Wikipedia talk:Arbitration Committee

Use this page to discuss information on the page (and subpages) attached to this one. This includes limited discussion of the Arbitration Committee itself, as a body. Some things belong on other pages: requesting arbitration: WP:A/R discussing finalised decisions of the committee: WT:ACN discussing pending decisions: find the proceedings page at Template:Casenav discussing the process of arbitration: WT:A/R

Shortcuts WT:AC WT:ARBCOM

Who can help? (solved)

Hi , i wanna ask you something. I dont know who can help me , but i want to talk about it with you. Maybe you can advise me something. We Kurds (Kurmanj[1] , Zaza[2] , Soran[3] ) have 3 wikipedia. There is an administrator in zazaki[4] wikipedia. He's doing abnormal things. He doesnt let zaza Kurd to write correct articles. He blocks users and the most important thing , He puts (copy-paste) same writing on many articles. He just tries to show that there are many new articles in Zazaki, but all are same. How can we stop him? I dont want him to mess up Zazaki Wikipedia? How can i report him? Can you please help me? What should i do? Have a nice time —Gomada 20:57, 29 June 2011 (UTC)

Gomada, I'm afraid the Arbitration Committee only has authority on the English Wikipedia and is unable to help you on other language wikis. You should try contacting another administrator on your home wiki. Hersfold ^(t/a/c) 22:03, 29 June 2011 (UTC)

Ok Hersfold , thank you for answer. —Gomada 12:57, 30 June 2011 (UTC)

Who is responsible?

See also: Wikipedia talk:Arbitration Committee/Archive 8 § Who is responsible?

Notification of this compromise to personal information

I think the discussions here are sufficient to conclude that the information that has been publicly leaked is genuine. There seem to be suggestions that still more information could have been accessed before the leak was plugged, so there may be more disclosures yet to come. Given that ArbCom receives private and personal information from editors and others, and may be privy to private information related to Wikipedia (alternate accounts, real names, email addresses, etc), it seems that it is incumbent on ArbCom and/or the WMF to alert editors that their personal information may be or may already have been revealed. I don't mean this in a legal sense, although I am not certain that the privacy laws of some countries would not come into play in this instance. The have been several high-profile data breaches recently and one of the lessons that should have been learned from those incidents is that it is important to alert users quickly to allow them to take whatever steps are necessary to protect their privacy and security.

Now that the barn door is locked and the horses bolted, it may be wise to let some people know that those unsightly horses that they thought were safely hidden away may be popping up in public places soon. At the very least, I would have hoped that there would have been a site-wide announcement by now. It should be fairly easy to send out a message to every account that has emailed ArbCom to let them know that those emails may soon become public. Legal issues aside, I think the WMF has a responsibility to minimize the damage that this leak may cause others. Delicious carbuncle (talk) 15:35, 26 June 2011 (UTC)

Click the "Reply to all" option in the Email sever? The Resident Anthropologist (talk)•(contribs) 17:34, 26 June 2011 (UTC)

I have absolutely no doubt that information leaked so far is genuine. Malleus Fatuorum 22:09, 26 June 2011 (UTC)

A site-wide message might be overkill and mistargeted (in particular, affected people may not be editing now, or ignore an unspecific message). But I would agree that it would be prudent (if understandably painful) to notify people who have emailed to the list, that their emails may become public due to a data-breach. Though this sort of thing should be run by staff counsel for the particulars of the message, so a short delay for legal review would be understandable. -- Seth Finkelstein (talk) 23:58, 26 June 2011 (UTC)

I haven't done a side-by-side comparison, but I'm not aware of any discrepancies. A message for the ArbCom noticeboard has been drafted and is awaiting approval. PhilKnight (talk) 00:00, 27 June 2011 (UTC)

That is a good start, PhilKnight, but what steps are being taken to directly notify editors (most of whom are unlikely to be watching that noticeboard) and individuals outside of Wikipedia who may have contacted ArbCom? Delicious carbuncle (talk) 11:53, 27 June 2011 (UTC)

Indeed, my personal impression is that of what's been published, any editing that has been done has been to remove "the boring bits". The majority of Arbcom-L traffic is substantially more mundane than what's been posted, being routine "can the last two of you vote?" or "I agree with that wording" or "Someone besides me want to respond?" sorts of things. I've not read everything posted, but I haven't seen myself misquoted yet. Jclemens (talk) 02:29, 27 June 2011 (UTC)

The only thing I've noticed is a few missing headers which make it unclear who is saying what. –xeno^talk 02:35, 27 June 2011 (UTC)

Legal action

If/once the intruder is identified, could the WMF be pursuing legal action against the responsible party or parties? Or is this not a possibility at all? I'm not familiar with the relevant U.S. and state laws, but would the WMF even be an involved party in this, and is Geoff Brigham going to make any statement about this soon? /ƒETCHCOMMS/ 01:18, 27 June 2011 (UTC)

