling. But in such cases security by obscurity is the only means that exists. So yes, as a practical measure I am personally, very clear as to the need and risk. See comment above on this. FT2 (Talk 13:08, 25 November 2007 (UTC)

Two Classes of Info
There also seem to be two classes of confidential information here: information that's truly private (names, identities, checkuser info, etc.), and information we'd like to keep out of the hands of deliberate disrupters. Is there any truly compelling reason that the second class of information needs to be held so close to the chest (i.e., ArbComm)? Couldn't it be emailed on request to individual users that the assembler has some level of trust in? I think this is somewhat close to how things are currently done, and I'd prefer this policy not hint that its okay to restrict pseudo-confidential information to ArbCom, just to keep it out of the hands of vandals. Perhaps some language like:


 * {| style="border:black solid 1px" width="90%"

Information that would can be released without harming the privacy of members of the community should be available by private email to trusted editors, on request. Trust may be defined by those assembling the evidence. Editors who ask for such information should be prepared to respect the confidentiality of the information, and not distribute it without permission.

This process in no way alleviates the need for a prior review of the evidence by ArbCom before blocks should be issued. Thoughts? -- B figura (talk) 02:45, 24 November 2007 (UTC)
 * }


 * I can't imagine that we would restrict the dissemination of information that the assembler wishes to make public unless it violates aleady existing restrictions (your class one material). If they wish to divulge their methods then that's sure fine by me. -JodyBtalk 02:52, 24 November 2007 (UTC)
 * Right, my concern is that our current Review section implicitly limits reviews to arbcom / checkuser / oversight. While I can certainly imagine cases where that restriction would be necessary, I'm not convinced it would need to be present in all cases. (And I don't think it should be hard to tell whether such restriction is needed, although I could be wrong, since I'm none of the above :) Best, -- B figura (talk) 05:29, 24 November 2007 (UTC)
 * Jody,as I understand your argument is that there has not yet been any case where disclosure of investigatory methods would actually require confidential information? In that case, what are we discussing? It would seem we have no need for this entire policy, there being no actual situation not covered by checkuser--and we could therefore simply terminate the discussion.  DGG (talk) 06:51, 24 November 2007 (UTC)
 * No DGG, not at all. In the most recent case we had a investigator who wanted a block and wanted to keep her techniques secret. I am sure there have been other such cases too and even more certain others will follow. Without commenting on the need for secrecy in this recent case, I would say we must have something in place to provide guidance should it occur again. I think this proposal, or something akin to it, it necessary. All I am saying to Bfigura above is that the person assembling the evidence can make his techniques public if he wishes. - JodyBtalk 13:08, 24 November 2007 (UTC)

This proposal doesn't add much at all really. It states that the user will disclose to "trusted editors". That is, presumably, editors the person trusts (since no further list of "people who must be trusted" is given). But that doesn't help. Of course a person with evidence will disclose it to someone they themselves trust. The issue here is disclosure to indepdendent reviewers that allow the community a measure of trust. This wording just says that essentially, they will show the evidence to the (few/very few?) people they'd have decided to show it to anyhow. FT2 (Talk 13:13, 25 November 2007 (UTC)

This already exists
For example, users can @ ArbCom instead of posting evidence.... --Piotr Konieczny aka Prokonsul Piotrus 05:00, 24 November 2007 (UTC)
 * Sure. Such users shouldn't be going around and blocking based on such evidence though, without ArbCom getting involved and doing the block (as we learned from the !!/Durova thing). -- B figura (talk) 05:26, 24 November 2007 (UTC)
 * Yes, this seems to be the simplest option. If you don't want to share your evidence, send it to ArbCom. Version 3 seems much the best. Tim Vickers (talk) 23:06, 27 November 2007 (UTC)
 * I'm not comfortable with ArbCom handling secret evidence when keeping such evidence secret is unwarranted. There are certain classes of information that are inherently sensitive (personal information, generally).  I accept keeping such information private and allowing ArbCom to use it if it is pertinent to a case.  But "secret conclusions" drawn from non-secret information are wholly unacceptable, whether they are reviewed by ArbCom or not.  So I endorse Version 3, provided it is not altered or interpreted to allow something other than inherently sensitive information to remain secret.--Father Goose (talk) 23:38, 27 November 2007 (UTC)

See also "KISS" below. Rklawton (talk) 23:27, 27 November 2007 (UTC)

My suggestion
I'd propose saying that the only two agencies justified in acting on secret evidence are 1) The Board and 2) The Entirety of the Arbcom. Secret evidence cannot be reviewed, so this really boils down to: who do we, as a project, trust to the extent that we cede any right whatsoever to review their actions?. Individual admins, and even fairly large subsets of admins clearly do not meet this criteria. Honestly, left up to me, I would prefer Arbcom not even be able to act on secret evidence, but that might not be feasible.

Also remember-- if secret evidence is needed to prove a case, than there is no active disruption going on. There shouldn't be any "emergency need" for immediate action based on secret evidence. Secret evidence is INCREDIBLY dangerous-- if anyone is going to do this, let it be arbcom and only arbcom. --Alecmconroy (talk) 13:19, 24 November 2007 (UTC)


 * At present, ArbCom does (and has in the past) act on confidential evidence. I'd be happy to continue that trend, and let them be the sole enforcers of confidential evidence. (Hopefully it would be so rarely used that this wouldn't prove a caseload burden). And I agree that if there's an emergency that necessitates immediate action, then a block should be made for disruption using public evidence (since if someone is being that disruptive, then there should be plenty of public evidence by definition). Best, -- B figura (talk) 21:36, 24 November 2007 (UTC)

Alternate proposal
I agree with the need for rules regarding confidential evidence but I disagree with the approach taken here. I feel that this proposal is far too restrictive on the use of such evidence, and editorializes to an undue degree that such evidence should not be used. Rather than getting into a dispute over the matter, or making bold edits that are sure to be opposed, I have written an alternate proposal based on this one, at Confidential evidence/alternate.

Before actually modifying or getting on the talk page there, could I please get some feedback about whether it's okay to make a fork like this? It seems to me to be the best thing to do under the circumstances. Unless there's a convincing objection I'd also like to notice the alternate proposal as well as this one to the village pump, the Durova RfC and ArbCom hearings, and any other appropriate places. (btw, to any administrator reading this, I initially created the proposal at the wrong place and then moved it to its present location - would you kindly delete that page?)

Thanks, Wikidemo (talk) 14:41, 24 November 2007 (UTC)
 * I would think it would be better to try and keep things in one place. Perhaps create a new section and put your proposals there. Otherwise, we end up chasing our tails over several pages. -JodyBtalk 15:41, 24 November 2007 (UTC)
 * My proposal would be that we replace the entire current proposal in favor of the one I wrote, or else reject it because it's unacceptable in its current form. About 70% of the verbiage would have to be deleted.  I don't see any way to do this incrementally as edits to the current proposal.  Wikidemo (talk) 16:19, 24 November 2007 (UTC)


 * You could, for example put a level 1 heading of "Original proposal" at the top and indent all other existing headings one level. Then add another level 1 heading of "Alternative #1" with your proposal underneath it.  Think outside the box!  GRBerry 17:24, 24 November 2007 (UTC)
 * I second that. I think it would simplify this whole discussion. In fact, I'm going to go copy it to this page now. -- B figura (talk) 18:40, 24 November 2007 (UTC)

Personally I think the current proposal raises the standards slightly too high for use of confidential evidence, but I feel that alternate errs to far in the opposite direction. The alternative seems to convey a message of using confidential evidence is fine when there's a reason to do so, but such use should follow these (relatively strict) guidelines, instead of confidential evidence should be used only when there's a compelling reason to do so, and should follow these (relatively strict) guidelines. Well to be fair, the #6 consideration does say the opposite (limit use as much as reasonably possible), but I think it should be stressed more than it presently is in the alternate. Whatever regulations we come up with in this guideline will likely be underexaggerated to some extent by those who act on private evidence, as our blocking policy sometimes is. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 20:07, 24 November 2007 (UTC)
 * I agree with Wikidemo that Version 1 is currently more wordy then necessary, but I think Daniel's right in that the policy should be strict. We shouldn't sacrifice transparency unless there's a really strong need to. Best, -- B figura (talk) 21:16, 24 November 2007 (UTC)
 * The new "alternative 3" seems to fit that bill, and it's short and sweet. I have no objection to that, so long as ArbCom is amenable to the task, has the bandwidth for this new function, and can act quickly (we can't wait the usual 2 weeks for ArbCom to decide if a disruptive sockpuppet should be blocked based on secret evidence).Wikidemo (talk) 00:37, 25 November 2007 (UTC)


 * Instruction Jump as distinct from the more usual instruction creep. We have the situation of someone making two mistakes, both promptly corrected. AN/I seemed very capable of dealing with the situation under existing rules. DGG (talk) 00:27, 25 November 2007 (UTC)
 * What existing rules? (I mean that sincerely, not rhetorically - how would AN/I deal with decisions regarding secret evidence)Wikidemo (talk) 00:37, 25 November 2007 (UTC)

Please convince me that this is right
The issue here, to drive right to the heart of the matter, is whether Durova's investigative techniques should remain secret.

I personally must start with the assumption that investigative techniques do not need to be kept secret (unless they are wrongful, at which point any secrecy becomes a cover-up). The justifications I've seen so far have been that if the vandals knew what behavior got them in trouble, they would avoid it, and be even harder to spot.

Isn't this what we want? Does it matter if a so-called problem user is out there covertly doing non-problematic things? Do we need to act at all except when destructive behavior is spotted -- and is there some kind of destructive behavior that is somehow unidentifiable or irreversible unless secret techniques are used? Why can we not rely on transparent methods of investigation only? (Note that I consider checkuser an adequately transparent method of evaluating privileged information.)

