Wikipedia talk:Requests for comment/Arbcom, confidentiality, and oversight


 * See also the straw poll page.

Necessary proposal
With the leaks over the past two years, and the apparent lack of ability for arbcom to look after itself concerning certain situations, especially when members apparently feel that there is a lack of community guidance, I think that this proposal is very necessary. - jc37 11:14, 14 December 2012 (UTC)

Errors

 * There are considerable numbers of factual errors in this, resulting in erroneous conclusions. What is the best way of correcting them?  Roger Davies  talk 12:02, 14 December 2012 (UTC)
 * If there are any factual errors, please elucidate. This is a discussion page after all : ) - jc37 12:11, 14 December 2012 (UTC)
 * Well, just for starters:Oversighters don't have access to the arbcom lists, or to the arbwiki.Oversighters are already subject to a much tighter scrutiny than you propose, with a dedicated supervisory committee (AUSC) and regular stats on performance.ArbCom is mandated by Wikimedia policy, not local policy, to appoint Checkusers and oversighters.That the committee has tried on several occasions to get the community involved in the process but it resulted in few appointments.Jimmy Wales' role is not as you say. He has never removed an arbitrator and is unlikely to do so without consensus of the committee.It is meant to be difficult to remove sitting arbitrators, hence the two-thirds majority of the full committee. Otherwise it is too easy for a few coordinated members to take over control of the committee.This document makes no effort to define what is confidential. If I post to the list that I saw "The Hobbit" last night, I do not expect it to be held in the same level of confidentiality as personally identifying information about a vulnerable underage editor.In any case, there will be occasions when confidentiality MUST be breached (admissions of criminal activity, for example, or threats of self-harm) by disclosure to non-list third-parties.   Roger Davies  talk 12:31, 14 December 2012 (UTC)
 * OK, in order:
 * 1.) This is a policy proposal so this is suggesting that that be changed so they do have access.
 * 2.) This proposal does not change any policy unless it specifically says it does. So presumably that "tighter scrutiny" still applies.
 * 3.) mandated? or approved to? I see that there are other processes as well. I intentionally left the actual process for "confirmation selection" out of this proposal. So unless another RfC changes that (wherever it needs to, meta or here or whereever), presumably existing policy applies.
 * 4.) Well, we'll see if the community will be more involved now.
 * 5.) I intentionally am leaving defining what JW's role is or is not, out of this proposal. (As stated in the proposal.) I don't see any point in arguing over what is true since it really doesn't matter as far as this proposal is concerned.
 * 6.) That's my understanding as well, and thought that's what I said in the proposal. Did I unintentionally misrepresent that somewhere?
 * 7.) I am intentionally not defining what is confidential in this proposal. My thought is that that is something which we already have policies and such for. So afaik, there is no need to redefine it again in this proposal.
 * 8.) Again, that should follow existing policies, and this proposal should not affect that.
 * Any other concerns? I am happy to clarify. - jc37 12:53, 14 December 2012 (UTC)
 * Having read this again, in the light of the above, through I am unclear what precise issues this is supposed to address.  Roger Davies  talk 13:57, 14 December 2012 (UTC)
 * The Wikimedia Foundation determines the Oversight policy and will not be changing it just for us. --Rschen7754 12:57, 14 December 2012 (UTC)
 * The global policy does not mandate the ArbCom to appoint oversighters. That is the default position if the wiki has an ArbCom, but there is an "unless the local community prefers independent elections" clause in the policy. For example, my other home wiki elects oversighters independently of ArbCom. Jafeluv (talk) 10:34, 17 December 2012 (UTC)
 * I suppose it is more accurate to say that on this wiki Arbcom appoint (following a community consultation), which is both the default position and the expressed current preference of the local community. Because we used to hold elections, and the community agreed with the change back. Meaning the proposer would need to get the local community to agree to an election procedure first, before they could start talking about 'confirmation procedures' (meaning undefined). Elen of the Roads (talk) 11:42, 17 December 2012 (UTC)
