Wikipedia talk:Arbitration Committee/Checkuser requests

Questions on requirements.

2. Good standing. What level of good standing?
3. Technical expertise. What gives? What level of expertise do we need? What language?
4. Why is this needed? {Slash-|-Talk} 03:42, 28 March 2007 (UTC)[reply]

I assumed 3 is to do with being able to interpret WHOIS results correctly. --Deskana (talk) 03:44, 28 March 2007 (UTC)[reply]

(2) Trusted by the community to handle sensitive IP data. This is probably a level of trust greater than most other on-wiki jobs.

(3) Knowledge of basic networking. How IP masks work, what DNS is and how to run reverse DNS, how to tell a proxy, etc.

(4) Because checkuser, if improperly used, has the capacity to get the Foundation into real legal trouble. Raul654 03:45, 28 March 2007 (UTC)[reply]

really big legal trouble. See the m:Privacy policy and m:CheckUser policy. Cbrown1023 talk 00:27, 29 March 2007 (UTC)[reply]

Shouldn't we set up a process like Requests for Adminship? It'll be hard on the bureaucrats and stewards to find out everything by themselves. {Slash-|-Talk} 03:54, 28 March 2007 (UTC)[reply]

No, we shouldn't. This process is explicitly designed NOT to be like RFA. It will be a one time signup, and the only people who get to vote are the arbitrators (so I don't know what you mean by stewards and bureaucrats). Raul654 04:46, 28 March 2007 (UTC)[reply]

To clarify, stewards and bureaucrats have absolutely no bearing here. This is, and will always be on the English Wikipedia, a matter up to the Arbitration Committee, and only the Arbitration Committee. The ArbCom looks at this list, sees who they can trust, and then picks whoever they want and gives them the rights. Cbrown1023 talk 00:20, 29 March 2007 (UTC)[reply]

Is this page only for CheckUsers, or will the users here acquire oversight rights? If not, will oversight be available in a way similar to this? Titoxd^{(?!? - cool stuff)} 04:18, 28 March 2007 (UTC)[reply]

We have not discussed oversight. Raul654 04:45, 28 March 2007 (UTC)[reply]

Here's what Essjay gave me when I first inquired about gaining checkuser access.

This is what I usually tell people: If all of the following questions
make sense to you, and you could answer them thoroughly if asked, then
checkuser may be right for you. If none of it makes any sense, then
probably not.

Technical questions:

Do you know about the operation of IP addresses? Can you spot a dynamic
IP vs. a static or semi-static one? Do you know how to confirm an open
proxy? Are you familiar with the major ISPs and how they operate (for
example, which ones use proxy pools and which use transparent proxies,
and indeed, what those are)? Do you know where to go to find more
information about an IP? Do the terms DNS, traceroute, whois, IMAP,
ping, and reverse lookup have any special meaning to you? Are you
familiar with the operation of IP ranges? What do the terms /8, /16,
and /24 mean to you? What does 0.0.0.0/0 represent?

Policy questions:

Are you familiar with the checkuser policy and the privacy policy? Are
you willing to provide your real name and proof of identification to the
Foundation's counsel, and to accept any liability that may result from
your actions with checkuser? Are you aware of the various levels of
consequences concerned with releasing a contributor's IP address, for
you, the Foundation, and the contributor?

Practical questions:

Do you know how to say no? Are you the kind of person who would rather
do something than tell someone they are out of line? Do pushy editors
make you particularly uncomfortable and stressed? Are you comfortable
accessing and retaining extremely dangerous personal information? Do you
have the time to dedicate several hours a week to running checks and the
resulting investigation? How much time and investigating do you think
goes into the average check?

And the last one, which, even when I don't ask for answers to the above,
I still like to hear the answer to:

What kind of output do you expect you'll see when you click "Check user"
for the first time?

You needn't answer any of the above questions (though, as I say, I'm
always interested in the last one), just think about them, and whether
or not you could answer them. If you can confidently go down the list
and answer them all, then go for it. If most make sense but you want to
know more, ask one of us that has it and we'll be happy to tell you.
(And, of course, if you get it, we're happy to walk you through your
first few checks, and are always available to double check if you need
it.) If none of the technical questions makes any sense, and the
practical ones are anxiety inducing, then the tool and the
responsibility (burden?) that comes with it might not be a good match
for you.

Feel free to email me or any of the other checkusers privately if you
want to discuss it more.

