- Page created by Daniel, 2 May 2007: draft
- Last modified by Daniel, 3 May 2007: '''update:''' Cary clarified that [http://lists.wikimedia.org/pipermail/foundation-l/2007-May/029895.html the 60 days have not yet started sticking]
Wikimedia has adopted a new policy for access to nonpublic data, which requires everyone with access to stuff like user's email or IP addresses to verify their identity with the Wikimedia Foundation, and prove that they are over 18, within 60 days. This includes stewards, people with checkuser or oversight rights, all OTRS volunteers, and people with direct access to the database.
The resolution was passed on 11 April. A lot of people heard about it for the first time only on 1 May, when Wikizine wrote about it - nearly half of the 60 days are already passed (update: Cary clarified that the 60 days have not yet started sticking -- Daniel 14:13, 3 May 2007 (CEST)). The new policy caught a lot of users by surprise - there are quite a few people under 18 that do "sensitive" job currently, mostly answering mails as OTRS volunteers. One very active admin and tool-smith (see wikicharts), wp:de:Benutzer:LeonWeber, considers to stop all his wiki related activities if the foundation no longer trusted him because of his age. That would be a real loss. I can understand his disappointment: especially for young people, online communities are finally a place where they are not looked down upon because of their age, where they are judged by what they do. Now the most active and trusted onces of our young contributors are basically told to stuff it.
On the other hand, this resolution seems prudent from the foundations point of view: if they tell users that some kind of informations will not be published, and trust volunteers with handling such sensitive information, there has to be a way to hold those volunteers accountable for their actions. Basically, an organization never trusts anyone, it delegates responsibility. But wouldn't that mean that people trusted with handling sensitive information would be require to actually sign a contract with the foundation?
It seems that the resolution in its current form was a bit rash - I'm sure there have been discussions about it somewhere, but this kind of thing should really be mulled over by the community. So, I ask the board to think of the children! Especially with regards to OTRS (probably the point affecting most under-age contributors), I wonder what kind of personal data is generally handled there - perhaps it would be possible to have the strict age rules only for sensitive queues (read: mail boxes)? Or how about a statement from the parents, that they assume responsibility? Would that be acceptable, or too unsafe, legally?
The resolution is also quite unclear about a lot of critical points. For example it talks about developers with access to any electronic records which contains nonpublic information. Well, developers never have access to such information (at least not in their function as developers). This is about server admins (or rather, shell access on the servers, or root on the toolserver), not developers. This is often confused by Wikipedians, but perhaps the board should get it right. And it should be clarified - I really hope it is not supposed to mean that people with commit access to MediaWiki's SVN repository are now required to be over 18 - that would rob us of some core contributers.
It's also obscure how people are to prove their identity and age. Just write a mail? Do we have to travel to Florida to leave fingerprints? One obvious option would be to require a scan of an id card. But such a scanned image can be altered just as readily (and AFAIK legally) as a simple text message. It could also be anyone's ID card. And it might be written in Arabic, or Korean, etc. Maybe an email signed with a good cryptographic key (i.e. one signed by trusted people) would be sufficient? But hearing the rumor on IRC that the person who is supposed to organize all this doesn't know what PGP is made me wonder if anyone even thought about these issues. That was a bit of a misunderstanding. Sorry Cary! -- Daniel 13:49, 3 May 2007 (CEST)
In conclusion, such a policy may be a necessary evil. But it could be a bit more fine grained, and better thought out. Just passing a resolution, not telling people for weeks, and then giving no concrete info about the why, who and how, simply doesn't cut it.
| Free Content |  |
[talk page]Talk:Think of the children
The above comments may have been left by visitors.
This site's operators can not take responsibility for the content of such comments.
[edit] Superb post
Is there any truth to this?
Regardless, excellent post that summarises a lot of concerns regarding this resolution, including the lack of research beforehand (to see how it would affect operations), lack of actual thinking (regarding the practical issues of actually complying with this) and lack of communication to the people it affects, which cycles back to point to the first issue again.
No, it's nonsense
Someone evidently misinterpreted a comment I made to another user about a specific type of PGP that I'd never used. It suddenly becomes now that the person organizing it don't know what PGP is. I know what PGP is. Cary Bass 13:39, 3 May 2007 (CEST)
I'm really sorry about this mistake. I have corrected it in the article. -- Daniel 14:05, 3 May 2007 (CEST)
the foundation no longer trusted him because of his age
[edit] German discussion
German speaking people are perhaps also interested in the discussion here: http://wikipedistik.de/2007/05/02/drecksarbeit-erst-ab-18/
[edit] PGP or GnuPG
I'm sorry, but it does not make things any better to know that Cary knows PGP. It still shows that he has no idea on how to handle such sensitive data. Or is he going to encrypt the data using PGP?