 * Just wanting to clear some misconception out, regardless of the outlandish nature of the RfC proposal: a) ArbCom is not mandated by the global Oversight policy to appoint CU & OS; wikis with ArbCom are free to appoint CU & OS thru normal procedures b) the Oversight policy is a global Wikimedia policy, not a global Wikimedia Foundation policy c) this document might not say that information is confidential for its FAQ section make it pretty clear that CU info is not to be considered confidential. I find this latter claim to be outlandish, bizarre and out of touch with reality. CU information is confidential data and Checkuser by definition has access to confidential data so the we should not presume that when entrusted with checkuser, that those making that determination of trust ever considered that a checkuser would have such access to "confidential information". is null and void as contrasting with the relative Board-approved WMF policies. I wish before proposing this policy you'd have taken some time to contact any functionary and ask for some clarification on what Checkuser data is, why it is highly confidential etc., tho this proposal on the whole could have benefited from some Q&A beforehand.  Snowolf How can I help? 23:47, 14 December 2012 (UTC)
 * Thanks for the clarifications. One thing to clarify. I wasn't saying that checkuser data isn't confidential, just that it's limited to specific limited technical data. For the purposes of this proposal, I was considering "confidential information" much more broadly. Oversight and arbs potentially see a lot more types and kinda of confidential info than checkusers do. And that checkusers are limited to merely seeing confidential technical data, is what I was trying to convey. You're right, that should have been clearer. - jc37 23:55, 14 December 2012 (UTC)
 * I'm not sure where you see this distinction, if you prefer, we can be more formal and just talk about "nonpublic data" which is how the Board labels it. "technical confidential information" really doesn't mean anything. Functionaries have access to nonpublic data, confidential data and other data not fit for public distribution (which could include particularly processed sets of public data) from a variety of sources, which vary and overlap depending on their roles and permissions.  Snowolf How can I help? 00:03, 15 December 2012 (UTC)
 * A discussion like this is exactly what I was trying to avoid. CUs and how we define what data they see is not part of the proposal. I merely was commenting why I thought giving this broader access was more suited to OS than CU, due to the differences of what type of data they are presumed to have access to. - jc37 00:30, 15 December 2012 (UTC)
 * But as several people have pointed out, both CU and OS have equally nothing to do with ArbCom. I think your statement that Checkuser and Oversight are assumed to have access to different types of data is more of a personal opinion of yours than a widely held belief or the actual truth. Fact is, functionaries in general have access to nonpublic data, confidential data and other data not fit for public distribution (which could include particularly processed sets of public data) from several sources. Some of them are shared among CU & OS, some are not, but by your statement that you find data accessed by CUs to be different in nature from those accessed by OS you are actually forcing the discussion as what exactly confidential data is. I for one disagree that there's any particular difference between checkusers and oversighters on the basis of the nature of data they have access to, there's difference in the technical instruments are their disposal and in their role, scope and functions. As a last comment on your suggestion that the nature of data accessed by oversighters makes us more suitable to have access to arbwiki, well, I can't say that I agree. Frankly, we have close to no relation with ArbCom as Oversighters, none of our activities overlaps or interacts with Arbcom normally or even rarely and whether we follow or care about what Arbcom does is up to each of us as individual wikipedians. On the other hand, Checkusers' activities do overlap with arbitration cases and the type of information likely to be held on Arbwiki (to which I have no access to so I can only speculate) are likely to be much more significative to Checkusers than to us. As an Oversighter, the only thing I can think of doing with pages from Arbwiki is to print them and use them to roll a cigarette, but I'm afraid I don't smoke :( I'm seriously telling you, I have no idea what to do with access to Arbwiki. I do not want the job of overseeing what the arbitrators do on their wiki... I respect the level of dedication and masochism required to be an Arbitrator, but I don't have it and sincerely don't understand why you want to put a group of functionaries who probably are oversighters because they want to contribute further to the English Wikipedia and are considered to be trustworthy and sound but precisely avoided running for Arbcom and decide that no, we must have access to arbwiki so we can look after the Arbitrators... I don't know how to convey it to you that while I appreciate the good intent of your proposal it stems from a misunderstanding of the nature of the functionaries and arbitrators' work.  Snowolf How can I help? 01:18, 15 December 2012 (UTC)
 * You know, it's hard to tell if you're more upset that oversighters were included in this or that I didn't include checkusers : ) - jc37