Convince me that "secret investigations" are not dead, dead wrong. I don't care if lots of people are in on the secret as some sort of check against abuse. I have not heard a single convincing reason why they should be secret in the first place. Convince me. Convince everyone.--Father Goose (talk) 05:32, 25 November 2007 (UTC)


 * It sounds like you may not want to be convinced. Actually, there is nothing at all wrong or prohibited with secretly investigating someone.  You do that every time you check their user page, talk page, edit history or log because you think something is fishy or you want to figure out who they are.  You don't exactly tell them in advance that you're poking around or get permission, nor would you ever tell them you suspect them of something before you gather some information privately.  So it's not the investigation, it's whether the information should be used as the basis for a block, ban, etc., and if it is, may it be kept confidential.  Most security systems are not so robust that they can withstand a clever attack by someone who knows the detail of the system.  Every police force has its plainclothes officers and undercover investigations.  If we publicize the exact method used to rule in or out whether a user is the secret sockpuppet of another, it would become simple for someone to create a sockpuppet account that would evade detection.  Wikidemo (talk) 09:38, 25 November 2007 (UTC)


 * Father Goose, this isn't about Durova except that Durova's episode pointed to the need for this proposal. Wikidemo is correct that confidential investigations take place routinely. We can pretend otherwise but it doesn't change that fact. What has happened should scream for the need for guidance. Whether this proposal is the right one I don't know. I think we are headed in a good direction. But as for me, I would prefer to be proactive rather than deluding myself into thinking this won't happen again just because we say so. There is nothing inherently wrong with confidentially studying editing patterns and commonalities to discover the troublemakers. What is wrong is willfully allowing these most recent events, with all the accompanying protestations, to occur and then doing absolutly nothing to prevent it in the future. I'd hope you would reconsider and help us draft a policy that contributes to the growth of Wikipedia. JodyBtalk 11:54, 25 November 2007 (UTC)


 * "...is there some kind of destructive behavior that is somehow unidentifiable or irreversible unless secret techniques are used..." if you allow that secret means "using knowledge that is not going to be explained publicly" then completely and utterly yes. I can confirm this, as can several others. There are indeed a number of destructive sneaky vandals and sock users, who are exceptionally damaging, and who would quickly swap one kind of highly damaging sneaky vandalism for another kind, or act to make their identification harder, if they were advised how their edits were to be identified. FT2 (Talk 13:21, 25 November 2007 (UTC)


 * Now that the RfC and arbitration case are under way, I am satisfied that these specific troubling uses of confidentiality are being questioned on a broad scale. The earliest versions of this proposal contained the assumption that such uses were acceptible.  It appears that the community at large does not share this assumption.--Father Goose (talk) 21:01, 26 November 2007 (UTC)

Would Secure by design prevent harm from block voting?
I fully support this proposal (that is the first version), and had recently considered initiating something like this myself. However, I am still a little uncertain of the concerns that users with second or multiple accounts would be gaining material potentially damaging to the project by the mere revealing of evidence because such evidence would enable them better to create a secret second account. I am quite naive as regards the damaging effects of users with second or multiple accounts, though my assumption is that this relates to block voting in order to push a certain point of view. My feeling is that if discussions on Wiki are locked into knowledge, reason and experience rather than tally counting, then we have less reason to fear users with multiple accounts. If a view presented in a discussion makes sense then it would make sense regardless of who presented the information, and that view doesn't get better or worse for being repeated. If a view presented in a discussion doesn't make sense or is harmful, then that view doesn't become less harmful by being reiterated by a handful of different accounts - regardless of who is behind the accounts. I am wondering, perhaps, if we didn't hand out guns then we wouldn't need to hand out bullet proof jackets and bandages. I'd like to see some tightening up of conclusions and decisions reached in discussions so that the incentive to create secret secondary accounts is lessened.  SilkTork  * SilkyTalk 10:25, 25 November 2007 (UTC)
 * Voting irregularity is only one of many possible problems arising from abusive sockpuppet accounts. Please take a look at WP:SOCK and related pages for some others - disruptive editing while avoiding the consequences, gaming article edits, stirring up trouble by trolling, hiding COI editing, etc.  Wikidemo (talk) 12:12, 25 November 2007 (UTC)

Proposed?
Eh? No. So I've marked rejected for now. If you'd like people to look at it seriously, leave off the tags. :-)

In other news, people think secret evidence is allowed at any time? Well, just don't try to use secret evidence while I'm around... grrr! --Kim Bruning (talk) 01:43, 26 November 2007 (UTC)
 * I'm not sure there's any consensus here, much less to accept or reject. I'm removing the rejected tags. -- B figura (talk) 01:47, 26 November 2007 (UTC)
 * For proposals: no consensus == reject.(and the odds of getting a consensus via the proposal method are astronomical). --Kim Bruning (talk) 02:09, 26 November 2007 (UTC)


 * I'd say it is more accurate to describe this as a set of related ideas than a proposal at this time. Marking as a proposal is more accurate than marking as rejected; marking as "several brainstormed drafts that may become a proposal" would be even better.  Do we have a template tag for that?  GRBerry 04:03, 27 November 2007 (UTC)
 * There is now. =] Feel free to modify it as appropriate. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 09:50, 28 November 2007 (UTC)

Review (again)
Can I have a check on people's views on one perspective that's come up?


 * {| style="border:black solid 1px; padding:4px" width="85%"


 * The issue is not the private collating of evidence (which happens often) nor even the decision to block based on private observations, or those made following private discussions.

The issue is the need that if action is taken (a block, an accusation etc), then the evidence must have some form of credible independent review whose finding is public and endorsed by the reviewer. If drama or doubt arises, they may possibly need to be open to a second review of the evidence after the action is public, by parties trusted by the wider community.

The reviews does not have to be by arbcom necessarily, but must be sufficiently credible and independent, that it can satisfy the community the conclusion was well founded to the point that individual editors and administrators would not need to see the evidence to check it for themselves.

Nonetheless, despite this, whatever idea can be given of the evidence, should be given, and any non-disclosure confirmed by the independent reviewer as reasonable too.
 * }

Thoughts? FT2 (Talk 03:18, 26 November 2007 (UTC)

I do not believe that this proposal is nearly strong enough. Even I can figure out how to game it, and I don't have the extra buttons. At a very minimum, I believe that all confidential evidence (i.e., that which is covered by the privacy policy or by OFFICE) bxvfgcgvęeing linked to an administrative action made by someone who is not acting on the basis of OTRS, oversight request or checkuser should immediately and without prior request be provided to the entirety of the ArbComm for review. Further, if there is a legal issue identified during the course of an investigation, this should be immediately and without prior request be sent to the Foundation and/or its legal counsel; this could include a proposed action plan. Individual editors and admins are not in a position to determine the best course of action in response to legal issues; law is often counterintuitive and well-meaning admins could place the Foundation in an untenable position unwittingly. Risker (talk) 03:29, 26 November 2007 (UTC)


 * Missing the point I think. Legal issues will always need referring to the office. We're mostly discussing textual evidence some people believe shows an editor is perhaps a problem. The underlying question we're trying to address is roughly:
 * "A block, ANI thread or sanction may be appropriate based on knowledge some user has. But if the community won't be able to see the evidence, then who will credibly and independently review it, and be able to confirm for the community without delay that the wiki-analysis is a good one, the evidence stacks up, the conclusion is fair, and the disclosure reasonable and honest?"


 * In other words, a flow like this:


 * {| style="border:black solid 1px; padding:4px" width="85%"

Policy:
 * Policy identifies a reasonable and trusted set of reviewers - could be crats, arbcom, oversighters (who see all information anyway), whatever. But a group of reviewers are identified to whom any user can safely submit non-public evidence for careful review.

Process:
 * 1) User/users identify a problem, and form a view the evidence should not be made available to all to review.
 * 2) Evidence is sent, and reviewed
 * 3) Response comes back agreeing to action, and confirming how much of the evidence should be publicized (or how much should not be). It also contains a summary for the public record of the reviewer's opinion and a (sanitized) description of the nature of evidence.
 * 4) Action is taken by the user
 * 5) Simultaneously or immediately after, a post is made by the user explaining the matter (as normal). The user explains the matter fully, but they also append the reviewer's summary in full to their post, along with the reviewer's name, disclosing the advice and opinion given.

The community now has a full description, by a named trusted independent crat/arb member/oversighter who has reviewed the non-public evidence and fully stated their view. They can also check the evidence was disclosed to the extent the reviewer stated. This meets the public need for valid good quality independent information on what has gone on.

If there is still a problem or need for a 2nd review, a second review can easily be held by mutual agreement - you'd probably need a short discussion to pick someone from the same trusted set whom everyone is comfortable with, eg different arbcom member or oversighter (or arbcom if no agreement) but that's going to be easy.
 * }


 * This fairly simple schemata ensures that any action based on non-public evidence, has an credible independent review publicized at the same time as the action is taken, without fakeability, and with a clear public statement of what the reviewer thought and what evidence should be made public, and the option for a 2nd credible independent review to double check.


 * I don't think this is quite as gameable as you might have thought :) FT2 (Talk 03:51, 26 November 2007 (UTC)

That is closer to a reasonable vision. Why not use this simplified version as the policy? It is the layers of complexity in the document on the project page that make it easy to game. Risker (talk) 04:04, 26 November 2007 (UTC)


 * I'd be tempted to specify oversight or arbcom (and possibly office??), plus crats if there is no oversight related issue, as our pool of valid reviewers. Any of these categories have the trust and standing to 1/ see anything anywhere on the wiki, private or not, 2/ review it competently, 3/ report credibly to the community on it. Plus if oversighters would be willing to be reviewers for such content, it helps avoid only burdening arbcom. Thoughts? FT2 (Talk 04:17, 26 November 2007 (UTC)


 * This flow looks plausible. GRBerry 03:59, 27 November 2007 (UTC)

Proposed draft

 * {| style="border:black solid 1px; padding:4px" width="85%"

(This summarises the process. No need to duplicate explanation and see also's etc)
 * style="background-color:#d8ffd8" |

--Review--

A user who wishes to take action or make a claim, to be justified in part or whole by information that will not be released to public scrutiny, must seek review from one or more reviewers of their choice before doing so, and disclose immediately the action is taken. Valid reviewers for this policy are:
 * Any arbcom member (or arbcom itself), any person with oversight privilege, and (for matters where oversight, office and similar privacy concerns are not an issue) any bureaucrat.