Fetchcomms brings up an important point. I may have missed it, but if the WMF General Counsel, Geoff Brigham, has not yet commented regarding this illegal action, then he should be asked to make a statement to inform the community regarding the WMF legal position regarding this matter. I also feel that ArbCom deserves praise and support during this stressful period. Jusdafax 01:56, 27 June 2011 (UTC)

WMF has made Geoff aware of the situation, and we've been told there's going to be a big meeting on Monday on how to proceed. Jclemens (talk) 02:25, 27 June 2011 (UTC)

I can confirm that Geoff is aware. Beyond that, I don't know much. Philippe Beaudette, Wikimedia Foundation (talk) 03:48, 27 June 2011 (UTC)

ArbCom deserves praise and support?! Amazing. They've failed in one of their two fundamental duties, despite having the benefit of one lot of hindsight; and they don't even seem to understand what they've done wrong (or even that they have done anything wrong). These guys doubtless mean well, but they were way out of their depth here, and the complete lack of contrition displayed here by some of the most long-standing arbs is (or would be, if it wasn't what we've come to expect) really astounding.--Kotniski (talk) 06:36, 27 June 2011 (UTC)

Anyone can be hacked these days, my friend, even the US Government and the biggest corporations in the world... Considering none of the ArbCom members make a dime off their stressful, time-consuming work, my statement stands. I don't know you, nor your history, but I find it doubtful you are a past member of ArbCom. Do you think it possible, on reflection, that moderation and the key WP concept of Agf might be the path of wisdom? To put it perhaps a bit more harshly, your comment is less than helpful, at best. Jusdafax 07:21, 27 June 2011 (UTC)

As I say, they mean well - I'm not disputing their good faith. But it's not the fact they were hacked that I'm complaining about - it's the fact that they knew (or should have known) they were going to get hacked, and still carried on (and let others carry on) as if they weren't.--Kotniski (talk) 07:27, 27 June 2011 (UTC)

First of all, I'm very pleased that counsel is now involved. Second, what Jusdafax said. I agree entirely, and would add to it. My heart goes out, deeply, to those members of our community whose privacy has been violated. To those members whose privacy was not violated, but who are nonetheless taking shots at the Committee, please let me point out that there is a good supply of digital white space in this talk, where you may choose to post your user name, followed by your real life name, e-mail address, phone number, street address, and perhaps some additional information about your medical records, employment, and family members. If that doesn't ring your bell, then perhaps you will observe that the news is full of other organizations that have also been hacked in recent days, many of them no slouches with respect to security, and furthermore that every single one of our Arbitrators is an unpaid volunteer doing a rather thankless job. I've read some of the stuff that was leaked. There have been cases that I followed on-Wiki where I have wondered whether the Arbs recognized various things for the garbage that it was. I now know that they did. Good for you! In my personal opinion, the current members of the Committee actually come across very well in what I saw, although some past members and some non-members come across rather badly. In time, we are going to learn some things about how to make the Committee work better (pity that this happened just after the completion of the policy revision). But for now, the Committee deserves the community's understanding and support. --Tryptofish (talk) 13:58, 27 June 2011 (UTC)

I don't understand why you start by sympathizing (rightly) with those whose privacy has been violated, but somehow end by saying how much we should be supporting those whose collective complacency and incompetence (see multiple threads on this page) largely brought about that violation. --Kotniski (talk) 16:57, 27 June 2011 (UTC)

I promise you that I've read all those threads. With respect, if you still conclude "incompetence", then I have to agree with you that you do not understand. --Tryptofish (talk) 23:13, 27 June 2011 (UTC)

If your job description includes handling private information, then you're incompetent if you continue to invite people to send such information to an address which (from past experience and common sense) is known to have critical unresolved security issues. And it's not so much a criticism of the individuals (though one might have hoped that lightbulbs might have sparked in at least some of their heads), but of the system, which places important professional tasks in the hands of clueless amateurs.--Kotniski (talk) 10:53, 28 June 2011 (UTC)

Kotniski, your admirable frankness has unfortunately turned into personal attacks against ArbCom, whom we all elected. What good does your name calling these volunteers do?  Kiefer.Wolfowitz 11:05, 28 June 2011 (UTC)

Haven't you noticed - I haven't name-called anyone, and deliberately so. I have made no personal attacks, just an "institutional attack" if you like, against a Wikipedia institution that has seriously fouled up and deserves (for all our sakes, including its members') to be recognized clearly as having done so.--Kotniski (talk) 11:15, 28 June 2011 (UTC)

DMCA for emails?

