Talk:Requests for comment/Privacy violation by TBloemink and JurgenNL

Appeals can made to me? Please explain to me (a member of the Dutch wikicommunity) why the Dutch community should not decide themselves who they trust and who they distrust? On what authority is a employee of the Foundation suited for such a decision? Do you have any knowledge of Dutch? Peter b (talk) 21:00, 2 October 2014 (UTC)[reply]

(I don't want to answer the question whether the WMF should overrule local communities or not.) At Wikimedia Commons the desysop was reverted by a local bureaucrat. Probably there will be a separate local desysop procedure at Wikimedia Commons. Also the OTRS admins have decided themselves to remove access to OTRS for both users. Jcb (talk) 23:36, 2 October 2014 (UTC)[reply]

Peter's comment about knowledge of the Dutch language remains valid. The Commons oversighter who reverted the Commons restriction is Polish and according to his UserPage he understands a wee bit German, similar, but certainly not the same as the rich Dutch language.  Klaas `Z4␟` V 06:48, 3 October 2014 (UTC)[reply]

All involved parties made their statements in English. I don't see how knowledge of Dutch has anything to do with the Odder action. Jcb (talk) 07:04, 3 October 2014 (UTC)[reply]

User:Peter b, good question, and a fair one. The statement actually means that the Foundation will not allow access to those tools for the full year, and the users in question (TBloemink and JurgenNL) are welcome to appeal to us after six months. During that time, no, no community should decide to grant advanced privilege access. This has nothing to do with whether or not the Dutch community trusts them - it means that for that period, the Foundation does not. And as the body that is responsible for those tools, we do not wish those users to have access to them. Philippe Beaudette, Wikimedia Foundation (talk) 00:34, 4 October 2014 (UTC)[reply]

WMF has decided that "TBloemink and JurgenNL not hold positions that require or grant any advanced privileges". I'm a bureaucrat at the Dutch wikipedia and TBloemink has requested to be granted the rollback-privilege (which he lost after he resigned as moderator). My question to Philippe Beaudette/WMF: is this rollback-privilege also an "advanced privilege" (and thus leaving us no choice but to reject his request), or are the "advanced privileges" only those privileges that could give access to privacy-related information (mod, CU, OTRS, etc.), in which case the decision to grant the rollback-privilege is still up to the Dutch community. CaAl (talk) 09:03, 3 October 2014 (UTC)[reply]

I am not sure if I am allowed to respond here but I like to give my interpretation of advanced: anything that a normal editor can't. Every editor can revert edits, though not as fast as a rollbacker. But in theory, granting me rollback is not giving me more permissions than I already have. Also it can wait a few days due to my block. — TBloemink _talk 11:23, 3 October 2014 (UTC)[reply]

@CaAl: The Dutch community can probably make its own decision on whether the right can be retained. TB's commentary about no additional access to personal information is correct.  — billinghurst sDrewth 13:10, 3 October 2014 (UTC)[reply]

My original intent was that they have all permissions except edit rights removed. But I hear the argument that rollback is simply an alternative method for editing. The logic I would go through on that is: "If I'm a regular editor, and someone with rollback tells me something, do I give it additional credence? Does it convey authority?" If the answer is "No", it does not convey additional authority, then i'm fine with adding it. If it does, I would not add it.

With that said, I'm not going to get worked up about rollback. So I leave the final decision to the person adding it, and trust that they know their communities and their will. I won't make a fuss to anyone who adds rollback, because I can understand that decision. Philippe Beaudette, Wikimedia Foundation (talk) 22:10, 3 October 2014 (UTC)[reply]

FWIW, the terminology used by English Wikipedia ArbCom is "advanced permissions" (w:en:Wikipedia:Arbitration_Committee/Procedures#Removal_of_permissions), and I would expect rollback to be included within the scope of that en.wp arbcom procedure, but rarely would be used in the implementation; i.e. it would be rare that the ArbCom would decide to remove sysop and also dictate that rollback, autopatrolled, editor (on de.wp), etc can not be granted to the user by the community, at least for the first offence as the presumption should be that the communities are able to appropriately handle such matters. Given that an ArbCom wouldnt likely overrule the community wrt rollback, I consider it a bit odd that WMF would concern itself with rollback and similar.