• I'm going to assume that the answer to the last question is that you would see what you would see if the user in question was editing anonymously. That is a list if his recent x number of contributions and the ip addresses he made them from. It would then be up to you to determine if the ip address(s) in question solely belonged to him, were an ISP dialup pool, a library/school/webcafe common computer, a kiosk at the airport, open proxy, ISP caching proxy etc. You would have to then use this information to do a little detective work. Is the account in question a sockpuppet for user:Bozo or just some poor shmoe who happens to live in the same city and use the same ISP as user:Bozo? --Ron Ritzman 00:09, 30 March 2007 (UTC)[reply]

After doing the task for a few months, I find these to be a very good starting point. Also, ask yourself: do you have a large appetite for tedium, and a good tolerance for unhappy people? Because one way or another, doing this job involves making people unhappy -- and it's remarkably tedious, though I bet someone clever could whip up some scripts to make the process more automated. --jpgordon^∇∆∇∆ 05:48, 28 March 2007 (UTC)[reply]

Not to mention the countless nags about "why did you decline Wikipedia:Requests from checkuser/Case/x" on your talk, citing UC's current talk page as Exhibit 1; you will also need a well-tuned bullshit sensor, because a large portion of the people who end up at RFCU are wikilawyers (as SSP failed). And wha Jpgordon said :) Daniel Bryant 22:40, 28 March 2007 (UTC)[reply]

It's no secret I made some mistakes regarding IPs in my early days as an administrator, but I've learned from them and I'm unlikely to make them again. How will arbcom determine if a user has the relevant knowledge? - Mgm|^(talk) 11:22, 29 March 2007 (UTC)[reply]

• See the previous. --jpgordon^∇∆∇∆ 14:53, 29 March 2007 (UTC)[reply]
  • I assume you don't want 25 emails answering Essjay's questions, but will privately contact applicants you are considering. Thatcher131 14:55, 29 March 2007 (UTC)[reply]
    • Assumptions themselves are a useful shibboleth. --jpgordon^∇∆∇∆ 15:08, 29 March 2007 (UTC)[reply]

I think it is important that the ArbCom have more information about the folks proposing themselves for CU than just a bare name. It might be useful to have the list turned into a table that collects other information (adminship on other projects, whether or not the user is a 'crat on other projects, whether or not the user is a steward, whether or not the user has an OTRS ID, whether or not the user has a wikimediafoundation wiki account, whether or not the user has (or had) CU on any other project, and perhaps other information) All of these things are potentially indicators of trust by other communities, and many of them are also indicators that the user already has some expertise in handling sensitive matters, which is an important factor for consideration. I suggest that the list be converted to a tableish format similar to meta:OTRS/personnel which has a lot of information of this sort already collected. If this idea is adopted, probably the folks who indicated interest ought to be notified so they can revise their entry, it potentially would not be fair to early signers to not get a complete picture of everyone. There are some highly qualified candidates on the list already, and perhaps not all arbcom members are aware of exactly why they are so qualified. ++Lar: t/c 12:05, 29 March 2007 (UTC)[reply]

• Certainly, and I can tell you right out that we're not going to select anybody based solely on their entering their name on the list. This should not be a public process; it was a mistake making it one like this. --jpgordon^∇∆∇∆ 14:54, 29 March 2007 (UTC)[reply]

I would suggest candidate statements such as was done on m:Stewards/elections 2006-2, though without the vote. Users would explain why they want checkuser access, how they can help, what prior experience they may have had, indicate positions of responsibility in the community, et cetera. This is far more open than a table, which requires that we think of everything that can be said ahead of time. —{admin} Pathoschild 17:54:20, 29 March 2007 (UTC)

I can't speak for the other arbitrators on this, but I'll certainly ignore any public statements. This job is about discretion, not about public image. --jpgordon^∇∆∇∆ 18:00, 29 March 2007 (UTC)[reply]

The idea isn't to build a public image, but to provide information. How do you know whether a user is in good standing, or whether they have already proven their identity to the Foundation? Research on each individual candidates would work, of course, but simply asking the candidates to provide the information when they apply would be easier. —{admin} Pathoschild 18:46:51, 29 March 2007 (UTC)

Well, I was going to post about it. The thing is, if the arbcom asks the candidates, they're confirming to the arbcom, not to the foundation. But I suppose the arbcom could just ask the foundation. And many of us have already had our identity verified by the foundation. -- drini ^[meta:] _[commons:] 19:40, 29 March 2007 (UTC)[reply]

However I agree that this list wasn't the best idea. Creates unnecessary work (wanna take bets on how many people will sign up duringthe week? It's even been mentioned on mailing list) and really not about discretion-- drini ^[meta:] _[commons:] 19:41, 29 March 2007 (UTC)[reply]

• Soliciting a list of interested candidates is not a bad idea, even when done in a public forum. Obviously all additional steps of selection will be handled privately, and the selected candidates may be based more on the personal knowledge of arbitrators of the work of the various individuals than on a more comprehensive review of the candidates. And that is OK, we just need a group of qualified checkusers, not a perfect selection process. Personally I am pleased that ArbCom has decided to end the era of the shortage of checkusers. Hear, hear :). NoSeptember 00:03, 30 March 2007 (UTC)