Could one of you arbitrators issue a DMCA notice to Wikipedia Review? Nyttend (talk) 01:20, 27 June 2011 (UTC)

Does the Committee own the copyright? Or do the individuals who corresponded own copyright to the individual emails? In the first case, how did the committee acquire the copyright? In the second, wouldn't the individual senders be required to initiated the DMCA take downs? And then who gave the committee permission to archive the emails, and if the emails were licensed under terms open enough for the committee to archive and redistribute the emails, are you sure that Wikipedia review can't post them too? In the future, if an email is forwarded to the committee and the original sender DMCA's the committee, would the committee be willing to remove the email from the archives, would they even have the technical capability? Would DMCAing the emails attracted broader media attention? Would it do any good? The whole DMCA thing seems like an enormous can of worms that perhaps should go unopened. Monty₈₄₅ 01:34, 27 June 2011 (UTC)

I'm sure WMF is looking at all their options in this case. The Resident Anthropologist (talk)•(contribs) 01:37, 27 June 2011 (UTC)

• Attention all WR folks: About a million years ago, I Opposed one RfA based largely on the fact that the nominee was a WR regular. Many WR folks (some well-known and respected here) chimed in and said how valuable WR is. I was taken aback at the rush to defend WR. HERE IS YOUR CHANCE TO BE MATURE AND RESPONSIBLE. JUST DON'T LET ANYONE PUBLISH PRIVATE MATERIAL. delete immediately. Ban user who posts. That is the only adult thing to do, and the only ethical thing. All else is shameless, in the truest sense of the word. 'Nuff said.  – Ling.Nut 01:41, 27 June 2011 (UTC)

• That's just bollocks Ling.Nut. Malleus Fatuorum 01:53, 27 June 2011 (UTC)

I agree with MF, let's not over-react.--SPhilbrickT 15:15, 27 June 2011 (UTC)

Clarifying: I thought you calling for a ban (from Wikipedia) of anyone who posts (at WR). I now see you were talking more narrowly about the single person who was posting the ArbCom communications. Sorry, my intention was to avoid an over-reaction, and I may have inadvertently contributed to one.--SPhilbrickT 11:57, 28 June 2011 (UTC)

Breaking my rule for not using humor on Wikipedia discussions: Oh, please, please, send a DMCA notice to Wikipedia Review. This whole dull, dreary, tawdry, mostly downright boring event, desperate needs some fireworks and popcorn. I can think of little that would liven it up better than the prospect of some good old fashioned CENSORSHIP flames, where everyone can smugly rant STREISAND EFFECT !!!. The media narrative desperately needs to be changed, from "Evil cracker breaks into confidential archives, yielding only painful personal material and showing people trying to handle very difficult issues with laudable sensitivity", to "Wikipedia administrators try to cover-up embarrassing revelations, using legal threats, but they will be defeated by the forces of freedom on the Internet - wiki-wikileaks forever!". Yes, yes, critics everywhere will thank you for this, do it now, bloggers are standing by. -- Seth Finkelstein (talk) 02:08, 27 June 2011 (UTC)

^ ResidentAntropologist 03:00, 27 June 2011 (UTC)

• [5]  – Ling.Nut 03:23, 27 June 2011 (UTC)

←Baseball Bugs ^{What's up, Doc?} carrots→ 03:43, 27 June 2011 (UTC)

 Dislike Eagles 24/7 (C) 05:59, 27 June 2011 (UTC)

To comment on the legal merits: the WMF doesn't hold the copyrights to the emails, and the Arbitration Committee isn't a legal entity, so a DMCA request would be incumbent on the individuals involved. The emails definitely are not licensed for usage such as posting at WR. However I do not think that such a takedown action would be likely to be effective or expedient. Der Wohltemperierte Fuchs^(talk) 20:09, 27 June 2011 (UTC)

Seth is correct here (Not often that I'm going to say that). As of right now, this is getting no coverage or attention. If anyone tries to remove the material it is going to get a lot more. Just the way the internet works. JoshuaZ (talk) 01:12, 28 June 2011 (UTC)

Since I don't frequent any Wikipedia-related websites except for ones operated by the WMF, I saw the firestorm that's erupted here and misinterpreted it as an indication that this was already all over the Internet. Anyway, of course Arbcom doesn't hold copyrights; that's why I said "one of you arbitrators". Nyttend (talk) 11:40, 28 June 2011 (UTC)

Enquiries are continuing

At time of writing, we have not established the source of the data theft though our investigations are continuing. There is no reason to suppose that either Iridescent or Chase Me were responsible. In the meantime, the committee is looking at various options.  Roger Davies ^talk 14:05, 27 June 2011 (UTC)

Thank you all. Bearian (talk) 17:23, 27 June 2011 (UTC)

Just to make this crystal clear, there is no credible evidence at all to suggest that Iridescent or Chase were responsible, either directly or indirectly.  Roger Davies ^talk 17:40, 27 June 2011 (UTC)

So, Coren's statement "An investigation of the technical aspects of the leak have shown that the leak was mailed by arbitrator Iridescent's Yahoo mail account from a server located in Iran" turned out to be a misinterpretation or data falsification? Amalthea 17:43, 27 June 2011 (UTC)

Correct.  Roger Davies ^talk 17:46, 27 June 2011 (UTC)

More accurately, further review of the information that made it appear that the email came from Iri's email account showed that the headers were forged. SirFozzie (talk) 19:40, 27 June 2011 (UTC)

Which raises the question of why it was Iridescent's email that was was forged instead of, say, yours, and why the first revelations were a rather dull email exchange I had with Iridescent. There are definitely more questions than answers here. Malleus Fatuorum 01:25, 28 June 2011 (UTC)

Malleus: I can sincerely say I wish I knew. We're still working towards getting all the information we can here. SirFozzie (talk) 01:41, 28 June 2011 (UTC)

Are you saying there's no indication at all where the leak came from, and that therefore it may not have been plugged? SlimVirgin ^{TALK|CONTRIBS} 17:45, 28 June 2011 (UTC)

I'm not a big fan of ARBCOM, but...