I suspect this aspect might be more clearly defined (and more broadly accepted) if the WMF reformulated this (and future) intervention around 'access to non-public information' rather than 'advanced privileges', as the misuse of non-public information is a central component of the problem, and access to non-public information is an area the WMF is traditionally given more latitude to act unilaterally. 'access to non-public information' covers sysop (due to deleted revisions & pages), but wouldn't include rollback and similar capabilities. The WMF needs to trust the projects to act appropriately wrt permissions; if it doesnt, WMF is going to become GovCom, and many more volunteers will leave, for good or ill. Anyway, just some random thoughts. John Vandenberg (talk) 03:44, 4 October 2014 (UTC)[reply]

As a note the RFC that created the policy Admin activity review created a definition for advanced rights that may be useful for guidance.  — billinghurst sDrewth 12:20, 4 October 2014 (UTC)[reply]

So, is global rollback an advanced privilege? global rollbacker can not view any deleted content.--GZWDer (talk) 11:06, 6 October 2014 (UTC)[reply]

@GZWDer: I believe that the commentary is that Philippe has set the quality standard, and rollback is in the grey zone, and he will let community decide.  — billinghurst sDrewth 11:36, 6 October 2014 (UTC)[reply]

Hi User:Philippe (WMF), could you point to the section(s) of the Terms of use that the WMF has used to revoke these sysop rights / advanced permissions without following community procedures? There is a little commentary about this aspect at c:Commons:Village_pump#Re-sysopping_of_JurgenNL_.28talk.C2.A0.C2.B7_contribs.29, but no doubt the WMF team know which parts of the ToU they determined were violated, and the provision therein used to desysop, so sharing that would put the matter to rest. John Vandenberg (talk) 00:32, 4 October 2014 (UTC)[reply]

Hi John: the legal team tells me that we rely on Sections 10 and 12 for this authority. Philippe Beaudette, Wikimedia Foundation (talk) 00:44, 4 October 2014 (UTC)[reply]

User:Philippe (WMF), could you point out the words in either Sections 10 or 12 which cover revoking sysop rights / advanced permissions?

Try as I might, I cant see the provision for it in section 10, and section 12 (Termination) doesnt read as giving the WMF the ability to select which privileges a user may have, except that 'read' access is given to users even if their edit rights have been terminated.

But, I havent yet reviewed the archives to see if this type of implementation of the ToU was discussed prior to the board approval. John Vandenberg (talk) 04:24, 4 October 2014 (UTC)[reply]

John, are you trying to imply that WMF only has a binary position on this? Use or no use, rather than a graduated means to respond to issues? The WMF has been managing privacy issues, and relies on the recommendation OC for a subset of activities, and presumably that has come from Refuse, disable, or restrict access to the contribution of any user who violates these Terms of Use where the ability of a user to contribute by use of admin tools. Are you saying that you are wishing for specific text in the ToU that addresses the abilities of the WMF to be able to change admin rights? That would be very specific. Are you suggesting that the WMF must not have obligation to manage the removal of rights in particularly problematic events? Or are you seeing that maybe there may be some requirement to be a little more explicit to avoid concerns that the power doesn't exist?  — billinghurst sDrewth 10:14, 4 October 2014 (UTC)[reply]

As I read the entire document, "Refuse, disable, or restrict access" isnt able to be used to unbundle the rights that WMF gives to users on each project. Throughout the document 'access' is used in a way that is not able to be bent to mean 'access levels' or grades of gray. So far I can clearly see that the WMF has the right to terminate access entirely (other than read access), and most of the language used is quite unambiguous about that interpretation.