Typos and protection

 * There are also a few typos. I don't see why this needs to be fully-protected. Legoktm (talk) 12:04, 14 December 2012 (UTC)
 * Because changing it part way through an RfC can be disruptive, and considering the topics involved, it seemed like a justifiable precaution. I welcome others' thoughts on this. In the meantime, what typos? - jc37 12:11, 14 December 2012 (UTC)
 * My thoughts on the protection? I don't like it. It's possible that changing it will be disruptive, but it's also possible that changing it will be productive. This is after all a wiki, and getting updates from numerous areas is what we do. Worm TT( talk ) 12:15, 14 December 2012 (UTC)
 * "prEsume" in the CU FAQ section. There are also a few commas missing, but I don't think that's a big deal. Legoktm (talk) 12:16, 14 December 2012 (UTC)
 * A total bullshit move incompatible with a collaborative environment. Allows the OP to skew discussion. Framing the debate is standard political hackery. Not supported by RFC policy, which clears states Statement should be neutral and brief NE Ent 12:36, 14 December 2012 (UTC)
 * The "statement" is. I placed it and the rfc template on the straw poll page. - jc37 12:56, 14 December 2012 (UTC)

afttest-hide group
Does this proposal include the afttest-hide group since it has the oversight user-right? Legoktm (talk) 12:02, 14 December 2012 (UTC)
 * Everywhere where you see "oversight user-right" it should more specifically say "oversight user group". That was what I was referring to when I wrote it. I just was concerned that it might be confusing to use the word "group" in the context. - jc37 12:17, 14 December 2012 (UTC)
 * We're actually removing that group as soon as we can solve a problem with it; thanks for reminding me to chase it up :). Okeyes (WMF) (talk) 13:58, 14 December 2012 (UTC)

Oversight elections
The primary reason why ArbCom currently appoints oversighters is that during the 2010 oversight elections, no candidate could reach the required 70% mark. So if we reinstate confirmation selections again, and require them to be reconfirmed every two years, what if nobody can pass and we would be left with zero oversighters? Zzyzx11 (talk) 12:34, 14 December 2012 (UTC)
 * I intentionally left what the "confirmation selection" process is for oversighters out of this proposal. I even stated that in the FAQ. That can be determined by a separate RfC. - jc37 12:38, 14 December 2012 (UTC)
 * Or what if we are left with one oversighter? By Oversight we can only have 2+ oversighters, or no oversighters at all. And furthermore, that Meta policy only gives us two options for a confirmation process. --Rschen7754 12:39, 14 December 2012 (UTC)
 * I suppose since we're automatically giving Arbitrators oversight, they don't need to stand for confirmation? Or do they? What happens if they don't pass? Legoktm (talk) 13:11, 14 December 2012 (UTC)
 * The current process for Arbs is the arbcom elections. There are different processes currently for oversighters. But I tried to make it clear that I was not defining what those processes are in this proposal. - jc37 14:19, 14 December 2012 (UTC)
 * The current process for arbs is not arbcom elections. It is appointment by the Committee, customarily granted to all members unless they specifically opt-out. This is necessary due to the global Oversight policy.  Snowolf How can I help? 01:46, 15 December 2012 (UTC)

This seems to be a bass-ackwards way to address ArbCom members misusing and mishandling their mailing list
Subject says it all, really.

Why are we going to take a system of functionaries – the Oversighters – that seems to be working fairly quietly, competently, efficiently, and uncontroversially, and turn them into political animals who will have to campaign for re-election every two years? (Leaving out the description of the 'confirmation selection' process is asking us to buy a pig in a poke: hiding the messy part of the proposal until the community has approved this vague version.)

This is a clumsy hack likely to create more problems and leaks than it will fix. "You know how you wanted to help out the project by volunteering to delete private, personal information added to articles by vandals and stalkers? Guess what&mdash;you're now conscripted to be the guardians of the ArbCom's honor.  Good luck!" TenOfAllTrades(talk) 13:05, 14 December 2012 (UTC)


 * You are presuming that the confirmation selection will be an election. The actual process is not part of this proposal. - jc37 14:21, 14 December 2012 (UTC)


 * That's (part of) my point. You're asking the community to sign off on a process when you haven't been able to figure out how to get it to work.
 * You're also proposing to (roughly) double the number of people who will have access to the confidential information handled by ArbCom (including both their mailing list and their wiki) in the hope that this will somehow reduce the likelihood of leaks. That this is likely to be a succesful strategy to accomplish that goal is...not immediately obvious.  TenOfAllTrades(talk) 14:46, 14 December 2012 (UTC)