It's fairly well known that I have deep seated concerns with ARBCOM as a general idea, and in particular issues with a number of the individual arbitrators and their actions. I'm also not totally against Wikipedia Review if it stuck to the goal of critical and hard analysis of Wikipedia (which it does occasionally - and heck we even manage to be an encyclopedia occasionally too.) Nevertheless the posting of prviate conversation, no matter that in certain cases it's rather low-brow stuff, is not a good idea. The posting of email addresses even less so. The posting of conversations involving real life threats (I understand now redacted) just bloody stupid. This is a tough time for a lot of people who give up a lot of hours to help Wikipedia for free, and for your resilience in this unfortunate episode I tip my hat. Pedro :  Chat  20:02, 27 June 2011 (UTC)

Well said, Pedro.  Kiefer.Wolfowitz 20:32, 27 June 2011 (UTC)

I think the threat posting nailed the sympathy backlash. ArbCom is coming out of this way ahead. -- Seth Finkelstein (talk) 22:02, 27 June 2011 (UTC)

Meh. I have similar feelings about that you do whoever released the info. And piling on arbcom wouldn't be productive at the moment, but I'm having trouble seeing anything worth giving them a two thumbs up attaboy.--Cube lurker (talk) 22:21, 27 June 2011 (UTC)

Yah. ArbCom's members as individuals may be among the victims here, but it is ArbCom (as an institution) that is largely to blame.--Kotniski (talk) 10:59, 28 June 2011 (UTC)

Especially since we're back to the very real possibility that one of the members is not the victim but the perpetrator.--Cube lurker (talk) 12:30, 28 June 2011 (UTC)

Let's not jump to conclusions about individuals - I don't think it's helpful to throw blame around when the investigations aren't over. The Cavalry (Message me) 21:47, 28 June 2011 (UTC)

Have you posted this in the right place? I'm (vaguely) supporting ARBCOM and you turn up to chalenge that, after months of absence and a cloud that you were the leak. Or can you not use indents?. Dear me. Pedro :  Chat  22:14, 28 June 2011 (UTC)

I believe Chase's reply is directed at Cube lurker. –xeno^talk 22:32, 28 June 2011 (UTC)

@Chase I'm not pointing fingers at individuals, that would be reckless. What I am noting is that although at one point it looked clear that it was an outside hack, we've now been informed on this page by a sitting arbcom member that it's now unclear and that and that an internal leak has not been ruled out. Question: Is ArbCom considering the possibility that one of its members deliberately chose to leak these e-mails? by Captain Occam. Answer: Yes, of course the committee considered that. If you read Coren's earliest statements about it, you see that it was our original assumption. In my view, it has not been eliminated as a possibility. We just don't know. by Cool Hand Luke.--Cube lurker (talk) 22:41, 28 June 2011 (UTC)

Good gravy, people. The mailing list software, as far as I know, doesn't have a good way to track what files were accessed by a particular user using a particular password. If you're out for blood, go here instead.

(I'm not a big fan of ARBCOM either, as an institution. I do respect the good intentions and hard work of the members, even though I can't understand why they would put up with what they put op with.) --SB_Johnny | ^talk 00:21, 29 June 2011 (UTC)

Do you have a reading comprehension problem? I said I've seen nothing worthy of praise, that's me, maybe you praise different things. Also not even arbcom members are sure if this was an internal or external leak. They've said that on this very page. How pray tell is that "out for blood"?--Cube lurker (talk) 00:55, 29 June 2011 (UTC)

Why has no notification of this data breach been sent out?

This current data breach was first discussed here on 23 June. It is now 28 June. Why have editors who have contacted ArbCom -- with the explicit assurance of confidentiality -- not yet been informed that that correspondence is now in the hands of unknown persons? When will editors be informed of this data breach so that they may take steps to protect themselves? Delicious carbuncle (talk) 00:14, 29 June 2011 (UTC)

This may be an attempt to avoid legal liability, since arbitrators hardly want to start sending thousands of emails which effectively say "Information we solicited from you with an unqualified promise of confidentially has been stolen due to our negligent transmission of the material and identification factors for accessing it in an insecure plaintext format, with no effort made to secure the computers from which the material was accessed, or real-life vetting of the people to whom access was provided. Please sue us." Arbcom may believe that the fewer people who are informed of this problem, the fewer lawsuits they will have to defend. Of course, this strategy might simply increase their legal liability, since a lack of proper notice to the people whose data was compromised could be considered tortuous in its own right. 71.131.18.216 (talk) 00:38, 29 June 2011 (UTC)