Reviewers must not have a prior involvement in the issue or a connected issue, or prior history with the user against whom action is proposed. Any reviewer who becomes aware they may face a conflict of interest must recuse.

--Process--
 * A user who may wish to take action to be justified in part or whole by information they are not prepared to release publicly, must not rely upon confidential information to support their decision, until they have approval of a reviewer to do so.


 * The user emails a reviewer of their choice with the evidence and (relevant parts of) the proposed case, and proposed action(s), and discusses the matter until the reviewer is able to give an opinion whether the information the user wishes to treat confidentially supports the points and action(s) the user wishes to draw from it. An above average certainty should be expected.


 * The reviewer sends the user a formal review of the case, as follows:
 * {| style="border:black solid 1px; padding:4px" width="90%"


 * Email from (reviewer) to (user)


 * 1) General discussion of the case etc, as they see fit
 * 2) Disclosure requirement (what is to be made public, what is legitimately not)
 * 3) Public opinion, containing:
 * Sanitized summary and description of the case and their opinion
 * Description/indication of nature of evidence
 * Opinion on evidence and what it shows
 * Clear description of how certain they feel, including any weakness, ambiguity or issues impacting on reliance
 * Details of any action(s) mutually agreed


 * }


 * The user is not compelled to act, but if they do, and if they wish to justify their action in part or whole by reference to confidential information, then they must:
 * Ensure all relevant evidence described in the email is disclosed, and
 * Disclose a complete copy of the public opinion, and the name of the reviewer, and notify the reviewer they have done so.


 * The community (or any three administrators) may request any other reviewer of their choice to review the same material and obtain explanations and information as needed from the user or first reviewer, to review the conduct, disclosures, decisions and actions related to the confidential information.

--Miscellaneous--


 * The user may ask more than one reviewer for an opinion, but should disclose to each reviewer and to the community if this was done. Users should only ask round for their own confidence and not just to 'forum shop'.
 * Any reviewer may consult and discuss the case and its evidence with any other editor who would have been a valid reviewer.
 * Arbcom may request at any time, a full copy of all evidence and all discussion from the user, or any reviewer.
 * The user and reviewers must respect the communal need for assurance and full discussion.


 * }

Thoughts on this one? FT2 (Talk 05:22, 26 November 2007 (UTC)
 * Don't we need to specify that the block is placed by a reviewer and that the person assembling the evidence along with the reviewer are named in the block announcement? JodyBtalk 17:27, 26 November 2007 (UTC)
 * On reflection whats missing is a "this is the proposed sort of sanction" and the reviewer's comment on if it's okay or (if not) what would be. Provided the user doesn't get to choose an arbitrary sanction, that process is better. Policy proposal updated x 2. Nice "catch". FT2 (Talk 08:18, 27 November 2007 (UTC)


 * Looks plausible. To Miscellaneous point #1 I'd add that later reviewers should receive a copy of the prior review.  For requests prior to receipt, disclosure is sufficient, if feedback has been received then that feedback is also important for later reviewers.  GRBerry 03:59, 27 November 2007 (UTC)
 * Shouldn't be needed. Suppose the user wants independent advice? The 2 reviewers (or the later one at least) knows of the other and has permission to discuss with them if they wish, without needing to ask# further. That should cover it, if they want to ask what advice was given, or confer, for example. FT2 (Talk 08:21, 27 November 2007 (UTC)
 * In light of recent developments elsewhere, I wonder if it might be possible to add a clause to the effect that reviewers could include "any other person (not including admins) who are viewed as being knowledgable about either the procedures involved, or, less favored but still acceptable, the history of the content in question." I add this clause because it could be possible that for one or the other criteria selected above, it might be the case that the uninvolved party who would be possibly the first choice as a reviewer might be someone like, for instance, User:Yomangani, who seems to be trying to withdraw sysop priveleges, someone who has explicitly chosen not to be an admin but is otherwise trusted anyway, or any number of other reasons. They might be the best potential choices in cases where the actions in question deal with a particular subject, and the person most knowledgable about that subject is highly respected but isn't currently an admin for whatever reason, as an example. The involvement of such an individual generally shouldn't be seen as meaning an admin or two shouldn't also be contacted, though. John Carter (talk) 16:09, 27 November 2007 (UTC)

Factual evidence
I'm not clear on the exact meaning of the Factual evidence paragraph of the Careful handling and judgment section. Wording: '''Factual evidence. The matters confidentially disclosed should be factual, based on evidence or strong likelihood, with flaws and questions disclosed as the matter progresses.' Is this saying: Factual evidence. Any material that is not presented should be factual, based on evidence or strong likelihood rather than interpretation.''? And if so, shouldn't this be saying: ''Factual evidence. Any material should be factual, based on evidence or strong likelihood rather than interpretation.'', regardless of the fact that the material is being withheld or presented. Or is the suggestion that speculation is acceptable as long as it is out in the open for people to openly discuss, but when the material is withheld that speculative evidence is not acceptable?  SilkTork  * SilkyTalk 13:23, 26 November 2007 (UTC)

For consideration: Sources
This article focuses entirely on Confidential evidence in Wikipedia-related matters. When reading this on WP:CENT, I immediately thought of something else: whistleblowers. People with access to sensitive information they do not want associated with their name, but do want to be available to the public. Usually, these people go to the news media. However, as Wikipedia's name spreads and the number of readers increases, one could very well be contacting a Wikipedia editor in the future. What to do then?

Though the above question is the main question I think this page needs to answer, I want to point out that the above is not entirely distinct from what the page currently answers. Whistleblowing, or, more specifically, the use of confidential sources in the article space, is most likely to occur in Wikipedia-related matters. For example, thinks like the Essjay controversy could very well have presented difficult problems with confidential evidence. User:Krator (t c) 23:21, 26 November 2007 (UTC)


 * I don't see that as being an issue. Verifiability is a core policy. Unless the material can be attributed to a reliable published source we don't use it - or remove it (oversighting if needed) if it does get put into an article. WP is not a newspaper looking for a scoop - we'd wait for the media to publish the story, and then - if notable enough - we could create a suitably sourced article on the topic.  SilkTork  * SilkyTalk 08:13, 27 November 2007 (UTC)

KISS (Keep It Simple)
Complex investigations are challenging enough without tying an admin's hands even further with yards of red tape. As a result, I suggest a variation on proposed version 3.

I believe an admin should be free to use secret evidence to warn, revert, or block as the admin deems appropriate. But... upon request from any other admin the admin with the secret evidence must turn it over to any requesting admin OR turn it over to arbcom (per v.3) OR recuse themselves from further involvement in the matter. Rklawton (talk) 16:20, 27 November 2007 (UTC)

Even simpler: No secret evidence. This is a complete turnabout from the days that "offwiki information does not have play onwiki". If you think something requires confidential evidence in the first place, there's something seriously seriously wrong. Sure, maybe it needs to be handled, but it should be handled like the exceptional case that it is. We don't need to make up new rules for this. (That and wikipedia is NOT a bureaucracy.) --Kim Bruning (talk) 16:29, 27 November 2007 (UTC)

Comments

 * Yes, KISS. A 3000 word guideline is absurd and unworkable.  Editors will soon get to the point they have to engage WP attorneys and paralegals to decipher and manage all the WP legalish "Chapter X. Section LVIII. Article XYZ" arcana tucked all over wikipedia.
 * No, an admin collecting "secret evidence" should not also serve as enforcer. Admins should not act as both Detective and Judge.  If one party thinks they have evidence, another independent admin (ie not their joined-at-the-hip IRC "best-buddy") should review it and make the call.
 * No, no editor should feel particularly "free to use secret evidence" against others to begin with. The most recent madcap admin "secret evidence" melodrama that unfolded reveals again how dumbfoundingly mental people can behave while caught in the pumped up thrills that come with "trading secrets".
 * 1) No claim to being privy to "evidence which must remain secret" should ever be sufficient justification for an admin action, nor from shielding the assessment process from the community. Again, the recent melodrama reveals that though admins deserve the benefit of WP:AGF when judging their motives, this does not mean they are granted carte blanche for their actions.  No admin can be allowed to offer "you have to take my word for it" evidence against another editor.
 * 2) "Secret evidence" should be limited to "keeping personally revealing information in the evidence secret". The methods used should not be any closely held secret.  It's only by bringing these so-called "methods" out into the light can their true merits (or "lack of") be judged.
 * sigh -- Professor marginalia (talk) 18:50, 27 November 2007 (UTC)
 * First, admins act as detectives and judges every day. For example, if I see edits that look to me like a vandalism spree, I block the editor from editing for a duration of my choosing.  Next, the approach I recommend enables methods to come to light but only to a trusted group (admins & ArbCom).  If the methods fail to come to light, then the admin's actions can be undone. Rklawton (talk) 21:16, 27 November 2007 (UTC)
 * Reply: a) Vandalism sprees are not secret, hidden evidence
 * b) What explanation can there be why transparency is so valuable to most every aspect of the project, except in accusations against other editors? Why is "sealed evidence" adequate to accuse another editor?  Isn't every editor due the same good faith as "trusted" admins, every editor who has contributed their time to this project also deserving of an opportunity to share evidence in their own behalf with the "trusted group"?
 * Hasn't the recent episode illustrated that a process just as you've described leads to "cliquish" us-vs-them rivalries, charges launched with the flimsiest of pretexts, admins operating like RPG players in melodramatic spy games, CYA cover-ups which leave the whistle blowers the job of setting things a-right, while the aggrieved are treated as trolls if they complain, and of course, brand new entertainment for the scandal mongers to revel in? Let's learn something in its wake.  It's important to be constructive, but also it's important to be realistic.  Hasn't the "process" you describe already shown much of itself?  Doesn't it take more to persuade editors these methods have any value?  The lesson should be that more scrutiny, not blind trust, is the better plan because people tend to rationalize all kinds of obvious improprieties so long as the lights are out, and then it gets embarrassing and super messy when grown-ups burst in to turn the lights back on. Professor marginalia (talk) 23:51, 27 November 2007 (UTC)
 * I don't disagree. However, I can imagine that there might be some situations where it is to everyone's advantage if certain damning evidence is not indicated on the page. For instance, if each of my million socks have a regretable tendency to use certain unusual words, it doesn't make a lot of sense to alert me to the fact that tendency has been noted, does it? The police regularly engage in keeping private certain potentially useless pieces of information to prevent false admissions of guilt, and I can see that doing the same thing here makes sense as well. However, I do think that having individuals, including ArbCom, admins, or anyone else who is particularly knowledgable about a given subject involved in such evidence gathering. I acknowledge that this can create difficulties, but think that, for at leat some information, it does make sense to not divulge the information used in some cases. I agree that only a very little such information should ever be kept private, and only at most a specific point or two in individual cases, though. John Carter (talk) 00:01, 28 November 2007 (UTC)