 * As an oversighter I must say I find nothing at all to like about this proposal. Supervising ArbCom has exactly nothing to do with what oversighters signed up for and I seriously doubt you will find any support for the idea of expanding our role like this from anyone on the current oversight team. The way we currently do things works well, serious disagreement about how to proceed is rare, and our mailing list is not nearly as full of holes as the functionaries or ArbCom lists. Thai proposal would ruin all that and turn oversighters into something that was never intended when the group was established and completely out of step with what it currently does. At a time when we need more oversighters this would almost certainly result in less of them, I know I would walk away if this was imposed on us. Sorry Jc, but I think this is a seriously flawed proposal to the point where there is no amount of tweaking the specifics that could make it workable or desirable. Beeblebrox (talk) 19:55, 14 December 2012 (UTC)
 * Oh, no worries beeblebrox.
 * There were primarily 3 things which I didn't expect from this proposal. (colour me surprised)
 * When expanding access for oversighters, the intent was that was it, merely expanding access. No "powers" were given. It's been my experience that people are less likely to "act up" if others are around watching. (While those secretly in a locked room may, even with the best of interests and/or intentions.) And giving this access to those who do not have the responsibilities of arbs, but who are likely to understand those responsibilities, and were editors already entrusted with confidential information seemed a win-win-win to me. So I didn't expect the presumption that this would turn them into "police" or some such. When that specifically wasn't the intention, and is specifically not in the proposal
 * Which leads to the second: the chicken or the egg situation concerning "the confirmation selection process" as well as the "fear" concerning the presumptions of what that process "could be", rather than waiting to see what the community came up with.
 * And third the idea that this proposal needed to re-define what "confidential information" is. Analogy: If we were defining box handlers, and already had a set of rules defining boxes (size, makeup, what they may contain, etc.) then when defining the box handlers, there's no need to redefine boxes. I would presume? especially if we're merely giving "permission" to be able to view and/or handle boxes, not to police other box handlers.
 * Anyway, like any such discussion, we can learn from the community. Though I do find it interesting that the majority of the commenters so far are only those who have access to "additional tools". I'm still wondering how the rest of the community feels about this all. Nice thing about RfCs is what they are exactly that: requests for comment.  Providing the ability and opportunity to learn what anyone in the community thinks, not just a select few. - jc37 23:47, 14 December 2012 (UTC)
 * Mind if I point out to you that the *unanimity* of the commenters so far, functionaries or not, have told you that your proposal is a bad idea?  Snowolf How can I help? 23:55, 14 December 2012 (UTC)
 * Actually on the straw poll page the majority are non-functionaries (10 out of 17).  Snowolf How can I help? 00:14, 15 December 2012 (UTC)
 * (ec) - Lol, I don't mind at all. And I value their (and your) comments. I'm not some mindless IWANTIT because IWANTIT drone, snowolf : )
 * While I do see some misunderstandings that I have been attempting to clarify, those who have commented so far are clarifying not only how they perceive this, but I'm learning through their comments how this could potentially develop in the future into something I didn't intend when I proposed this.
 * I considered withdrawing this when I posted the above to beeblebrox (this clearly needs work/redesign based upon the discussion so far), but I'd sincerely like to wait at least one more day to provide the opportunity to find out what unique perspectives the wider community might have concerning facets of this before shutting this down. - jc37 00:21, 15 December 2012 (UTC)

Wrong problem
This seems like the wrong solution to the wrong problem to me.

The first problem with confidential information is that we don't have an agreed definition of confidential information that needs to be protected. Protection needs to be based on content, not on author or location (think of censoring letters home from the front line - the censor removed anything that might give the enemy an advantage, that generally didn't include complaints about the food unless it suggested that the troops were starving to death).

The second problem is that at the moment the system we have sends your confidential information to multiple private email inboxes that there is no control over. This goes for all the mailing lists, and any solution really needs to tackle that as a matter of urgency.

So what we need first is a system for handling protected-confidential information. I'm guessing as a starter which can be added to that most people would include personally identifying information, accusations of real life malfeasance (eg paedophilia) and information which someone is unwilling to post onwiki for fear of real life harrassment, in that category. The system must keep the information in one place, be secure, with controlled and auditable access, and be much harder to copy the information from.

Once we have done that, you can continue to have a mailing list to discuss things, with the proviso that information identified as "protected-confidential" doesn't get onto the list (as with the OTRS function - if they have a query, they post a link to the ticket which you have to log in separately to get at).

You can then have a discussion about whether something is or isn't appropriate for a particular mailing list, which is separate from the protected-confidential issue.

Also, I know 'oversight' sounds like 'overseer', but our oversighters don't have a supervisory function. They signed up to remove certain very tightly defined kinds of content permanently from Wikipedia, that's all they signed up to do. That process isn't broken, that function already has an auditor (WP:AUSC), and I would be very reluctant to pose changes to it that may stop it working and that don't address the actual problems of security of protected data. Elen of the Roads (talk) 16:55, 14 December 2012 (UTC)