Agree. MaliceAforethought's motives are completely opaque at this point. Unless there are strong reasons to believe he is acting alone, hasn't privately passed anything off to anyone that hasn't been already posted on the Wikipedia Review, and won't do so in the future, everyone who could potentially be harmed needs to be fully informed. TotientDragooned (talk) 02:04, 29 June 2011 (UTC)

And info to other AC #Communication to avoid similar thing is bare minimum Bulwersator (talk) 03:45, 29 June 2011 (UTC)

Thump thump thump...is this thing on? Hello Arbs? Hello WMF? Can anybody hear me out there? Delicious carbuncle (talk) 16:37, 29 June 2011 (UTC)

There is no feasible way to email everyone who has emailed us in six-plus years. I'm not sure what you imagine, but there's no "reply to everyone who has ever posted to this list" option. Der Wohltemperierte Fuchs^(talk) 16:54, 29 June 2011 (UTC)

Surely someone on the Committee, or at the Foundation, has the technical savvy to write a script that harvests sender email addresses from the archive? If not, I'm sure many third parties familiar with Mailman would have been happy to help you write such a script had you asked.

It's been almost a week now since an explicit assurance of privacy extended to "editors and non-editors with no relation to the Committee" was violated. It's not directly your fault, but it is your responsibility to do anything possible to minimize any "negative consequences." I'm dismayed that the Committee has been so slow and cavalier in responding to this severe breach of private information. TotientDragooned (talk) 18:19, 29 June 2011 (UTC)

Good question, DeliciousCarbuncle. After a third party gave a heads up I wrote to the Committee to inform them that I laughed it off for my own part, also to suggest that would be a good idea for them to become more proactive about acknowledging the breach. They haven't responded via email either. Durova⁴¹² 19:03, 29 June 2011 (UTC)

Just going to note Fla. Stat. § 817.5681 which covers data breaches in Florida. This was discovered six days ago thus still have 29 days to make such notifications. I assuming here Florida law is applicable since the severs are there. Note: I am not lawyer The Resident Anthropologist (talk)•(contribs) 19:17, 29 June 2011 (UTC)

Did you read the definition of personal information? Monty₈₄₅ 19:25, 29 June 2011 (UTC)

RA, I'm not a lawyer either - and I understand your concern - but having read that, it seems to only apply where a name is leaked in combination with either

1. Social security number
2. Driver’s license number or Florida Identification Card number
3. Account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account"

I'm not sure how many users that applies to, but I imagine it numbers in the single digits. The Cavalry (Message me) 19:27, 29 June 2011 (UTC)

Speculation about which laws may apply from those not well-versed in this area is unhelpful and also misguided. The WMF should be notifying the people who may have been affected by this so that those people can take whatever steps are necessary to protect themselves, rather than to meet the requirements of the law. By not doing so, the WMF may be compounding the harm done to people. Delicious carbuncle (talk) 19:30, 29 June 2011 (UTC)

Exactly. The Committee has a moral obligation to warn those whose real names, home addresses, name of family members, employers, etc have been leaked, independent of any legal obligations the Foundation might have. Especially since, up until very recently, people were assured in no uncertain terms that this information would be kept safe. TotientDragooned (talk) 19:49, 29 June 2011 (UTC)

David Fuchs, I imagine that "it is hard" is not a response that most people would accept from a group that expects to be taken seriously. Perhaps I should be asking the leaker to send out the notifications instead? Delicious carbuncle (talk) 19:22, 29 June 2011 (UTC)

"It is hard" may not be an acceptable reason for not doing anything, but it is an acceptable reason for not taking rash action immediately. It might be that the right thing to do is to harvest email addresses from the archive, but even if one ignores obvious questions, it isn't something that can be done in minutes. Some questions occurring to me in just a couple minutes of thought:

• what if someone emailed one arb, and they cut and pasted the body of the email, but did not include the email hear? Are they a second class citizen (if you undertake to notify everyone, you have to think how to notify everyone)
• what do you do about people whose email isn't current, and you have a private notice of their updated email?
• what do you do about people whose email isn't current, and you don't have a private notice of their updated email, but you know someone who might?
• what if an email address is in the body of an email, but isn't someone who sent an email, should that be included?
• what about email addresses of cc:, people who received email but may not have sent email?
• what about people named in emails, but who did not send emails (arguably, these are even more important that those sending emails)
• what if you have an answer for every one of these points, but a dozen arbs have differing answers - how long does it take to sort out?--SPhilbrickT 19:47, 29 June 2011 (UTC)

Sure, it may not be possible to warn everybody immediately. But notifying all senders to the list is a 90% solution and a proactive first step. If part of the sidewalk caves in, you cordon off the area and post "DANGER" signs all around: you don't twiddle your thumbs for 6 days under the excuse that warning signs wouldn't help the blind, illiterate, and non-English speakers. TotientDragooned (talk) 19:58, 29 June 2011 (UTC)