Is this now moot?
Based on a principle coming out of the arbcom case that started all this, I'm wondering if this proposed policy has been made moot. From one of the proposed (and certain to pass) principles:"Users are responsible for the editorial and administrative actions they undertake, and must be willing and prepared to discuss the reasons for their actions in a timely manner. If a user feels that they cannot justify their actions in public, they are obliged to refrain from that action altogether or to bring the matter before the Arbitration Committee. This does not apply to users carrying out official tasks as authorized by the Foundation or the Committee (including, but not limited to, CheckUser, OverSight, and OTRS activity)"So, is there more to discuss here? In my reading, the arbcom ruling would seem to state that confidential evidence must go through arbcom (barring checkuser / oversight). Thought / criticisms / beatings? :) -- B figura (talk) 03:34, 28 November 2007 (UTC)
 * I think it's a wonderfully calm, even-handed decision. I am a little useasy that they have in effect legislated policy in a way that trumps consensus, although the outcome itself is cleaner and a lot simpler than we could have reached here.  So I'll make the proposal, below.  Wikidemo (talk) 10:48, 28 November 2007 (UTC)
 * It's difficult to predict the future, but fairly or unfairly arbcom is already under a cloud in the whole affair due to so far unsubstantiated insinuations from the blocking admin that arbs had supported the action before it was taken. There is no reason at all anymore maintain any secrecy about this affair except to protect those involved in the whole hair-brained scheme from accountability, and the silence is further corroding the relationship between admins and nonadmins.  One of the consequences of these "secret" doings is the erosion of confidence in arbcom.  With this kind of trust must come full accountability, but there's understandable reluctance to hold admins fully accountable for mishandling that trust. Professor marginalia (talk) 13:11, 28 November 2007 (UTC)

Should we reject this policy?
The arbitration case that triggered this discussion is almost over, and has already garnered the necesary votes to pass this provision:
 * Users are responsible for the editorial and administrative actions they undertake, and must be willing and prepared to discuss the reasons for their actions in a timely manner. If a user feels that they cannot justify their actions in public, they are obliged to refrain from that action altogether or to bring the matter before the Arbitration Committee. This does not apply to users carrying out official tasks as authorized by the Foundation or the Committee (including, but not limited to, CheckUser, OverSight, and OTRS activity).

Without regard to the role of ArbCom precedent, or whether we could in theory adopt a policy contrary to an ArbCom ruling, I propose that this ruling is a good one that solves the problems we were working on, so we should simply adopt it. Therefore, let's wait until the ruling is officially announced, then close this discussion with a decision to endorse that paragraph and seek to place it in an appropriate section of WP:BLOCK and perhaps WP:BOLD. What do you think? Wikidemo (talk)


 * I agree that ArbCom's ruling potentially solves the most immediate and important problem. But I still think this page should not be rejected outright. As a policy, yes. I never thought this page would be one. As a guideline, maybe. With ArbCom's ruling, it may be moot as mentioned above. But it's a potentially useful page as an essay for new administrators to consult during difficult cases. With ArbCom's ruling, the current version may need a significant re-write, but it could provide the perfect balanced essay, providing information, context, background history, and rationales, to support ArbCom's ruling.- Mtmelendez (Talk) 12:03, 28 November 2007 (UTC)


 * I'm very skeptical this ruling is sufficient. From the moment the block was challenged, the blocking admin volunteered to submit the evidence to arbcom, but also claimed the evidence for blocking had been passed by some of them before the block was passed.  Wrongly accused editors still don't have fair opportunity to defend themselves.  Mistakes can be made in any context, that's to be expected.  What's corrosive to the community is that when admins go too far, those who complain feel pressured to accept the aspirins offered to them, and beyond that, it's really "none of their business" how it happen in the first place.  The more the power shifts to admins and arbcom, the more messy conflict the community must continue going through to get important concerns to be taken seriously.  This situation began with a very stupid block resulting from a very stupid "secret method" that was defended as having at the outset unreserved support from a group of admins, including some in arbcom.  As events have unfolded, just who supported it remains unanswered, while in the aftermath too many admins are busy running around like keystone cops pasting up more block warnings in the "be quiet" and "don't you tell me to be quiet, you be quiet" squabbles, perhaps only underscoring just how inadequate the process is to addressing concerns about secret evidence.  Professor marginalia (talk) 14:19, 28 November 2007 (UTC)
 * That is an inacurrate characterization. Durova Charge! 19:53, 29 November 2007 (UTC)
 * I really did not intend to spread the messy dispute to yet another tuck-away talk page - there are enough already. If the assessment is inaccurate, then I must be forgiven.  I wasn't involved, I'm not on any private hush-hush "for-your-eyes-only" wikiwacky listserves, and I won't devote a full week of 24 hr days on clandestine diff gathering against "suspicious persons" for a complete account of who-said-what-to-who-when.  The whole thing has been a disaster; it has not ended happily for anyone - and this is not about pointing fingers.  I think the community needs to explore what it wants here.  Does it want to continue to treat such conflicts as just simply a "necessary cost of doing business" + "mischief-making by provocateurs or lust-for-power troublemakers"?   Or is this perhaps the symptom of some kind of fundamental dysfunction or vacuum within the current structure that could either be prevented from recurring or more satisfactorily resolved in the future through proactive community invested policies rather than reactively via arbcom setting "case law" and imposing editor sanctions.  It is my own opinion, perhaps mine alone, that when really fine editors keep getting caught up in excruciating and mega-sized crash-and-burn conflicts that just continue to escalate even as others try desperately to put the fires out writing up the WP:AGF and WP:CIV tickets, we need to quit pretending to ourselves that nothing more is needed to keep the ship afloat than simply the rules about playing nice together on open wiki. Professor marginalia 16:27, 30 November 2007 (UTC)
 * Maybe I'm splitting hairs here, but all that is said is that one must be willing to discuss one's reasons in a timely manner. That doesn't define what "timely" means and being willing to discuss something doesn't necessarily mean that one will be obligated to discuss it with anyone who asks. Personally, I would like a bit more clarification on what the ArbCom is actually implying will be policy in future events. However, I don't see, given the existing phrasing, that the "confidential evidence" is even close to being a moot matter in its entirety. John Carter (talk) 14:24, 28 November 2007 (UTC)


 * It can't hurt to spell out a communal view of the subject, although the only version I (and maybe others) support is version 3, which does little more than iterate existing and largely uncontroversial uses of confidential evidence or actions. But again, there's no harm in that.


 * Would it be all right if we "adopted" version 3 right now and discussed what points from versions 1 and 2 (if any) ought to be added to it?--Father Goose (talk) 17:47, 28 November 2007 (UTC)
 * My only concern with V3 is the 'emergency' clause. I'm not sure I understand the need for it. My reasoning is that if a user is being disruptive enough to constitute an emergency, then there should be plenty of evidence 'out in the open' for which a block can be issued, without recourse to confidential evidence. Thoughts? I'm also not sure we need to rush to any conclusion in particular, but I do like V3 the most thus far. Best, -- B figura (talk) 00:04, 29 November 2007 (UTC)
 * It's always possible to imagine specific cases where it might be an "emergency" of one sort or another (like, maybe cases of harrasing other editors to the point of their leaving or suffering other damage, before elections, shortly before the release of a new movie or album, and the like). Not saying the situation would necessarily ever arise, but it could potentially, so I'm guessing that such a clause should probably stay in some form or other. And although I'd personally like to see it being more detailed, I'm not sure if we could anticipate all the possibilities well enough to include them all in advance. John Carter (talk) 00:11, 29 November 2007 (UTC)
 * (edit conflict) Version 3 is not detailed enough. Version 1 is more carefully worded to give fuller explanations allowing a deeper understanding to enable decisions to be reached for awkward situations. And for the same reason, this guideline (version 1) is a more useful torch in the dark than the ArbCom proposed principle which shines brightly, but doesn't point the way. "prepared to discuss the reasons for their actions in a timely manner" with whom? And "a user feels that they cannot justify their actions in public" is not saying the same thing as "evidence that may be used in questioning or condemning another user's activities on Wikipedia should be presented on the wiki itself, so that everyone may see it." In the first we have the notion that if challenged the evidence could be discussed, in the second we have an obligation to present the evidence itself as part of process.  SilkTork  * SilkyTalk 00:18, 29 November 2007 (UTC)

Reading through the points made since my first comment in this thread, I am now probably in favor of rejection/cancellation of this proposal. We are likely to either constrain the use of confidential evidence too much or too little. I'm not aware of any particular controversy over the use of confidential evidence aside from the present Durova controversy, and that use is being rebuffed in arbitration and elsewhere. If we are not faced with any continuing, systemic abuse, we can probably leave things the way they were, with the arbitration case serving as a cautionary tale regarding the use of confidential evidence in general.--Father Goose (talk) 02:29, 29 November 2007 (UTC)