  See my comment above regarding assumptions. --jpgordon^∇∆∇∆ 03:02, 30 March 2007 (UTC)[reply]

  My assumptions are irrelevant. I'm encouraging ArbCom to follow through with action, while not being foolish enough to apply for this drudge work myself ;). NoSeptember 04:46, 30 March 2007 (UTC)

This was an email I sent to the ArbCom list yesterday, expressing my frustration at how this was set up. I've pretty much copied the email verbatim, so some parts might not be completely pertinent to this talk page:

For what it's worth, I don't particularly like how this was set up. We had limited discussion here on the mailing list - though I'll be the first to admit that I was (and still am) severely behind on catching up with emails due to a personal emergency - and the idea of having such a page was only bounced around a few times, with no definite "yes" or "no" conclusion yet, I feel. In addition, the page has not yet been mentioned on our mailing list, with me only stumbling upon it by reading the Signpost's suggestion page. Though I see that it has been posted onto the Village Pump, I would have hoped that we would been informed of any such page creation at the first opportunity, given its "official" nature. There also seems to be quite a few unanswered questions about the process itself. First, we were telling users as close as two or three weeks ago that we had no plans to expand CheckUser, and there were a few comments by other people - Steve, particularly, I think - that seemed to indicate that the right should be granted primarily based on trust, in addition to technical expertise. Now we're telling people to "sign up" - i.e. simply listing their names - without any process to judge community trust. (Yes, I see the comments on the talk page.) Admittedly, we can do that ourselves to a certain extent, but I think if we are doing such a "roll call" for interested users, it would be inherently unfair to disallow any comments by the community on their level of basis and trust, and any possible concerns regarding the users. After all, we can't possibly know of all concerns regarding these people, and to suppress any such public discussion should not be a goal that we are interested in, if we are indeed making a public call for interested people.

Besides, the very process of selecting which users to grant CheckUser access is unclear, and should have been discussed at length prior to "going live." What happens if (hypothetically) we are not satisfied with any of the users requesting the status? Do we say "sorry, there were no qualified applicants"? How do we decide amongst ourselves which users to grant CheckUser, and how many? Will it take a simple majority to reach a decision, or will we require a true consensus among ourselves? How do we judge the technical expertise of the applicants, with them only listing their names? Even in much simpler processes, like RfA, candidates are required to make some form of a statement, and to have users only *listing* their names seems genuinely unhelpful - we don't have anything, save our own personal views/trust of each candidate, to gauge each candidate.

(This will be cross-posted to the talk page, baring any objections, since I don't think I mentioned anything that shouldn't be public.) Thank you, and apologies for my frustration at how this was done.

These were my initial thoughts on the matter when I first saw the page yesterday, and my views still are the same. I've attempted to raise some discussion about this on the mailing list, and there has been a suggestion to just close down this whole process right now as inadequate and inappropriate for the current time. This will need some more discussion, though - I do sincerely apologize for the confusion that we've caused with this page, and do strongly urge people to at least temporarily refrain from listing themselves here until things are settled down and clarified, as there's a strong possibility that the process will be removed. Thank you! Flcelloguy (A note?) 00:12, 30 March 2007 (UTC)[reply]

Likewise, I don't think this really got ratified by the arbcom as a whole before being put up and I don't think it was fully thought out, either. I think it is very likely that any such procedure will be substantially modified before being acted upon. Users should not expect that any listing here will be acted upon. Matthew Brown (Morven) (T:C) 00:25, 31 March 2007 (UTC)[reply]

Is there actually a shortage of check users? SlimVirgin ^(talk) 00:54, 31 March 2007 (UTC)[reply]

Apparently there's been no checkuser responses to Wikipedia:Requests for checkuser/IP check since 10th March? Gosh. --Deskana (ya rly) 00:56, 31 March 2007 (UTC)[reply]

Is it not a question, then, of asking those with check user to use it more often or (dare I say it) give it up to someone else? SlimVirgin ^(talk) 01:06, 31 March 2007 (UTC)[reply]

I really don't know, I can't comment on why the arbcom is doing this. I was just stating the facts :-) --Deskana (ya rly) 01:07, 31 March 2007 (UTC)[reply]

First of all, there have too been responses in the IP check section since 10 March; I've been there as recently as Wednesday. The problem is less the shortage of humans than a shortage of decent tools; the process right now is awesomely cumbersome, especially for these requests with dozens of names listed. --jpgordon^∇∆∇∆ 01:34, 31 March 2007 (UTC)[reply]

My bad. --Deskana (ya rly) 01:34, 31 March 2007 (UTC)[reply]