reverted edit by sock of blocked user

Bad idea
This proposal is a really bad idea. Its core problem is that it essentially involves expanding access to private information to include people without any specific need to see that information. These people would then (in effect) be encouraged to read through all this private information and monitor closed ArbCom discussions (which are themselves private, and for good reason). A core principal of handling private information is that access to such material should only ever be granted to the people who need to see it to perform tasks directly relevant to that specific topic, and the number of such people should be kept to a minimum. Nick-D (talk) 22:31, 14 December 2012 (UTC)
 * Just to add, if there's a desire to set up some kind of mechanism to make sure that private information is being handled appropriately by ArbCom, there are any number of government and non-government privacy commissioner/ombudsman-type organisations whose operating principles and procedures could be adapted. There's no need to cook up something new without any reference to external organisations which have proved successful as is being attempted here. Nick-D (talk) 22:45, 14 December 2012 (UTC)
 * Also the FAQ part implies that CU information is not confidential which is an outrageous, bizarre and unacceptable position to take.  Snowolf How can I help? 23:35, 14 December 2012 (UTC)
 * Exactly; my IP can be traced to my educational institution. --Rschen7754 23:37, 14 December 2012 (UTC)
 * Indeed. CUs can often see where someone works, information that could be very sensitive indeed. And for example IP info for someone on the company VPN could allow instant identification by the person's employer (it would where I work). This is where a definition of "confidential" is essential.  --Elen of the Roads (talk) 00:43, 15 December 2012 (UTC)
 * Wasn't the intended implication when I wrote that comment (as I noted to snowolf above), but I do see how it should have been clearer. - jc37 00:48, 15 December 2012 (UTC)
 * I think this proposal is flapping around somewhat. It sounds as if you want the oversighters to do something (stop? report? what exactly?) about Arbs saying certain things (what things?) in certain places. Which is really nothing to do with the issue of protecting confidential data. Without a base premise of what you are trying to protect, and how you are defining harm, it's hard to see how you can construct a proposal for protection from harm. Elen of the Roads (talk) 01:24, 15 December 2012 (UTC)
 * Right now as it stands this proposal does a number of things: mandates oversighter reconfirmation every 2 years (by who? the community? that would be silly both because they cant review an OS work and because they do not appoint the OS; why does CU not go about the same way anyway?). Grants access to oversighters to arbwiki. Orders Arbcom to cease any use of their mailing list (because if you're only answering queries, might as well use OTRS). Imposes certain limits on Arbcom elections that are currently determined by the community year by year in a RFC. Mandates a merger of the oversight mailing list with the arbcom mailing list (so we arbcom couldn't even open an OTRS queue without community approval if they wanted to). Forces all non confidential (but doesn't define what the thresold of confidentiality is which is actually the reason behind this whole mess) communications to happen on enwiki which means arbcom namespace and a ridicolously massive workload for the arbcom clerks due to the volume and frequency of said discussions. Confuses even more the procedures for emergency removals: it mandates that the arbcom immediately vote to remove temporarily from itself and from the CU and OS permissions anybody who "at risk" to reveal confidential informations (again, no idea what the threshold is and what at risk means) thru standard procedures; standard procedures means that the arbcom would a) exercise its pre-existing authority to remove any CU or OS with a simple majority vote (authority that stems from CU & OS being distinct from arbitrators, even when they coincide because all CU & OS including arbitrators themselves are appointed by the Committee, this is how people with less than 70% of the votes can get CU & OS) and communicate this decision to the stewards b) they would disable the user's account from arbwiki, remove the user from the mailing list and OTRS access to the queue(s) c) still expect the user to vote in cases where confidential information is required while he doesn't have access to it. In short, this proposal increases the amount of users with access to confidential informations, slows down the ArbCom's proceeding substantially, unfairly targets Oversighters and Arbcom Clerk with a lot of work and responsabilities neither have signed up for while there have been so far no proof that either of these groups have done anything wrong to deserve this, introduces weird and misguided distinctions between functionaries (if you want this sort of thing at the very least just add all of the functionaries and be done with it, why only OS get this lovely thing) and mandates strict procedures on the basis of unspecified criterias ("confidential information", "at risk"). — Preceding unsigned comment added by Snowolf (talk • contribs) 01:44, 15 December 2012 (UTC)

My opposition to proposed ideas
I disagree with the components of the proposal. I don't think it's a terrible idea, and it was certainly conceived with a laudable goal in mind - the increasing of accountability. However, I have a few issues with its content. First, oversighters are entrusted with significant capabilities and play an important role in the maintenance of Wikipedia. They should be given some discretion; if they've earned the necessary trust, and continue to demonstrate good, well-intentioned work, there is no need to overwhelm them with the threat of a biannual reconfirmation. Furthermore, rigidly regimenting the role of oversighter does nothing but make the position more uncomfortable and less capable of efficiency. Oversighters, as mentioned above, have shown the necessary trust to hold their position. Except in egregious cases, why insinuate a discontinuation of such trust?