I don't think the ArbCom ruling is sufficiently comprehensive. Whether the community could adopt a policy in conflict with an ArbCom ruling is an interesting question &mdash; I'm inclined to suggest that a comprehensive, detailed analysis of the issue by ArbCom should cause us to regard any such decisions as inviolable, but I would certainly hope that they would not shun community efforts to develop a more elaborate process based on informed consensus. Regardless, though, I think the ArbCom motion leaves us free to lay out guidelines on the use of Checkuser and other special tools. See here/here for an example. If we decide to continue with this proposal, I suggest that we aim for guideline status instead of policy. If we can't agree on any other direction to take, I suggest that we archive the proposals, then replace the main page with a neutral summary of the ideas that have been expressed and the community's response to them. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 02:36, 29 November 2007 (UTC)


 * What are your concerns with the Veesicle examples?--Father Goose (talk) 03:23, 29 November 2007 (UTC)
 * Nothing too significant &mdash; in that case several checkusers eventually expressed agreement, so whether or not they deviated from the community-accepted standards with regard to banning policy, I'm sure the decision couldn't have been unreasonable. What I find somewhat upsetting in that instance was the no-big-deal attitude involved in indefinitely banning for essentially undisclosed reasons. Using eight-word-long rationales while handing out indefinite blocks doesn't breed faith in the administrative network, at least in my view. Timeliness is a legitimate consideration, but such excessive perfunctoriness isn't necessary. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 06:01, 29 November 2007 (UTC)


 * I agree with that, though that should be addressed on WP:BAN, not here.--Father Goose (talk) 18:43, 29 November 2007 (UTC)


 * I'm not sure I like leaving things just the way Arb Com put it--but I see no possible chance we could conceivably agree on any more detailed guideline. I suggest we leave this for the time being. DGG (talk) 10:04, 30 November 2007 (UTC)

v4
There was a version above that seemed to be considered by some, useful and not too wordy or complex, but effective.

I've tidied it up and added it as version 4, in case it's a good balance. I also cut it down somewhat so its fairly short. (For this sort of thing)

The arbcom ruling probably doesn't change that we'd be best to have our own view formed.

Thoughts? FT2 (Talk 01:54, 1 December 2007 (UTC)


 * Seems reasonable on a first reading, though I wonder if it does enough to address the " naturally occurring small social groups " concern. Or is that impossible to avoid, given the small size of the specified "reviewer" pool?--Father Goose 07:12, 1 December 2007 (UTC)


 * I think I'd trust oversighters, crats and arbcom, if uninvolved and with no prior connection, as reviewers. The safeguards built in are simple but very strong:
 * The community (or any 3 admins) can require a second review, by a reviewer of their choosing (which can include arbcom).
 * Arbcom can ask for sight of the material at any time "upon request" (eg if there is still dispute).
 * As a group, oversighters, crats and arbs are each widely trusted as a whole already, on decisions requiring integrity and judgement.
 * Reviewers can disclose and discuss with any other reviewers they feel would be sensible to recheck with (it's not necessarily limited to the one person the user has chosen).
 * The community sees the opinion openly (which contains a very firm set of "things that need confirming" so it is highly transparent)
 * These are simple, but very strong safeguards. Note also that discussion is envisaged if necessary, before a view is formed. FT2 (Talk 15:01, 1 December 2007 (UTC)
 * I think that's a nice effort and goes in the right direction. The two main critiques are first, that it should only apply to administrative actions (or actions that might negatively affect other users) rather than any actions.  For example, you can put a new image on your user page based on "secret evidence" that your friends will like it, and that's no problem.  Second, I think the "process" section is too detailed and perhaps not necessary.  ArbCom expressed in its ruling that all confidential evidence has to go through them, so it wouldn't seem to admit any other independent reviewers, not even a subset of ArbCom.  So might as well just throw it all to them, and let them use their own procedures to deal with the cases.  They have their own system for recusing themselves and otherwise avoiding conflicts of interest and that's a matter of ArbCom self-management, not just the evidence policy.  There are also a few minor tweaks to standards and wording.  For instance we should require that the reviewer reveal their primary Wikipedia identity (and not a sockpuppet or alternate account) but nobody here is normally required to reveal their true real world identity.  Beyond that I'm not convinced we need a policy at all in view of the ArbCom ruling.  Perhaps confidential information is not a common enough issue/problem to have yet another Wikipedia policy.  Wikidemo 15:40, 1 December 2007 (UTC)
 * Note. In view of the ArbCom clarification referenced below that we're free to make up our own policy, I still stand by the above, except that I think it's useful to ratify the decision in some form by placing it on a policy page, probably not a new stand-alone one.  I still think we should just throw these cases to ArbCom and let them use their own conflict avoidance and case management rules to handle it, rather than legislating new procedures for ArbCom.  However, it might make sense to widen the circle of trusted reviewers to also include oversighters, etc.  Wikidemo 09:23, 2 December 2007 (UTC)


 * To follow up on my earlier comment about "small social groups", there have been cases where one entrusted individual has taken inappropriate actions on another's behalf; I guess I shouldn't bother dragging up other controversies that have circulated lately, but it's fair to say that I trust a review board much more than any individual member of such a board.--Father Goose 03:47, 3 December 2007 (UTC)


 * So, to actually make a point here, I reject Version 4 in its current form. Submitting evidence to only one reviewer does not provide adequate safeguards.  The  submitted by Random832 below is the correct approach.--Father Goose 19:46, 3 December 2007 (UTC)


 * I think I concur with Father Goose. One reviewer isn't adequate, regardless of who that reviewer is. I like Random's approach for elegance, but I'd also be open to requiring a larger number of arb/checkuser/etc reviewers. -- B figura (talk) 23:40, 5 December 2007 (UTC)

Note (Arbcom clarification)
No arbitration ruling should be construed as to prevent or otherwise hinder the development of new policies or the changing of old policies, unless the committee has made a specific declaration to the contrary. In almost all arbitration rulings the committee merely states policy as it presently understands it, and reconciles or resolves unclear and/or conflicting policies. Mackensen (talk) 21:44, 1 December 2007 (UTC)


 * This follows the referral of Durova #3 to Arbcom for clarification. The following questions and (to date) two replies were made (rolled up so we don't lose the thread of discussion of the proposal):


 * Summary of clarifications (as I understand it):
 * By tradition, Arbcom (and a few other specialist groups) has the authority to take actions based on evidence that, for various reasons, cannot be revealed to the community as a whole.
 * Other subgroups of the community do not have a right to take action without suitable explanation being made that meets community expectations. So in general for other matters, it's iup to the community's to decide the sort of explanation that would be sufficient, what degree of detail, who disclosure should be made to, etc.
 * Arbcom rulings reflect present policies and norms; unless explicitly stated they should not be taken either to create new policy, or change existing ones, although they can reconcile conflicting requirements.
 * Judging by the above, Arbcom doesn't intends this ruling to relate to every last thing not on the public record that backs up an admin or user decision. In particular, it is not intended to make Arbcom into "sockpuppet clearing house central". Administrators dealing with sockpuppets whose "give away" signs can't be made public can for example explain some points, such as the banned user's name, or seek review by other sysops, or the like. Commonsense applies.
 * No arbitration ruling should be construed as to prevent or otherwise hinder the development of new policies or the changing of old policies, unless the committee has made a specific declaration to the contrary. above
 * The community is entirely free to develop a policy to handle matters involving confidential evidence (within reason).
 * FT2 (Talk 22:15, 1 December 2007 (UTC)
 * Thanks for the pointer. That's helpful.  Wikidemo 09:18, 2 December 2007 (UTC)

Idea
How about a simple rule: Evidence should only be limited to those to whom it is actually limited (i.e. evidence involving only contributions and logs must be provided to everyone, evidence involving deleted material should be provided to all admins, evidence involving checkuser information should be provided to all checkusers, etc.), rather than claiming that the "arrangement" of evidence is somehow more confidential than the evidence itself. Let the thing speak for itself; if you cannot, there is far too great a risk that it doesn't actually say what you think it does. If you feel you have to put together an evidence page, your block automatically deserves more, not less, scrutiny than one that does not need one. —Random832 14:09, 3 December 2007 (UTC)


 * I think I agree. Isn't that more or less how arbcom interpreted the idea of confidential evidence? That is to say, that only truly privileged (checkuser/oversight/office) evidence should be the basis of action. The only difference I see is that ArbCom said you can send non-privileged but confidential evidence to it for action. (Although hopefully if ArbCom did decide to act on something like that, they'd give it a thorough review). Thoughts? -- B figura (talk) 23:27, 5 December 2007 (UTC)


 * Doesn't work in the real world. Unfortunately. The problem is, from experience of really bad sock users, you don't even want to tell them which aspects of what diffs were used to ID them, because they'll promptly reincarnate and make themselves even more untracable elsewhere. Review and ability for the community to easily get a trusted 2nd opinion from an independent source of their choice, is a good 2nd best. Unfortunately nobody has yet come up with a better way that works in practice, that 1/ prevents the damage these people do and 2/ allows good certainty that the evidence used is fairly, carefully and independently assessed. Whatever is chosen has to work in the real world. Unfortunately. Like you I wish we could make "complete disclosure of everything" work. But nobody's found a way for these kind of damaging editors. I wish one were found. Until then, this. FT2 (Talk 03:27, 6 December 2007 (UTC)


 * The claims of harm here are exaggerated. I see a greater harm in insufficient scrutiny of administrative actions than in forgoing secret trials.  Many have said over and over that vandalism will destroy Wikipedia, and of course it hasn't, and there's no sign that it will.  I flatly deny that Wikipedia can't protect itself from these "really bad sock users" via its existing open methods.  Bad behavior is identifiable and addressable; all other behavior can be and should be ignored.  I reject your insistence that only confidential investigations can protect us.  The reaction to the recent Durova episode should make it very plain to you that few people agree that Wikipedia has any need to keep secrets in cases like these.  We reject it.  That option is off the table. Capisce?--Father Goose (talk) 19:36, 6 December 2007 (UTC)


 * This is the "real world" at WP. This is what editors are told: That there is an "anyone can edit" policy and no one is required to adopt a user account to do so.  That non-disruptive socks are allowed if used for completely legitimate editing.  That the community acknowledges there are many good reasons one might want to abandon a user name and take another.  That there is a strictly defined, (though it's frequently abused), policy against using checkuser to "fish".  That there is strong enforcement on the WP wiki for WP:AGF and WP:CIV.  And they are told, the WP is a consensus building process, that there is full transparency, and stealth canvassing undermines the project and is thus strongly disapproved.