If.. checkuser carries legal consequences (and that's why it's going to be requirted to identify befor the foundation), why not the age limit as well? On the stewards election, and also becuase the position carried legal consequences we were asked to identify ourselves before the foundation, and also confirm our age. Why is age not a concern here? -- drini ^[meta:] _[commons:] 01:23, 30 March 2007 (UTC)[reply]

I tend to agree with this (even though it would be cancelling my name off). A clarification would be handy; further, browsing down Special:Listusers/checkuser, I can't see anyone I know of who is under 18 years of age (I don't know them all, but most), so is it some unwritten rule, or is this pure coincidence. Daniel Bryant 11:17, 30 March 2007 (UTC)[reply]

Why should this be a rule? {Slash-|-Talk} 04:34, 31 March 2007 (UTC)[reply]

Legal issues? Daniel Bryant 04:39, 31 March 2007 (UTC)[reply]

Ah, you can't sue people if they're under 18 for misusing checkuser. {Slash-|-Talk} 18:59, 31 March 2007 (UTC)[reply]

In some jurisdictions, parents are liable for the actions of their children. In any case, since Anthere added an age minimum (she's on the Board of Directors if you didn't know) I'd say it was a closed issue. Thatcher131 19:01, 31 March 2007 (UTC)[reply]

Just FYI: it's Board of Trustees (more common for non-profits, I believe), not Board of Directors. See foundation:Board of Trustees. Thanks! Flcelloguy (A note?) 20:44, 31 March 2007 (UTC)[reply]

Do Trustees have unilateral policy making power? Or was she doing this in the name of the Board? --jpgordon^∇∆∇∆ 23:30, 31 March 2007 (UTC)[reply]

Sam Korn had checkuser access last year (see User:NoSeptember/Functionaries), though I don't know whether he actively used it, and I believe he was under 18 then. Newyorkbrad 04:49, 31 March 2007 (UTC)[reply]

I suspect things are being tightened up, for various reasons. Thatcher131 19:01, 31 March 2007 (UTC)[reply]

Yes, I posted this before Anthere made her announcement, and it doesn't surprise me. I hope the younger editors who were applying for checkuser access won't be offended. Several have already said that they understand, which is a good thing, but I remember at least one person was very upset during last year's election that there was a minimum age for service on the Board of Trustees, which is an ironclad legal requirement of the Florida corporation statute. This is a rare and perceivedly necessary exception to what is otherwise a more egalitarian culture than can be found virtually anywhere else. Newyorkbrad 23:05, 31 March 2007 (UTC)[reply]

I can wait 2 years (I'm under 16); I completely understand. :-) —METS501 (talk) 01:41, 2 April 2007 (UTC)[reply]

Speaking as an "average editor" who has no desire to take on more ambitious administrative roles, but cares about the internal and external perceptions of power on Wikipedia, I am grateful to see a somewhat transparent process for seeking out trusted and responsible candidates for this sensitive role. I do sympathise with the members of the Arbitration Committee who are feeling uncomfortable with what appears to have been limited notice to them.

I'll be bold and suggest a possible next step. The ArbComm members can take the list of people who have voluntarily added their names, and make a shortlist based on things like community trust and the comfort levels of those on ArbComm - yes, this is subjective, but I am hoping the members will be willing to consider some of the less obvious candidates at this point. Then Round 2 of the selection process could take place, with only the shortlisted candidates, and done via email or other sub rosa forum. This might be in the form of a questionnaire to confirm knowledge of the required processes and policies, and a statement from the candidate as to why they should be considered, and how they expect to use this tool. These responses could be vetted by 2 or 3 members of ArbComm, a second shortlist prepared, and then the full ArbComm can discuss the proposed final candidates.

Having seen the impact on Checkuser when one or two people stop carrying out this task, I'd suggest that ArbComm seriously consider appointing several people to the role. Risker 18:34, 31 March 2007 (UTC)[reply]

We're taking this down; it was a mistake to do this in the first place, having not been well considered. This is totally without prejudice -- in other words, it does not in any way bear on the capabilities of those who have signed up. --jpgordon^∇∆∇∆ 20:49, 31 March 2007 (UTC)[reply]

• What does "this" (as used in "We're taking this down") mean? Aarktica 21:43, 31 March 2007 (UTC)[reply]

• • The request page itself. Flcelloguy (A note?) 21:48, 31 March 2007 (UTC)[reply]
    • Thanks for the clarification. --Aarktica 22:22, 31 March 2007 (UTC)[reply]
      • I'd like to add that many Free wiki sites allow you to experment with the tool, though I don't know which one. I also linked to this discussion in the header template, though. BuickCenturyDriver (Honk, contribs, odometer) 02:42, 1 April 2007 (UTC)[reply]