As for ArbCom, I'm not convinced entirely-public messaging would be beneficial. I would not be opposed to arbitrators acknowledging private conversations regarding cases, or even the matter of having them with unnamed users, but think that they, too, should be given some leeway while analyzing cases. It allows them to act with more impartiality if they aren't fearing imminent "exposure" at all times. This, admittedly, brings up the problem of community oversight. The general community of Wikipedia editors should play a role in analyzing the handling of confidential material; however, the premise of confidentiality necessitates the involvement of highly-trusted editors. Therefore, they ought to be given discretion to act in certain cases without complete submission of such actions to the "public". dci &#124;  TALK   00:46, 16 December 2012 (UTC)


 * We reconfirm arbcom members every two years. So with this I was merely matching that. I was trying to keep things somewhat consistent with each other.


 * This doesn't suggest "entirely public messaging". Rather it specifies that intra-communication between the arbs should happen on either this wiki, or if confidential, partially or fully on the arb wiki. From what I can tell from the various discussions on wiki, the mail list is showing itself to be a "messy" way to do things. and transpaarency (when appropriate) and security should trump convenience. After all, all other discussions concerning the project occur on wiki. Why shouldn't these? Because sausage-making shouldn't be out in the open? If policy discussions can be out in the open, so can these.


 * And personally, I don't have much of an issue with leaving it to arbcom as a committee to decide what is confidential, and what is not. But from my read, our various confidentiality "rules" are spread from here to meta, and are in various states of update, and even in some cases contradicting each other. So, to stay out of that mess, and because technically, it wasn't necessary to address in this proposal, I merely was suggesting that the rules for confidentiality are "over there somewhere" and this proposal doesn't affect them. - jc37 15:47, 16 December 2012 (UTC)

Whistle-blowing
Certainly no one is required to maintain confidentiality if to do so is to prevent significant criminal acts coming to light.

I would also say that the vast majority of leaks form the mailing list have shown unethical or at least reprehensible behaviour by arbitrators. This too should not be considered protected communication.

The type of club-house chit-chat, branding, for example, people with any literary background as "pompous" that was seen in leaks of years gone by is hopefully no longer part of the modern milieu, but I very much fear that there is still much said in private that would not be said in public - that is the nature of the beast.

There should be at least an outline that whistle-blowing is acceptable.

Rich Farmbrough, 04:42, 16 December 2012 (UTC).


 * Regarding that first sentence, are you speaking in the context of Wikipedia/Wikimedia secret-holders, or are you speaking about society in general? I hope it is the former.  In the "real world" people should (with perhaps a few exceptions, e.g. ongoing crimes) have the right to tell certain people, such as lawyers, clergy, psychiatrists, spouses, and the like about past criminal acts in confidence.  davidwr/  (talk)/(contribs)/(e-mail)  20:23, 17 December 2012 (UTC)
 * Indeed, in UK law, confidentiality is deprecated for healthcare professionals, early years professionals, teachers, social workers and several others, who are legally required to report concerns relating to the safety of children or vulnerable adults, no matter how the information was obtained. So while a nurse or a teacher has a duty to maintain confidentiality regarding details of their charges, if they suspect the person in their care is at risk, they must report it on up to other professionals, even if the patient/schoolchild told them 'in confidence'.
 * Even under UK law, I assume a defendant's lawyer usually is not obliged to tell the prosecutor about past crimes his client told him about which the prosecutor has no knowledge of. In the United States, lawyers and Roman Catholic Priests receiving confessional (ironic, I know) have pretty much absolute ability to hear confessions of past acts in confidence.  They are even expected to keep this confidence as a condition of their job (priest) or license (lawyer). davidwr/  (talk)/(contribs)/(e-mail)  23:42, 17 December 2012 (UTC)
 * The deprecation is specific to risk of harm to a third party in certain categories. Lawyer/client privilege still applies in the UK I think pretty much as in the US (can't say I'm familiar with either). Priests however do not have privilege in UK law, which I gather is not the position in other places. Elen of the Roads (talk) 01:32, 18 December 2012 (UTC)


