Thursday, January 25, 2007

On the purported abuse of checkuser

It has come to my attention that certain unscrupulous individuals are once again falsely accusing me of having abused checkuser. Allow me to set the record straight.

Date: Fri, 22 Sep 2006 08:06:30 -0700
From: Steve Dunlop
Subject: RE: Checkuser complaint from Slimvirgin
To: Kelly Martin
cc: Sarah, Brad Patrick, Anthere, Jimmy Wales, Michael Davis

In my role as "checkuser ombudsperson," my primary role is to review
complaints about the use of the checkuser feature that are potentially
in violation of Wikimedia Foundation's privacy policy. Since some
jurisdictions require websites to follow any privacy policy they
establish and publicize, the WMF takes such concerns particularly

The privacy policy states, in part, "Log data may be examined by
developers in the course of solving technical problems and in tracking
down badly-behaved web spiders that overwhelm the site. IP addresses of
users, derived either from those logs or from records in the database
are frequently used to correlate usernames and network addresses of
edits in investigating abuse of the wiki, including the suspected use
of malicious "sockpuppets" (duplicate accounts), vandalism, harassment
of other users, or disruption of the wiki." The policy then goes on to
enumerate those relatively more limited scenarios where log data may be
made public.

There is no evidence whatsoever that Kelly Martin has publicly released
data from the checkuser request at issue.

With regard to the Foundation's privacy policy, it is my conclusion that
Martin was indeed seeking to "correlate usernames and network addresses
of edits in investigating abuse of the wiki." Martin is a trusted user
and in the absence of any clear evidence that the data was obtained for
some other reason, we presume that Martin was using the tool for its
intended purpose.

In conclusion, no violation of the Foundation's privacy policy occurred.

Use of the checkuser tool is also governed by internal controls
enumerated at which
states, in part, "There must be a valid motive to check a user."
Responsibility for interpretation and enforcement of this policy lies
with each project, not the checkuser ombudsperson: "In case of abusive
use of the tool, the steward or the editor with the CheckUser privilege
will immediately have their access removed. This will in particular
happen if checks are done routinely on editors without a serious motive
to do so ... Suspicion of abuses of checkuser should be discussed on
each local wiki. On wikis with an arbcom, the arbcom can decide on the
removal of access."

It is up to Slimvirgin to decide whether to pursue remedies with the
ENWP arbcom.

Finally, I do note that Martin's unnecessarily colorful use of metaphors
is inappropriate for a dispute where Martin is in the position of
greater authority. Whatever frustrations Martin may have experienced
in her dealings with Slimvirgin, both users are trusted contributors to
ENWP and are deserving of each others' respect.

Steve Dunlop/UninvitedCompany

> -------- Original Message --------
> Subject: Re: Checkuser complaint from Slimvirgin
> From: "Kelly Martin"
> Date: Fri, September 22, 2006 7:20 am
> To: "Steve Dunlop", Anthere, "Jimmy Wales", "Michael Davis"
> Cc: Sarah, "Brad Patrick"
> I would like to see a statement from you very soon as to your
> conclusions in this matter, as people are using the fact that a
> complaint was made as proof that I misused checkuser. My resignation
> from enwiki is explicitly not related to Sarah's complaint, except
> insofar as her complaint is an outgrowth of the political infighting
> on enwiki that I wish nothing to do with. Given that Sarah is
> currently busily spreading rumors of my guilt through the
> backchannels, I think a public statement is required.
> Please bring closure to this so that Sarah will not be able to spin
> more nasty tales about me and further malign my character.
> I'm so unsurprised to see the Checkuser Ombudsman used for political purposes.
> Kelly
> On 9/21/06, Kelly Martin wrote:
> > On 9/21/06, Steve Dunlop wrote:
> > > In my role as "checkuser ombudsperson" reporting to the WMF board, I
> > > have received a complaint from User:Slimvirgin regarding a checkuser
> > > check you performed on her account on May 31, 2006. She says that
> > > there were no grounds for such a check, although she notes that she has
> > > been told third-hand that you were investigating a claim that her
> > > account had been compromised.
> > >
> > > Since you performed the check on your own rather than in response to a
> > > request at WP:RFCU, could you please share with me any relevant
> > > information you have regarding:
> > > a) the purpose of the check
> > > b) the results of the check relative to its purpose; i.e. did it confirm
> > > or deny whatever suspicions you had
> > > c) what information was divulged and to whom about the results of the
> > > check
> > >
> > > Thanks
> > >
> > > Steve
> >
> > Sarah can fold this complaint until it is all corners and stuff it
> > into an appropriate orifice, for all I care. I was already
> > interrogated by Ambi about this last night, and frankly I'm getting
> > tired of dealing with the sniping over this, which is pretty clearly
> > someone digging for dirt on me. The fact that she has sent at least
> > two different people at me to investigate this, rather than talking to
> > me directly about it, is especially bothersome. Sarah's close
> > connection with JayJG is well known, and I know that JayJG is
> > currently motivated to try to take me down; we have been in conflict
> > (which I have striven to keep private) for some time now.
> >
> > In any case, I don't recall the exact purpose of the check, it having
> > been several months ago, although my vague memory is that it had
> > something to do with behavior on her part which seemed out of place to
> > me. I don't retain any log of my checks unless they result in
> > "interesting" results, so this one must not have. Given that nothing
> > interesting was found, I am quite certain that no information was
> > disclosed to anyone. I did not retain a copy of the results.
> >
> > Kelly
> >


  1. You ran checkuser on someone you were in conflict with? Just exactly how stupid are you? Steve Dunlop should immediately be removed from his position as checkuser ombudsman.

  2. I was not in conflict with SlimVirgin at that time. The checkuser was run in May of 2006. Maybe you need to focus more on the facts, and less on the rhetoric.

  3. Running checkusers on someone you're in a conflict with? Have you ever met Jayjg?

  4. Oh, whee, another moron! Don't you people read?