There are a number of steps involved in a thorough investigation of a harassment report. It is not enough to simply look at the description or diffs a reporter submits - in almost all cases, deeper investigation is needed.
Your first step in an investigation, after replying to the reporter to acknowledge that you received their report, is to verify as many of the reported facts as possible. This will involve:
- Opening any diffs contained in the report and verifying that they say what the report says they say.
- Verifying the identity of the reporter and/or victim: Are they actually operating the user account they claim to be, or might they be only pretending to be that account's owner? (This might be done under the pretext of a disposable, single-purpose account.)
- Verifying the account status (if applicable) of the reporting party: do they omit any material facts, such as sanctions on their account? Are there any security issues related to this account, such as a compromised password, that may call for you to take immediate action?
- Verifying the identity of the alleged harasser. Be aware that "joe jobs", where someone pretends to be another person and misbehaves in the hopes of getting the imitated party in trouble, have occurred in the past. In most cases you will not be able – or want – to verify a "real life" identity; your concern here is making sure that the account the reporter says is doing the harassing is actually the one doing the harassing
- Verifying the account status (if applicable) of the alleged harassing party: are they under any sanctions that might be related to this situation? Are they blocked or banned? Does their account appear to have been compromised in any way?
The facts you verified usually come with context that helps you to navigate the issue and understand what has happened. That makes the background an important component of evaluating a case; if you skip it, you risk overlooking history or facts that are vital to resolving the current issue.
Your background research should cover researching the involved parties along the lines of below:
- Regarding the victim:
- Has your team dealt with this person before (whether as a victim, a reporter, or a harasser)? Were their reports and/or opinions reliable in any previous dealings you have had with them?
- Does this person have a history of having been harassed, whether by the current alleged harasser, or by others? (If yes, you may, for instance, be dealing with a sockpuppet of a previous account.)
- What is this person's reputation in the community, and are the events in this report uncharacteristic for that reputation? They may be known as someone superbly level-headed or as someone who overreacts; either of those being true will have bearing on how you interpret their report.
- Regarding the reporter (if different than the victim):
- Has your team dealt with this person before? Were their reports and/or opinions reliable in any previous dealings you have had with them?
- Does the reporter have a known relationship to either the victim or the alleged harasser? That is, might there be an ulterior motive in their report (backing up a friend who's in conflict, exaggerating a situation to make a rival look bad, etc)?
- What is this person's reputation in the community, and are the events in this report uncharacteristic for that reputation? They may be known as someone superbly level-headed or as someone who overreacts; either of those being true will have bearing on how you interpret their report
- Regarding the alleged harasser:
- Has your team dealt with this person before? Do they have a history of being reported for harassment? Have they been harassed themselves in the past?
- Does this person have any known friction with either the reporter or the victim? It may be that this reported harassment is simply the latest front in a long-term war.
- What is this person's reputation in the community, and are the events in this report uncharacteristic for that reputation? They may be known as short-tempered or tactless, or they may be known as someone who is never unkind to others; either of those being true will have bearing on your investigation. Search the archives of relevant noticeboards, and look at the block log of the user to determine whether they have been sanctioned for problem behavior in the past.
Adequate background research will not stop at just the two or three involved parties, however; it will also take into account the relationships those parties may have to other editors or groups, as well as any general history of the point of dispute (if any) in the harassment:
- Any organizations that any of the involved parties are affiliated with, and whether those organizations may also be in conflict
- Any off-wiki activities any of the involved parties may be involved with that are relevant (for instance, someone may be known to participate in a subreddit that enjoys doxxing others, or may be open about having a certain gender identity or political view)
- Whether the harassment report reflects a known long-term pattern of thematic conflict involving broader groups of users; for example, homeopathy-related editorial controversies.
A caveat on background research: Context is not synonymous with rationalization or excusing. Your background and context research will help you understand the situation at hand, and they may explain why harassment occurred in a valid report, but they will not make a valid report invalid. Therefore your analysis of a report should focus on the events described within the report.
This is primarily because all contributors are equally responsible for their words and actions. A long history of quality contributions does not excuse bad behavior, nor does being objectively "in the right" or having been victimized in the past. Likewise, a history of bad behavior does not make a contributor “automatically” guilty when accused.
Useful tools for gathering evidence
The editor interaction analyzer can help you see where and how two users have interacted on a specific wiki. It can be useful in examining the background of a dispute between editors or claims of long-term harassment.
The revision history tool (sometimes referred to as “Wiki Blame”) can help you locate the appearance of text strings within revisions on a specific page and can be helpful finding a specific comment or edit.