 * This is all well and good. However, neither Wikipedia nor the Arbitration Committee are governmental bodies, nor is the membership in either group a "profession" that requires mandated reporting in any jurisdiction. Wikipedia is a private organization, and the Arbitration Committee is a volunteer group within that private organization. In addition, it is under the jurisdiction of United States courts and laws, not those of the EU or other countries, and these laws and court precedents are quite different. Arbitrators who think their local laws might possibly impose an obligation to produce emails should probably set filters to automatically delete emails once read, set their Gchat and other chat systems to "no logging" or "off the record", and thus they will have no personal files to produce. Mostly, though, I think everyone has to take personal responsibility for understanding and acting in accord with the fact that either Wikipedia or the Arbitration Committee are governments or governing bodies in any sense of the word. Risker (talk) 21:26, 17 December 2012 (UTC)
 * You cannot have it both ways. If we are merely volunteer amateurs, there should be no grounds on which we are keeping anything secret if the community which tolerates us asks to see it. If we are claiming any kind of authority or quasi official position, then we ought to be looking at the kind of disclosure rules that other similar organisations have. After all, the governing bodies of charities are made up entirely of volunteer amateurs in most countries, and they have rules about disclosures etc. Elen of the Roads (talk) 22:12, 17 December 2012 (UTC)
 * The equivalent would be the administrator corps on a site like Reddit or the moderators on Facebook. The Arbitration Committee is *not* a charitable organization, nor is it part of a charitable organization: we're a creature of the English Wikipedia community, which has no legal status. The governance issues of which you speak apply to the Board of Trustees, not a committee like Arbcom, which is not even an official committee of the Board. Further, even governing bodies do not release full discussions; they release summaries or minutes of discussions. If it wasn't for the fact that the membership of the committee is spread out around the world and does not have the ability to carry out face-to-face or voice-to-voice meetings on an as-needed basis, with text messaging and bat-signals to alert each other to issues, we'd probably use the mailing list very rarely. It's a darn sight easier when one has the option of going to the Pig and Whistle to have the same discussion, which frequently applies to employees or trustees of organizations that are covered under freedom of information legislation, but it's not going to happen when membership is spread globally. I think this is just another example of some people thinking that the Arbitration Committee is far more important than it really is.  We have no financial capacity. We have no policy capacity outside of our own sphere. We are not in any way a governing body, nor a charitable organization, and I find suggestions that we are to be very concerning. The Arbitration Committee a bunch of folks who agreed to try to sort out difficult disputes, and handle a bit of bureaucracy, and received community approval to do so.  It is harmful for the committee to see itself as in any way having a governance role; every time it has acted as if it has one (either as a committee of the whole, or by the actions of individual members claiming authority as an arbitrator), the community has put it to rights.  Risker (talk) 23:10, 17 December 2012 (UTC)
 * Well, I'd agree with the last sentence wholeheartedly. But as to the rest, and to address the topic of this section - there's a reason I referred to the UK legislation and it's bugger all to do with claiming that Arbcom is any kind of government. That legislation was created deliberately so that a nurse, teacher or whatever could never be put in a double bind, knowing that there was a risk of harm but unable to pass the information on for reasons of confidentiality. But the seal of the confessional placed on the mailing list does not in its current format have any kind of relaxation for reporting risks of harm, so Arbs are theoretically in that double bind. Rich is only asking that it be made explicit within the policy that risk of harm information (self harm, risk of harm to a vulnerable person or criminal activity) can be passed on by an individual Arb to the appropriate authorities, and should not need the specific prior approval of the entire Committee to do it - which is the de facto current position. Elen of the Roads (talk) 00:12, 18 December 2012 (UTC)
 * The Responding to threats of harm guideline applies; I'll note that of all the times it has been invoked by Arbcom members, only twice that I can think of was there no overt threat of harm posted on-wiki, and in both cases there was a consensus amongst arbs that it should be reported. In every other case, although Arbcom has usually taken the initiative to ensure that the WMF emergency protocol is activated, it was usually the result of something posted onwiki. I've personally activated this protocol with respect to threats to other editors, threats to self, threats to public figures, threats to shoot up a school, and a few other situations; back before the days when the WMF emergency protocol was in place, I even made a few calls to the RCMP and one to the local constabulary. Risker (talk) 00:32, 18 December 2012 (UTC)
 * Yeah, and in some cases it took quite a while to get that consensus. Responding to threats of harm only relates to postings onwiki. What you are saying (the de facto position) is that Arbcom will probably come round eventually to agreeing to lift the seal in that particular instance. And even then, I recall massive discussions at least once as to whether it was permissible to forward the email that caused the concern, or whether it could only be referred to more vaguely. What Rich is asking is that policy take the double bind out. If it is a risk of harm, an individual should be able - on their conscience - to provide all the necessary information to the appropriate authorities (which in this case would likely just be the WMF emergency response team anyway), not have to wait for Arbcom to make a consensus approval that might not come in time. Elen of the Roads (talk) 00:42, 18 December 2012 (UTC)
 * I'm not sure what cases you're talking about. In one of the cases I am thinking of, it took no more than 25 minutes - which is amazingly fast for anything related to Wikipedia or Arbcom - and in the other, the first arbs to respond were able to recommend to the person on the receiving end of the threats that they initiate the WMF emergency process themselves, and assisted them in doing so. When I'm saying consensus, I'm not talking about half the committee supporting, I'm talking about all or almost all arbitrators who respond within a brief period of time supporting the action. Now, I think it important that we be very, very clear what would fall into this process. I think it would be easy to get everyone to agree that clear threats of harm to self or others (such as the examples I gave above) would fit. An arbitrator being a jerk or saying dumb things on the mailing list wouldn't. Risker (talk) 00:56, 18 December 2012 (UTC)
 * Nice one on the non-sequitur. But since you bring it up, if Arbcom really is only a bunch of volunteers doing some dispute resolution, what the hell is it doing locking anything it's members say to each other down tighter than the Pentagon. If it's not the government, it shouldn't be insisting it has state secrets anyway. Elen of the Roads (talk) 01:18, 18 December 2012 (UTC)