To suggest that we're twiddling our fingers and/or doing nothing is fundamentally incorrect, to the point of being insulting., We are not only working on what happened, but how to prevent it from happening again, and any way we can minimize the effect this theft has on people who emailed the Committee in confidence. We're working with the WMF to do a full level review of every protocol we use to access data, to determine what we can change going forward. Everyone seems to think because the Arbitrators aren't spending their every moment here on WP trying to answer questions and jump through every hoop, we're slacking off and laughing about this. We're not. We're doing a lot that is not seen. Also, for those who have devoted their every post here to criticizing the job we're doing.. I cordially invite you to run in December when the next set of Arb elections are being held. I can sincerely say I don't want this to ever happen again, but I can also say with the most sincerity that no one understands how much stuff goes into doing this job sometimes. SirFozzie (talk) 21:21, 29 June 2011 (UTC)

You might not remember, but some of us did try to run last December, but the candidature was sabotaged by the existing arbcom and Jimbo because the candidate said he did not trust your security and confidentialy, not looking so fucking paranoid now - am I? Giacomo (talk) 21:53, 29 June 2011 (UTC)

The only one who sabotaged your candidacy Giano, was yourself. There's not 1 rule for you and one rule for everyone else. You decided you weren't going to identify to the WMF or any of the other steps that are required for an advanced position. That was reflected in the votes you received. SirFozzie (talk) 22:40, 29 June 2011 (UTC)

The fact that it was made clear that he would not be appointed even if he would get enough votes, may have made people to not vote for him. Also there may have been editors who decided not to run because of this rule. I think one has to seriously reconsider this issue. Count Iblis (talk) 22:25, 29 June 2011 (UTC)

If you want to "reconsider" identification to the Foundation, talk to Jimbo and the WMF. I doubt you'll get anywhere mind you. It's their requirement.. SirFozzie (talk) 22:40, 29 June 2011 (UTC)

• No! Jimbo made it clear (mid-election) on his page at the time that he would not accept me. He wanted everyones names and I said anyone who gave their name was taking a risk and security was inadequate. The entire arbcom and Jimbo assured the community that that was not so. It seems they were quite wrong and I was quite right. Doesn't it? Giacomo (talk) 22:18, 29 June 2011 (UTC)
  • As I stated on my talk page, you did not have to identify to your fellow arbitrators (had you been elected).. you would have to identify to the Foundation (which is their requirement). I know of at least one arb on the list who never gave their name to the rest of us.. so if you still want to joust at that windmill, please go to Jimbo and the WMF. It's not an "arbitrator rule" it's handed down from the foundation. SirFozzie (talk) 22:40, 29 June 2011 (UTC)

SirFozzie, I have no doubt that there is a great deal of activity going on in several areas right now as a result of these leaks and my questions were not intended to suggest that people are not working diligently to address the security situation. That said, however, the current or future security of ArbCom communications is separate from the simple fact of the data breach. While people will likely want to know what is happening in these areas once they learn that their emails and/or personal details have been leaked, there is no excuse for delaying letting people know what has happened. Delicious carbuncle (talk) 22:15, 29 June 2011 (UTC)

Yes there are:

A) Sending an email that says "Hi, this is just a message to let you know an unknown attacker found an unknown way into arbcom-l and has apparently absconded with the lot.. and is posting bits of it at a time on an off-WP site" doesn't really say much, does it? Kinda asks more questions then it answers, right? What we're trying to do is get more information (and to put some changes into play with what is kept, how it is kept, etcetera).. so we can tie it up in a package and say "To the best of our knowledge, THIS is what happened. This is how we believe it happened, and This is what we're doing to prevent such issues in the future." That's not a simple task.

B)Then, once that is done, to contact everyone we'll have to go through approximately 60 months of archives and strip all email addresses out archives that in some cases, aren't readable by machine script (I can think of a couple arbs who send/sent their emails in HTML, which screw up archiving/formatting something fierce), send our findings, and then deal with the tsunami of email bounces from no-longer working addresses, addresses that might have been re-assigned, etcetera. I don't even know who would be responsible for that email, the WMF? The Committee as a whole? Individual Committee members? That's a question that needs to be answered, and I'm not sure it's one that can be answered even at my "lofty" pay-level.

To put it in simple terms, we're trying to walk before we run. We don't want to do things that will later be judged as incomplete (just look at previous statements from us as we try to figure out how this happened as we acquired and in some cases discarded information that we determined that had been forged). I know this is intensely aggravating and frustrating for onlookers. All I can say, is if you think it's aggravating and frustrating, you should try living our lives the last week or so. SirFozzie (talk) 22:40, 29 June 2011 (UTC)