Knowing how to search subpages of a given page (that is, to search pages under a certain prefix) will let you narrow an on-wiki search to the content of only those pages. For instance, if you wished to search all archives of the Meta Wikimedia Forum, and only those archive pages, for a specific term, you would put your search term in the search box, followed by “prefix:Wikimedia Forum/Archives/”. The results Search returns to you will be occurrences of the search term only in pages whose names begin with Wikimedia Forum/Archives/.
Understanding "actionable" versus "non-actionable"
What would you do?
This module will periodically present you with “what would you do?” scenarios - hypothetical accounts of difficult situations. The goal in these sections is not to test whether you arrive at an objectively "correct" single answer, but rather to give you a chance to think about the different types of situations you may encounter, and the many issues and decision points that affect any eventual outcome you settle on.
User A contacts you to indicate that they feel unsafe because of the way User B has conducted himself in an on-wiki talk page dispute. In reviewing the talk page, you see some minimally aggressive discussion where User B is dismissive of User A’s opinions and suggestions without giving a lot of explanation. Several edit summaries may cross the line into personal attack, referring to User A’s comments as “stupid” or “trolling,” while User A’s comments appear reasonable.
On deeper review, you find a long history of disagreements between User A and User B, including an incident the previous year where User B complained about personal attacks from User A to local administrators and it was recommended that User A avoid antagonizing User B. What further context could be useful to you in determining your appropriate response?
What if, all other circumstances being the same, User B had resorted to stronger language in the current confrontation? What if in your review you discovered that User A had been following User B’s contributions?
If you were in this situation... what would you do?
Not everything you investigate will ultimately turn out to be actionable. Even in situations where wrongdoing is confirmed, you may simply not be able to take measures against the reported user. For instance, if an attack has happened on social media and you are unable to reasonably connect the social media account with a Wikimedia one, you may have no options for on-wiki action. In other cases, the victim may have been subjected to negative treatment by another editor, but the actions don’t meet the standard for harassment or rise to a level that merits action under local policies and guidelines.
In such cases, the best of your available courses of action is not to punish the alleged attacker, but rather to provide support to the reporter. Keep in mind that not taking action against a reported aggressor doesn't mean the reporter was necessarily wrong to report this as harassment. Nor does it mean the report was inaccurate, or that either party is totally innocent. A "non-actionable" report is not the same as a false report – it is simply one that you cannot take direct action to resolve.
Documentation of what you have learned and done in harassment cases is very important for a few reasons. First, private investigations performed off-wiki, as most harassment investigations will need to be, are not automatically documented the way on-wiki edits would be; all the future will know is what you record. Second, no single person or set of people who performed an investigation can be expected to remain in their role forever; if you drift away from your role in the future, others will need a way to find out what happened and why it happened in any given investigation.
On the other hand, it is important to be aware that "documentation" doesn't – and shouldn't – mean "public documentation". The parties involved in an investigation are entitled to as much privacy as you can reasonably give them while still doing your job, and it is your responsibility to protect information about them/the investigation by storing it somewhere reasonably secure.
What does appropriate documentation look like?
To a certain extent, what "appropriate documentation" looks like will depend on who is performing the investigation. If you are performing an investigation as part of a functionary or arbitration committee team, your team should:
- Record a summary of your investigation on your team's private wiki, if appropriate based on that wiki's policies.
- Record the names of those who investigated and/or voted on outcomes for the investigation.
- Take screenshots or gather diff links of evidence that informed any eventual outcomes of the investigation. Store these somewhere accessible to your team, such as on a private wiki or in an email to your team's secure, archived mailing list.
If you are evaluating an initial complaint before passing it on to other functionaries or to the Wikimedia Foundation's Support and Safety team, make sure that your communication to the other investigating group contains:
- Contact information for you
- Contact information for the reporting party and/or victim
- A summary of the complaint
- Functional links to any relevant URLs
- Functional diff links to any specific on-wiki edits relevant to the complaint (if you have them)
- A summary of any preliminary investigation work you may have done
Where should the documentation be stored?
The answer to this question depends on your role. Some groups, such as Arbitration Committees, may have their own “private” wiki. Other groups may primarily use email in their communications. Individuals receiving reports may have no designated place to document. So, work either in your team’s designated space or in a secure document of your own creation to store the information.
Do not use an on-wiki “sandbox” or userspace page, and avoid hosting your documents in publicly accessible places, such as an unsecured “cloud” storage account. Collaborative documents such as Google Docs can be useful; however, careful attention to the “sharing” or security settings is required (see Google’s help page on this topic). Your documents may well contain personally identifying information, and a “leak” could permanently damage the reputation and public trust that users have in your group.