I personally think termination of contributions is a good line in the sand: the community (of each project, and/or meta) is responsible for managing persons rights within their project, but the WMF steps in if they deem the person to have violated the terms of use in a fashion that the users contributions are no longer tenable at all. I think the WMF should use that power more frequently than they do. In the section above I also suggest that 'access to non-public information' might be another reasonable line in the sand, where the WMF would be able to remove certain permissions from users in situations where they feel that complete termination is not appropriate. However I do not see that capability in the ToU as written, and dont recall it being discussed in the drafting phases, which prompted me to inquire here. John Vandenberg (talk) 11:50, 4 October 2014 (UTC)[reply]

Removal of admin rights without addition for a period of time is "restrict access", and previous withdrawal of CU/OS rights hasn't been an issue. I think a line in the sand about no advanced rights is also acceptable, and that is what has happened here. Advanced rights are a privilege, not a right, and where WMF has concerns then their duty of care, and due diligence should override any local community ... "line in the sand".  — billinghurst sDrewth 12:01, 4 October 2014 (UTC)[reply]

billinghurst, regarding 'restrict access' I hear you, that you find that term in the ToU to be acceptable as authority to remove admin rights, but I am dubious about that, and I waiting for clarification from the WMF.

As far as I know, removal of CU/OS rights in the past hasnt been performed citing the ToU as the justification and authority to do so. CU and OS each have a policy that includes a section regarding removal of access (CheckUser policy#Removal of access & Oversight policy#Removal of access) and each refer the matter for review to a) the local community and b) the WMF Board. Nowhere do those policies say that those permissions are the responsibility of WMF staff. Is those policies no longer accurate?

Regarding 'advanced rights' more generally, as far as I know all WMF-level policies to date have very clearly (and often explicitly) excluded the sysop toolset & non-suppression revision deletion from their scope, and I cant recall (offhand) the WMF staff making a decision about adminship previously on any (large) project - they might make comments and provide evidence to arbcom/stewards/etc, but leave it for the local (and meta) community to make decisions using established procedures and/or communal practises. The closest I can think of was the ace.wp banner problem, but it was a small wiki and I dont recall if stewards or staff made the final call, and what authority they used. Can you think of any examples more similar to the current situation?

Regarding 'duty of care' and 'due diligence', I assume that the WMF is roughly 'all care, no responsibility' when it comes to any legal duty of care not explicitly covered by an existing WMF policy. On the social duty of care front, I appreciate them taking an interest in this case, but I cant see how it helped, as I am pretty sure the community would likely have reached the same conclusion, just as quickly. 'Due diligence' in my world requires that processes are followed quite rigidly, and are improved when weaknesses are found. e.g. higher levels of authority must not interfere with a complaint process until it has exhausted all lower levels of authority. To do so would mean that the higher levels of authority become conflicted and must remove themselves from review when the matter reaches higher levels, and consequently reduces the likelihood of uncontroversial and impartial hearings at all possible levels, should the need arise. John Vandenberg (talk) 15:02, 4 October 2014 (UTC)[reply]

A policy to act stems from ToU. The OC policy is there to guide the community how to complain about alleged privacy breaches, and what happens with the outcome; with the ToU then giving the WMF ability to act. If you believe that there is a need for a specific policy here now, then 'go for it', personally on the extremely rare cases where WMF steps up I am comfortable with relying on the terms. Sure, that the WMF level policies have indeed not worked down to admin level, and it should remain that way, as long as the ToU are not inhibited from acting on these rare occasions. We definitely don't work policy overkill, and can point to specific cases as examples f the ToU in action. In this case, I would have liked for the OC to have been able to take the case, and provide recommendations, however, it seems to sit as a grey edge case for the OC, and there appears to be hesitation to act, or to step into the grey area. Re Commons, they hadn't acted, so your opinion is just that.  — billinghurst sDrewth 15:39, 4 October 2014 (UTC)[reply]