 * But this is what editors are not told. They are not told IPs and new users are "suspicious persons", and frequent victims of WP:BITE, even by admins, and will frequently be reverted just because they aren't viewed as worth the time to honestly consider if there is merit to their edits.  They are not told that it's okay to abnegate assume good faith, civility, and stealth canvas in the normal course of WP business with other editors and admins in the IRC and various threads at wikia.  They aren't told that though assurances are given that checkuser is used only with extreme caution, very little caution is expected of admins who ban an editor as "abusive sock" while bypassing checkuser altogether.


 * This is a 100% surefire recipe for increasing the level of abuse against honest and well-meaning editors, and for contributing to the problem of admins who become, quite frankly, bullies. And capping it all, after the controversial email was copied to WP, many who found it inexcusable to publish it here were at the same time adamant that it was better for whistle blowers to take such evidence public on other websites, including the WR!  That example, like others I listed above, appear to be little more than encouraging WP:GAME so long as it is played off-wiki.  And ironically, this game just relocates WP transparency to the kinds of websites accused of generating the trolls ostensibly necessitating all this paranoid "intelligence gathering" in the first place. Professor marginalia (talk) 17:05, 7 December 2007 (UTC)


 * I'm somewhat torn here. To agree with father goose: I'm still not really convinced by the 'really bad sock' argument. If the sock in question is being disruptive, then it can be blocked for disruption, without having to utilize any sort of secret sock analysis evidence. However, I still think there is a remaining issue of what to do about vote-stacking types of behavior. (Or where the individual actions of each sock aren't the problem, but the combined effect is disruptive). I think WP:SSP is the answer though, rather than some sort of confidential review process. (I guess I'm not quite convinced by the "they'll learn" argument, are there any good examples floating around that I should look at?) Best, -- B figura (talk) 17:27, 7 December 2007 (UTC)


 * I'd like to agree, but I can't. The broad problems we agree on, but I'm perhaps discussing specific cases you aren't aware go on. I feel there's an element of "we don't see it so we don't know it happens".


 * Let's get clear what we do agree on. We do agree completely, that unsound accusations, by groups with no mandate, based on evidence unchecked by those the community trusts, without explanation or recourse, is unacceptable. We agree most (vast majority) of sock cases need zero secrecy and that if there is no need, then we each agree it should all be totally public and open. We also agree that civility, good faith and other policies are our bedrock. We agree that if access like checkuser is used, it should be used with extreme trust, caution and care always. We agree cases should be examined not bullied, cliques are a Bad Thing, and we should actively critique and improve our work and transparency. I'm passionately in favor of these and will fight for them - and have done so.


 * Can we agree on that?


 * Likewise I'm sure you broadly agree that some cases should not be public - oversight defamation where the diffs cant be shown, death threat diffs that name the target user's real name, and many similar or less extreme cases.


 * Where we differ then is important to say, is only for a very few cases. The ones I call "very bad socks". The kind that without knowledge or having dealt with them and their reincarnations and seen their ability to destroy articles and drive away good faith users, you state (untested) are exaggerated. I wish you were right, but sadly, that's more likely to be lack of knowledge and experience speaking. Talk to users who have dealt with them, maybe. Listen to their judgement.


 * These are not your average sock users. These are users who actively will destroy lives or articles to get their view - or just to have fun. I see a new sockmaster like this, maybe once or twice a year - and their reincarnations many times a year. Arbcom deals with most of them in reality. These are the kind who turn up at ANI having destroyed an article (or several) and driven contributors away, pick up a ban, and then surface at ANI under a new name 4 months later having done the exact same on 3 other articles in tandem.


 * This page might be an eye opener. One of many users driven away, not by mean unfair blocking admins, but by just one sock-master who cared for nothing so long as he got his way. We've lost several/many editors this way to others too, but that contribs list sticks in my mind. The sockmaster concerned drove away almost every other editor and edit warred on some 50 articles for a year, before his final arb case. Here's another one, in this thread. That one's a reincarnation of a sockmaster from 2005, and ended up blocked rather quicker for being recognized as a reincarnation. It doesn't seem a good idea to tell these kinds of abusers how they were ID'ed, so they can hide themselves under new names, on new topics, and be undetected as a reincarnation even as they destroy more articles and drive away more users.


 * Coming back to an overview, the problem with the recent Durova case was, a group of unauthorized users who went looking for "maybe socks" and at times, blocked them. Thats something we both agree is very wrong. No argument, I'd say it too. This kind of scenario isn't that. It's based on known patterns of known warriors, who are known to be highly harmful to editors and the wiki. It has arbcom approval, and its views are checked by arbcom or arbcom members, or the like - the bodies the community has agreed to handle confidential information and decide on it.


 * It is in relation to this kind of warrior, that I have said "we don't tell them how we know". Not your average "no reason not to" kind.


 * FT2 (Talk 19:01, 7 December 2007 (UTC)


 * Yes, bad sock warriors are a problem. However, I think we must be careful not to make the wrong choices in how to fight against them.  I believe hiding evidence purely because they might figure out how we caught them to be a bad idea.  We don't necessarily need to show how evidence was found, but the evidence itself should always be seen by the accused (with the obvious exception of when privacy issues are involved).  Much as in real-life courts, the importance of being able to openly address evidence should take priority.
 * Without strict restrictions on how confidential evidence can be used, we risk Kangaroo courts, or the appearance of them. Either way, I believe that if there is not anything going on to require an immediate block (something other than only being a sockpuppet), forwarding evidence to ArbCom is much better for avoiding drama and just keeping people working on the encyclopedia.  If admins here are perceived to be unfair, then we will lose people that way, too. Sχeptomaniacχαιρετε 00:48, 8 December 2007 (UTC)


 * Bad socks are a problem. They aren't the only problem driving away good editors.  Nasty and embarrassing wiki-dramas, and bad bans, drive away good editors also.  While it's certainly true bad socks can learn to change their stripes if too much is revealed, it's also true that good editors can be banned with really dumb evidence and that there is really no way to know just how many editors banned this way are really bad socks and how many are victims of really unfair judgment.  It's the old argument from ignorance to conclude secrecy has been an a good tool for catching bad socks when it's really impossible to know.  Can't an intransigently disruptive editor be as easily stopped for cause, on the basis of their behavior itself, as they can for any secret list of clues persuading a few admins they're a previously banned sock?  As has already been pointed out, it doesn't help trying to make a case now that the list of clues recently revealed in an "embarrassing wiki-drama" were not evidence of any give-away habits of some identifiable sock puppeteer, but habits of an exemplary editor interpreted through a darkened lens.  I am not saying that it's completely unjustified to claim secrecy is at times important, simply noting that the "have to take our word for it" is a bit of a tricky sell under the current circumstances.  Professor marginalia (talk) 02:46, 8 December 2007 (UTC)

You need to be aware of WP:PRIVATE
I recommend that the primary editors of this proposed policy review the content of WP:PRIVATE, another proposed policy that overlaps this one and provides different instructions for the provision of confidential information to the Arbcom. I suggest that consideration be given to a single policy, if a policy is required at all. Risker 23:25, 3 December 2007 (UTC)
 * Makes good sense. At the moment we're figuring out this one aspect -- would it be sensible to defer a merge until we see how it works out? FT2 (Talk 03:21, 6 December 2007 (UTC)

review question
I may not be reading this sprawling policy proposal correctly; tell me if I'm misunderstanding this?


 * 1) Admin1 gathers information on User1 for some violation based on secret/private evidence.
 * 2) Admin1 asks Admin2 and Admin3 to review this information.
 * 3) Based on that info, Admin2 places a block on User1.
 * 4) One of the admins posts this on WP:ANI.
 * 5) Admins 4, 5, and 6 all request access to the information for independent review.
 * 6) Based on these proposals, Admins 1, 2, and 3 can opt not to do so, referring it all to ArbCom...?

Am I reading this wrong? Lawrence Cohen 23:02, 5 December 2007 (UTC)


 * I'm not sure there's actually an agreed on policy to read yet. The Durova arbcom decision would seem to suggest that unless there's checkuser/oversight-type information involved, ArbCom is the only group that can act on non-public evidence. At present, I'm not sure if any of the draft policies reflect that. Best, -- B figura (talk) 23:33, 5 December 2007 (UTC)
 * No problem. What is the general practice with information that is admin-level, though, historically? Any admin that asks to review it for an extra set of eyes is expected to be given access, unless it's Checkuser/Oversight? Lawrence Cohen  23:37, 5 December 2007 (UTC)
 * Arbcom have made very clear they are not taking over all such decisions; to that extent the original principle in "durova" was clarified. If we need a policy, and want this area more assured, we need to write one, and Arbcom have said effectively, they feel its the community's choice if a policy is needed. Meantime, Arbcom have said they aren't expecting to handle all sock puppet checking or private evidence, rather, admins are expected to use commonsense in evaluating evidence. See above section. So the odds are good we need this. FT2 (Talk 03:19, 6 December 2007 (UTC)