With all due respect, I believe that it is incumbent on you to let people know what has happened inasmuch as it may effect them, even if that means admitting that you do not know the details of how it happened yet. Tell people what you do know (that their email addresses, personal information, etc) may be out in public view and let them take whatever steps they feel are necessary. I am sure they will have questions, and I am sure many of them will want to know how you will prevent this from happening again, but since you don't have those answers and may not have them for some time, for the time being just direct people to a page that will be updated as information becomes available. There is no question in my mind that the WMF owns and manages the servers and should be the one sending out these messages. I understand that there may be some minor technical hurdles, but the WMF has a very capable technical team which I am confident will be able to address those challenges. You have my sympathies, SirFozzie, but you seem more interested in finding reason not to do this than you are in accepting it as a responsibility. Do you agree that ArbCom/the WMF has an obligation to notify people about this data breach? Delicious carbuncle (talk) 02:57, 30 June 2011 (UTC)

I don't know how many people have corresponded with ArbCom over the years but it probably runs into hundreds if not thousands. Many of these came with utterly innocuous "How do I"-type enquiries; some with Wikipedia concerns; others are very scary people indeed, issuing death threats and so forth.

Practical considerations apart, I would not be averse to notifying all correspondents about the data theft. It seems to me though that this alone is ignoring the elephant in the room. The obvious fallout to which correspondents should be alerted is that their details will be plastered all over Wikipedia Review and they may be also subjected to grave-dancing/wild speculation etc there. One immediate precautionary action that correspondents can take is to contact Wikipedia Review moderators/owners and ask that their details are not published (or if already published be immediately redacted/anonymised) or to ask individual members there please not to call for further publication. This though is easier said than done as the moderators/owners of Wikipedia Review appear reticent to publish their names/email addresses and a similar veil of secrecy seems to cloak the identity of many of those individuals calling for more stuff to be published.  Roger Davies ^talk 03:50, 30 June 2011 (UTC)

You can make all the notifications you want, Roger. I will not be doing so for 2 reasons: 1) Notification is a matter of law, as described above, and WMF counsel have not advised ArbCom to do any such thing. 2) ArbCom is not a legal entity, while the WMF is. Taking a step as an individual (or non-legal entity group) that a legal entity may or may not be required to do would muddy the relationship between ArbCom and the WMF, and possibly create novel legal liability for the person making such notification, by assuming the role of a legal entity. It would be nice if it were a simple matter of "doing the right thing", but the creation of legal obligations by statute overrides the moral imperative which would normally govern such a situation. Jclemens (talk) 04:35, 30 June 2011 (UTC)

Fair enough thogh I was talking hypothetically.  Roger Davies ^talk 07:17, 30 June 2011 (UTC)

Jclemens, that last post of yours was unbelievable. You won't notify because it may or may not fall into the narrow class in which someone must notify? Bloody nonsense. We talk a lot about good faith here on Wikipedia, but it strikes me as extreme bad faith indeed to refuse to take steps to help editors protect themselves (as Roger suggested) on the slim chance that someone else might be required to do a similar thing at some point in the future. You're casting round for excuses not to tell people that ArbCom has failed to protect their data. If it's really so hard for ArbCom to find out who has been in contact with it, at least put up a sitenotice. DuncanHill (talk) 09:18, 30 June 2011 (UTC)

You're entitled to think I should care, but I really don't. The mailing list and archives existed before I was elected to the committee, are maintained on WMF servers and various lists in question are distributed to a group of 19 people (Arbcom+Jimmy), have who knows how many missing patches, system administrators, potential backdoors in the infrastructure for ease of offsite administration... I have no power to fix security, so I simply don't lose sleep over it. I find that my comments and those of my friends and colleagues on the committee have been released, and I'm disappointed but not surprised: the security was not hardened to withstand dedicated attackers, and it apparently didn't. Big surprise. Now, I am chagrined that other people's secrets are out there, because the biggest of the two reasons we do stuff off-wiki is privacy (the lesser of the two being candor), and years of efforts that made arbcom look slow and wishy-washy while we negotiated quiet retirements--or tried to--and other de-escalation and face-saving measures are essentially shattered. But privacy and security are not the same thing. To the best of my knowledge, there has been no privacy breach, in the sense that no one authorized to have the information has shared it inappropriately. Instead, we have a security breach, where (again, speculation) someone without authorization to the material has gained access to all or substantially all of it. If it was a leaking arb, however, I would still not be in any position to assume liability for someone else's misdeeds. Even having said all that, the nail in the coffin of elective notification is legal liability. I am not an officer or director of any body. I have no legal standing as part of ArbCom--I can't make legally binding statements, but more importantly I'm not covered by any WMF liability insurance. If you want me to take on novel legal risk to do the right thing, then you can pony up for a professional liability policy for ArbCom. Under those circumstances, when we cease to be simply elected volunteers who don't own the clubhouse, and start to be officers or directors with actual legal standing and legal obligations, I'll be singing a different tune. Actually, I wouldn't, because I almost certainly would not stand for election under those terms. Thus, there's discussions here, but I'm not going to take any action that looks like I'm behaving as if I had an obligation to anyone for anything in this matter. I will continue to do my job as an arb, which has nothing to do with computer security obligations, and wait for the server owners (WMF) who have their own legal counsel advising them of their obligations to take appropriate action. I've already been asked to do way more and different work than I thought I was getting into when I decided to run for the committee, which I've done without complaining, but I am absolutely not going to step in the way of whatever lawsuit or regulatory action may arise out of this mess, not-of-my-making. Jclemens (talk) 07:19, 1 July 2011 (UTC)