Freedom of information
There is a very good case to be made that all ARB-ARB emails should be released unless there is an overriding reason not to release them - even then redacted version should be considered. Possibly a time delay could be incorporated. That is the modern way even with governments. Wikipedia strives to be far more open than that.

Rich Farmbrough, 04:42, 16 December 2012 (UTC).


 * I would certainly support a right of the community to request disclosure after an event. The current UK FOI legislation exempts draft paperwork while it is in draft, but if the draft versions still exist after the event, they can be requested. The danger I suppose is that Arbs might take their comments off list - just as Whitehall has a tendency to hold discussions in the bar or the lavs (although I think they always did that) --Elen of the Roads (talk) 16:07, 16 December 2012 (UTC)


 * UK law does not apply, but I see anything that encourages draft documents to be deleted without discretion as a bad thing because it destroys history. There are times when history should be destroyed, but that needs to be decided on a case-by-case basis.  Besides, on a wiki, deleting draft versions adds administrative overhead.  davidwr/  (talk)/(contribs)/(e-mail)  20:16, 17 December 2012 (UTC)
 * Elen is not saying that UK law applies... She is merely suggesting it as a good idea and example.  Snowolf How can I help? 20:30, 17 December 2012 (UTC)
 * Just using it as an example as it's what I'm familiar with from working in local government - both the good side (more transparency) and the bad side (more deals cut in the Dog and Duck). As far as I can see, there may be some US laws that the WMF has to abide by, it has a server cluster in Amsterdam and the toolserver is in Germany, so there may be both local and EU laws that apply, but I'm a project manager, not a lawyer, so I'm not even going to speculate. --Elen of the Roads (talk) 20:58, 17 December 2012 (UTC)


 * And where would it end? Should every single admin-to-admin email that results in any sort of admin action be made public as well? What about users who hold no advanced permissions? Should we just abolish the entire email system? (hint:no we shouldn't) As Elen mentions, requiring all "official" emails to be divulged would probably just lead to more "unofficial" communication by direct email rather than the use of lists or whatever system may replace the list. Amd there is no law, none zip zero nada, that could force volunteers to publicly divulge emails. Functionaries and arbs do not work for the WMF. they are not on the payroll anymore than an IP user who just made  their first edit is. Beeblebrox (talk) 21:17, 17 December 2012 (UTC)
 * Let's not get carried away here. If there was a place where pre-decision discussion took place, one could reasonably expect to release the discussion at some point, provide those involved had been told when they signed up that this is what would happen. This will not remove the need for a place where information identified as confidential is handled, which is not subject to full disclosure. This would also not impact private conversation between individuals, which would continue to be off the record since, as you say, there is nothing which could be used to force me to disclose that eg I emailed you and discussed X. Elen of the Roads (talk) 22:05, 17 December 2012 (UTC)

I need a summary of the current rules
Please create a new informational (i.e. not policy) document that summarizes the current status quo so we can easily see exactly what changes you are proposing. May I suggest Arbcom, confidentiality, and oversight overview as a title for the current status quo?

Even if the proposal fails, having the status quo in a single document adds value to the project. davidwr/ (talk)/(contribs)/(e-mail)  20:12, 17 December 2012 (UTC)
 * It doesn't make much sense to summarize in one page unrelated things.  Snowolf How can I help? 20:29, 17 December 2012 (UTC)

whatnow?
This is a bit confusing. The straw poll has been closed as withdrawn, but this page is still open and not marked as withdrawn. Is the entire proposal withdrawn or just the poll? Beeblebrox (talk) 20:51, 17 December 2012 (UTC)
 * I don't know how to answer you, but I find that this page has a least generated some positive feedback, so dunno if it should be closed down yet or wait a bit.  Snowolf How can I help? 22:21, 17 December 2012 (UTC)
 * If this provides a forum for discussing these things, then that sounds good to me. This doesn't have to be an active proposal to have discussion. Just because this precise proposal had parts that certain Wikipedians found questionable, doesn't mean we can't use this opportunity to find out what the community thinks about these things. More input and discussion is a good thing, I think. - jc37 06:14, 18 December 2012 (UTC)