Under v.4, what would happen is - FT2 (Talk 03:13, 6 December 2007 (UTC)
 * 1) Admin1 forms a view that User1 is a Bad Actor, but feels it would be damaging for the project or otherwise wrong, to present all the evidence to back that decision on the wiki if they were asked. So this immediately (by definition) means a confidential information issue exists - there is action they wish to take, but would not wish to provide a full public explanation of all the backup for it, if it were asked.
 * 2) Admin1 asks Admin2, who will usually be an oversighter or arbcom member, but (if they feel it isn't a problem) could be a crat, to review the entire evidence and discuss it. (These people are usually considered to have exceptionally above-average integrity and judgement.) The reviewer at this point is the choice of admin1.
 * 3) The reviewer (Admin2) must recuse if there is prior involvement or a concern. They also have complete freedom and discretion to discuss and share the evidence with other oversighters or arbcom members etc if they want to, to get further eyeballs too.
 * 4) Admin2 sends admin1 back an email, confirming they are happy, and what in their view should be disclosed or not, and a summary fit for public posting of what the evidence was and its nature so others can understand. They also say what they consider appropriate action (by agreement).
 * 5) Admin1 can now take the action which Admin2 has approved, and instead of the confidential information, they puiblish what they can (and everything admin2 has directed them to), and also publishes the public part of Admin2's email, together with Admin2's name, as the evidence of review. This will tell the entire community what it was about (without problem details) and that the evidence was checked and agreed, and the proposed action considered appropriate by an independent Admin2. It also means Admin2 can check they were honest and complete in their disclosure.
 * 6) If it's all fine, then it's fine. If there is disagreement, and at least 3 admins agree they want a 2nd review (admins 4, 5, and 6), then they can request (again) any oversighter or arbcom member, or arbcom as a whole, of their choosing (ie consensus communal discussion "we have at least 3 admins supporting review, who shall we get to look at this?"), to review the entire case and all evidence and explanations as provided by Admin1 and Admin2. As above, the reviewer they choose can consult too, allowing more eyeballs.
 * 7) The 2nd reviewer posts their review, as they see fit.
 * 8) At any time Arbcom can ask to see everything anyway and get explanations, or be asked to take it over, if there's a feeling they wish to.
 * Thanks for clearing that up. I'm concerned, though, that a situation seems to exist where some admins can use this to exclude other admins from viewing evidence which may not require higher than admin status to review. If a block can't be made without information that any admin can see, shouldn't such a block simply not be made by a regular admin? It almost makes it sound like an endorsement of some regular admins being inferior, or more trusted, than other regular admins. Lawrence Cohen  16:35, 6 December 2007 (UTC)


 * Shouldn't be. Here's why:
 * Admin2 (who will always be an arbcom member, oversighter, or similar) is required to judge the evidence of admin1 and decide what (if anything) really is right not to publish, and why, and characterize it for the community so they can understand what sort of material it was, and what sort of meaning it carried.
 * In doing so, Admin2 is required therefore to justify any material that is deemed appropriate to not publish, and explain that justification broadly to the community.
 * So if there was evidence that "any admin can see", Admin1 would be required to disclose it. It's only genuinely sensitive stuff that is approved for non-disclosing, and even then the reason and nature (and any issues around it, and so on) must be made public
 * Even though Admin2 is selected from arbcom or oversighters (or sometimes, crats), they might still misjudge. Admin2's judgement in what must be disclosed and their judgement generally is reviewable at the community's request, by another arbcom/oversighter of the community's open and consensus choosing (AdminX).
 * So yes/no. The idea is that Admin2's role is to examine the bits of evidence and decide which bits are "no, thats not got a valid reason to hide it. You have to disclose that", and which bits are "yes, this is a valid observation not to disclose, and I'm happy to confirm why to the community, and they can check it with someone of their own choice if it's a problem".


 * Explanation makes sense? FT2 (Talk 20:52, 6 December 2007 (UTC)

View from the plebs
As an occasional editor who just happens to have filled a spare hour starting at the history of Wikipedia and reading up on the Durova/!! fiasco before ending up here, I'd like to support FatherGoose, JavaTenor and Bstone with a simple plea: remember the cost-benefit analysis of what you're proposing. The potential damage caused by instituting a policy which fundamentally undermines your entire principle of openness is surely greater than the potential damage caused by "disclosing investigative techniques or raw results [which] might give [bad actors] an unacceptable level of insight into how to circumvent detection". As a completely archetypal joe average Wikipedian with little to no knowledge of internal processes, arbitration, etc., I am unconvinced by this debate that there is any reason at all to allow users to be blocked without the evidence against them being made public. I know Wikipedia is not a democracy, and that's fine - as long as the actions of the undemocratic cabal can be clearly and openly scrutinised, by anyone. Magnate (talk) 15:03, 7 December 2007 (UTC)
 * For an occasional editor, you are fairly insightful, Magnate. --Kim Bruning (talk) 01:47, 8 December 2007 (UTC)

Time to cut the branches?
As I see it, there are a few directions we could go from here:


 * 1) Use straw polls (with accompanying discussion) to select which version to adopt as our new "base," archive the others, then work out the minutia of the proposal.
 * 2) Attempt to consolidate the four branches (I don't want to say "merge," as that implies that we wouldn't cut anything). This would give us a chance to think carefully about what the optimal structure would be. I'd be happy to do this personally if others are comfortable with the idea. (If we do it together, let's be sure to plan out the structure beforehand.)
 * 3) Archive the branches, scratch the proposal, and replace the page with a summary of the idea, the responses it drew, and the complications encountered. The point would be to provide an indicator of where the community stands on the issue without having to work through all the technicalities. This would guarantee that we don't end up with an almost-useless dried up proposal, like most of the pages in Category:Wikipedia proposals.

If anyone feels the branches need more time to mature I'm happy with waiting, but I figure we'll need to do this eventually, so if no one objects I suggest we go ahead and pick a direction. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 05:42, 8 December 2007 (UTC)

3 is an adequate course of action for this page, because it provides an actual reflection of consensus. 1 is extremely destructive (sends page participation count over the magic boundary of 150 users where you lose control, and won't even tell us anything real about consensus), and 2 is too complex, more work, and end result would be inferior to 3, due to inevitable loss due to consolidation. --Kim Bruning (talk) 09:50, 8 December 2007 (UTC)
 * I'd go for #3. At any rate, at present the page is too verbose to be practical.  &gt; R a d i a n t &lt;  10:27, 8 December 2007 (UTC)
 * I had a crack at #3; see the main page at the bottom. Feel free to modify it (keeping in mind that the goal is to summarize, not to challenge). I did my best to represent all perspectives fairly in proportion to the acceptance they gained, but may have erred slightly one way or another. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 07:24, 9 December 2007 (UTC)


 * On something like this you want above-average clarity. A simple policy such as "send it to arbcom" isn't enough:
 * Arbcom have stated their job isn't to sort out every sockcheck that has non-public information. So we can't say "Send it to arbcom and they'll decide what to do". Arbcom both on-wiki and in email indicate their role isn't necessarily to handle all sock inquiries of this kind. (Though they should probably be informed of the reasons)
 * Further, email from arbcom following seeking of their detailed view replied stating that there is a difference between (a) identifying and blocking socks of particular, previously troublesome users, based upon knowledge of the troublesome user's editing habits that are not fully made public, and (b) blocking users based solely upon erroneous and vague conclusions that the user was somehow connected to some disruptive group of users, and states that the community is more able to handle the former, with referral to arbcom not necessarily needed.
 * It doesn't cover the many places that this can be needed where a block isn't the issue. Over simplicity is a problem here.
 * People may have as much of a problem with an unexplained controversial arbcom decision as an unexplained controversial other decision. A policy that builds in that the community must be given good indications what kind of evidence or nature of case, and also be able to ask for re-review of it for them is essential for fairness. 3 is too simplistic on that score.
 * 1 has some good descriptive text but as a policy isn't direct enough. 2 is too complex, 3 is too simplistic and won't solve the problem well. 4 is reassuring since, despite examination in detail, it's seeming to be robust and fairly practical, simple, unable to be manipulated by the user, more transparent, involves multiple review with arbcom referral still an option, and allows the community to get more detailed comments. FT2 (Talk 11:45, 8 December 2007 (UTC)
 * To clarify, should we take your comments to mean you favor a comprehensive policy to replace the ArbCom decision, rather than a short summary? I'm a bit confused by your numbering; could you clarify what direction you feel we should take this? — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 07:30, 9 December 2007 (UTC)

Why a comprehensive policy is needed
(Reply to Daniel, above)

Yes, I think we do. The one liner from "Durova" and the various other notes, are obviously able to be interpreted strictly or otherwise, and this was why I asked for clarification. The clarification just (to me) confirms that despite what some believe, we don't actually have a clear handling at all, and without that we'll have a repeat (only moreso, since next time everyone will believe we did have it and that others are wilfully flouting it).

I feel this has all the taste of another "BADSITES" situation - a "one line" ruling in one case that each user will interpret their own way and believe is resolved, until it happens again with more drama and people split whether User X should or shouldn't have sent the material to Arbcom and user Y should or shouldn't have unblocked, and finally after much damage and mayhem and another case, a policy is agreed by the community anyway that addresses it. But by then the damage is done. It's best to learn from MONGO/BADSITES, that reliance on partial or insufficient rulings that weren't meant to be taken that way, on important, recurring, significant issues, are not helpful, and get a communal proposal agreed first on this occasion. In that sense, the principle in Durova is like that in MONGO - a principle in one case that will be taken differently from how Arbcom intended it by some, with others expecting it to be adhered to perfectly. A brief principle in MONGO's case didn't stop "Attack sites" blowing up either. What came out was that the original principle had been over-relied upon and too much read into it by some, and it was taken too literally. But the harm was real - bans were proposed due to supposed "breach" of this excessively strict interpretation, before the case was done. In short as things stand, we may end up with a 2nd "secret evidence" case that will make Durova look like a piece of cake (like BADSITES did some time after MONGO), if we just naively rely on the arbcom principle (as some did the MONGO arbcom principle).

Back to the present. Arbcom's reply (3 times!) (above) was consistently that they don't make policy but only interpret and apply existing norms, they've all but spoken out to encourage development of one (also see above), they still won't be handling all cases like this but expect "commonsense" to be used, and they haven't said a word to suggest a view on cases where blocking isn't considered. Arbcom do not make policy as such. The community does that. So I don't actually think we have a statement "how to handle it"; rather we have only an affirmation that in genuinely serious cases arbcom can be sent non-public evidence (our current norm) but that this isn't expected to be how we solve it generally, and a policy might be a good idea if the community feels the area might benefit from one.

For example of why we need to form a policy ourselves as a community, consider these statements as a whole: "If a user feels that they cannot [explain] their actions in public [ie, to the community], they are obliged to refrain from that action altogether or to bring the matter before the Arbitration Committee"
 * 1/ (With slight word edits to make the parallel and problem obvious):
 * But we've also been told 2/ "The question of what sort of explanation the community considers sufficient is, of course, a question for the community as a whole rather than the Committee"
 * And 3/ when asked specifically about sockmasters identified by behaviors and "give-aways" that are not publicly known, kept private to prevent evasion, and then asked (in light of its Durova principle) "does Arbcom confirm it now wants all such matters to be its domain now", the answer was a very clear "No"
 * And in private email signed by two arbcom members, 4/ "I don't think it's necessary to reveal [publicly] the patterns looked for to find socks of [a specific banned user] but if good faith concerns arise shared by a sizeable segment of the community, [one] might want to share a few [details]".

Really, we really don't have anything now that we didn't have before November, except a statement that commonsense should be used and serious cases should still be sent to Arbcom, so unless we create some kind of policy that we can refine over time on the general handling of such matters, we really have nothing, pretty much. FT2 (Talk 14:13, 12 December 2007 (UTC)
 * I think the biggest problem with MONGO/BADSITES was that there was a consistent tendency for straw man arguments, rather than respectful discussion of the actual issues and concerns raised. The proposal couldn't be anything but a mess in that situation.  As long as this page can remain civil, I think we have a better chance of making progress than that one.
 * As far as I am concerned, transparency is a high priority here. The only time actions based on non-public information should be allowed is when it involves private information.  This doesn't mean that they have to reveal their entire technique, but sufficient evidence to support proposed action should be there.  If socks figure out how to get better at it, that's unfortunate, but I think the greater risk lays in not being transparent.
 * I dislike any proposal that has reviewer(s) chosen by the admin proposing the action, as it's too easily gamed (not necessarily intentionally). The issue isn't necessarily corruption, it's just human nature.  People tend to gravitate to those who believe similarly to themselves, and may consider a similar-thinking person impartial (like themselves), when others may not.  As a result, it would be easy for a person proposing action based on hidden evidence to pick a reviewer with a similar bias, thus laying the groundwork for another incident like the one that precipitated this proposal. Sχeptomaniacχαιρετε 01:01, 14 December 2007 (UTC)
 * The important step that is mentioned several times is the ease with which the community can have the matter re-reviewed by an abribtaror or oversighter of its (openly discussed) choosing. That seems a very strong double-check to me. The bias you mention is a very obvious one, and this double-check was included specifically to ensure that wilful or accidental, any perceived bias would have review by someone 1/ highly experienced, 2/ highly trusted by the community, 3/ trusted to handle confidential information and make decisions based on it already, and 4/ of the community's open choosing. Surely this (with the option for arb review) covers that concern? FT2 (Talk 02:28, 14 December 2007 (UTC)
 * I just hope that if we decide on such a system, we are able to get reviewers to take requests seriously. My impression is that editors who challenge an administrative decision tend to be met with skepticism, except when the decision was a very clear example of poor judgment. Posting a DRV, filing an unblock request, or publicly questioning the behavior of an admin tends to be an uphill battle, at least from what I've seen in my experiences. If we do devise a formal review system, I hope it can be made different. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 06:57, 14 December 2007 (UTC)
 * FT2, to be clear, would the requested second reviewer be before or after action is taken though? If it is after, my concern is that we are asking for a lot of drama.  As we saw with the Durova affair, and unfair block can create serious problems, even if it is overturned rather quickly. Sχeptomaniacχαιρετε 17:48, 14 December 2007 (UTC)

I think we can make do with the original best practice as also explained in part at WP:WIARM. If you have evidence for something but don't want to show it on wikipedia, then your hands are tied, you shall have to forever hold your silence on the matter.

It's ok to discuss stuff offwiki, but if you want to take it on-wiki, then you'll have to take your evidence and reasoning along with it.

Even OTRS won't do things entirely in secret, and they always leave ticket-id's that can be checked by anyone with relevant access.

Any other use of confidential evidence is nonroutine at best, and runs the risk of running counter to consensus.

I don't think it is necessary for the community to throw away transparency, and it is in fact a fairly destructive and dangerous move.

--Kim Bruning (talk) 02:30, 14 December 2007 (UTC)


 * Kim, we've never had 100% transparency. I'm a strong advocate of transparency and its practice, but I'm also looking at the project with an eye to its history and how matters are handled; I see no period of time, ever, when the 100.00% transparency that you're implying might be thrown away, ever actually existed. There has always been a clear understanding that some matters that harm the project are dealt with fairly but not fully disclosed; that's been the case as far back as I can see it, and whether or not desirable, the likelihood is it seems it will still happen. I'm not stating a view here whether that's right or wrong, but a view that total transparency has not been accepted by the community or arbcom as a norm.


 * We can debate if the harm that not disclosing these exceptional cases does, outweighs the good that it does, but in the prior debate on this at WT:BLOCK consensus seemed to favor strongly, even after "Durova", that some matters just don't get fully evidenced in public.
 * We also have Arbcom saying they are not expecting to handle all the cases where this applies. Arbcom have declined to take responsibility for all such cases, and acknowledged cases will exist that they feel do not need their involvement. They agree the community has the right to gain assurance on these matters, but note specifically that how the assurance is gained, who it is entrusted to, is up for communal discussion.


 * The conclusion seems obvious -- we need to agree a policy that we can communally abide by which (as always) seeks to retain the most good, and remove the genuine harm. Not just debate that total transparency would solve it all, or arbcom can handle it all. These solutions are already removed in practice (although nice in theory). We have neither consensus on total radical utter openness in all cases and matters for the first, nor agreement from Arbcom that they will handle all such exceptional cases for the second. They might be nice, but those two are not visibly options. We probably won't be able to have a solution that says "Everything must be 100% open, or at worst handled by Arbcom alone". FT2 (Talk 04:39, 14 December 2007 (UTC)
 * Well, I'm describing the current situation, and best known course of action. You could try to prescribe some different course of action, but I pity the poor soul who would actually believe they could follow the advice on the page. They would get drawn and quartered by the community. :-( --Kim Bruning (talk) 08:32, 14 December 2007 (UTC) "descriptive, not prescriptive" is not a hollow slogan

Natural justice considerations
Neither here nor at WP:Private correspondence have I seen any discussion of principles of natural justice (maybe I haven't read closely enough). It appears to me to be relevant to thinking on this issue. Paul foord (talk) 15:05, 27 December 2007 (UTC)
 * I didn't say it in as many words, but I do believe that the idea of allowing confidential evidence flies in the face of the modern principles of justice. Wikipedia is obviously not a courtroom, but I do believe many of those concepts do apply to our dispute resolution process.  It's one thing to keep personal information (i.e. names, contact information, etc.) out of it, but a person accused should have the right to view and respond to the evidence against them.  WP:BEANS just isn't a good enough justification. Sχeptomaniacχαιρετε 00:03, 4 January 2008 (UTC)

Status tag
I haven't been keeping close track of all the proposals discussed in the recent MfD, but for this one in particular I really don't like the idea of using the tag. I think the discussions show that the idea behind this policy was actually quite popular; we've just had trouble agreeing on implementation specifics. Rightly or wrongly, is taken to mean that the community didn't buy it, or at least that there was strong resistance to the concept; either way I think it's somewhat misleading.

As for what I suggest... well, if some editors want to persist in trying to get guideline status, I'd support leaving on the tag for now. Most of Category:Wikipedia proposals is comprised of inactive proposals already, so we wouldn't really be making the system less functional. If no one really has the interest/energy/optimism for that, I'd suggest that we go with the summary (which others are free to edit, as long as it's done with high standards of neutrality). If others don't like the idea, I would go with. I think "historical" may be slightly misleading since in the context of proposals it usually indicates a change in consensus, but I'd prefer that option over.

Thoughts?

— <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 04:30, 12 January 2008 (UTC)


 * Again, I think the template is misleading. The idea of a confidential evidence policy or guideline certainly hasn't been rejected by the community; it received considerable support, it just hasn't been actualized due to lack of interest and what not. We don't really have an "inactive proposal" template (as far as I know), but standard procedure is to just let the regular proposal template sit regardless of inactivity. The template itself says rejection status is independent of "whether there is active discussion or not." Template:Rejected is an indicator of lack of supporting consensus, and while the consensus here has been imperfect (as with any proposal), I don't think it's reasonable to say that this proposal died because of strength of opposition.
 * As it seems unlikely that this proposal will move forward, is there any objection to removing (or archiving) the four proposals and leaving the summary I wrote a while ago (which is currently at the bottom of the page)? That would eliminate the issue altogether. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 01:05, 12 March 2008 (UTC)


 * I think the template is accurate. There is no consensus for this, and no sign of any progress towards one.  That fits rejected perfectly.  GRBerry 03:18, 12 March 2008 (UTC)
 * GRB, as you know, the (relatively minor) quarrels have centered largely around procedural issues. That's rather inevitable with any proposal that involves so many complexities. If we compare the overall reception of this proposal with, say, that of WP:N, it seems clear that this proposal enjoyed a far greater support-resistance distribution.
 * Consider Durova's statement for example: "I support the effort to clarify where the correct parameters are and will abide by community consensus." Durova was of course one of several editors who suggested modifications to the proposal, but the title of her message reflects the general positive response to the concept of defining boundaries to the use of confidential evidence. Very few users expressed serious reservations with the idea.
 * Placing signifies that support was overcome with resistance, or at least that there was insufficient support. I don't think that's a reasonable characterization of what happened here. Had we managed to consolidate ideas more effectively instead of creating a trainwreck, I'm quite certain that the proposal would have passed with little or no resistance. Calling it "rejected" implies the opposite. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 03:52, 12 March 2008 (UTC)
 * If you want to do the footwork of getting this page active again, I have no objection. I didn't participate in the discussions here, but it seemed to be the sense in other discussions that this had been soundly rejected, so I only meant to clarify the tag. -- Kendrick7talk 16:43, 12 March 2008 (UTC)

I don't know if I've convinced anyone that is terribly inappropriate, but since no one seems to have a problem with the summary I'll put it in place for now. — <b style="font-family:Arial;color:green;">xDanielx</b> T/C\R 19:19, 27 April 2008 (UTC)