When's your term up? DuncanHill (talk) 13:12, 1 July 2011 (UTC)

Good grief! In future elections, I, for one, will be more likely to support current members, not less. And I will be pretty likely to oppose anyone who runs on a platform of criticizing the incumbent Arbs instead of whoever turns out to be the leaker (unless an Arb is the leaker, of course). --Tryptofish (talk) 16:53, 1 July 2011 (UTC)

"aren't readable by machine script" - sorry but it is untrue. It can be read by script - maybe it requires more than 2 minutes to write it but it is possible. I hope that information from AC unverifiable by me is more true Bulwersator (talk) 04:16, 1 July 2011 (UTC)

Clearly, it was a mistake to delete my official WikiLeaks page here on Wikipedia. By having a WikiLeaks page on Wikipedia, one can make sure that leaked information is presented according to some appropriate rules. Count Iblis (talk) 18:23, 29 June 2011 (UTC)

A polite tap on the shoulder

It would be a good first step to compose a simple form letter for reply to the individuals affected by this leak who find out about it through other means. A week has passed since the Committee learned about the hack, two days have passed since I wrote to the ArbCom list, and a day after commenting at this page about the lack of response. The very least they could do is send back a "We received your email." They haven't even done that much. The the thing that leaked was mean-spirited but kind of cute--worth a chuckle. Other people who got targeted might not share the good humor, and it would try the patience of anyone to get the brush-off after being insulted. Consider those other people, please, because from that vantage it is very easy to construe the arbitrators' posts to this talk page as being something less than sincere. It would help to extend basic courtesy outside of watchlisted pages. Durova⁴¹² 17:12, 30 June 2011 (UTC)

Unless I am misreading Jimbo's comments on his talkpage (specifically this one and this one), it seems that this is being cast as not a WMF problem. I can only assume this rather odd position is being staked out for legal ass-covering reasons. I will stop asking when notifications will be sent out as clearly none will be forthcoming except to meet legal obligations. Arbs, you have my sympathy. Delicious carbuncle (talk) 02:28, 1 July 2011 (UTC)

Structually, as a position, that would be very consistent in terms of what the WMF has always maintained as legal stance: Nobody home, err, I mean, it's a community issue. From a realpolitik viewpoint, it's hard to fault this. I think the thing to ask now is if the WMF Staff Counsel would be willing to make a public comment on the matter. -- Seth Finkelstein (talk) 03:11, 1 July 2011 (UTC)

Thanks for the replies, guys. So how about the situations where an editor learns about this through some other means, and it's the editor who contacts ArbCom? Do you think the rationale of non-notification goes so far that now they don't even acknowledge receipt? In the early threads on this page there were some gracious posts about the hack, especially from Coren. Durova⁴¹² 04:04, 1 July 2011 (UTC)

Ironic, since one of the leaks shows the former WMF Counsel getting quite involved in "community" matters. 75.23.46.157 (talk) 04:07, 1 July 2011 (UTC)

Yes, and look how well that went :-) -- Seth Finkelstein (talk) 05:14, 1 July 2011 (UTC)

I don't believe anything I've been told so far, and I doubt anyone else does either. I would like to see some rational explanation of why the first revelations were a fairly boring exchange of emails between me and Iridescent. Malleus Fatuorum 04:11, 1 July 2011 (UTC)

Could it have simply been recency? That is, it was just one of the most recent threads, so that's what caught the cracker's eye for the initial post? Or recency combined with some interest in Iridescent? -- Seth Finkelstein (talk) 05:14, 1 July 2011 (UTC)

Jimmy will be making an announcement on the BBC radio4 news today between 1730-1800 regarding privacy. According to the prequel yesterday his line will be "ROFLMA privacy is gone, get over it, and suck it up.". John lilburne (talk) 06:53, 1 July 2011 (UTC)

Malleus, here's a guess: ArbCom has spent a long time rushing from crisis to crisis and any organization that spends a lot of time putting out fires is not going to plan ahead very well. Their privacy safeguards were substandard and they had no contingency plan for how to respond to a hacking incident. Now their first priority is to cover their tracks. As for why you got singled out, the easiest way to look at a data dump is to search for key terms such as specific usernames. Durova⁴¹² 15:42, 1 July 2011 (UTC)

All information becomes public sooner or later

All information becomes public sooner or later, unless it's deleted, because there is no such thing as perfect security. The arbcom list and archives are only as secure as the weakestly secured list member. When the number of list members is more than a few, info sent to this list is likely to be publicized quickly, even if the software is upgraded. What's the point of a confidential list that isn't? Truely confidential matters could be sent to WMF counsel, where a small number of people with professional security can keep the info confidential longer on average and hopefully have the good sense to delete things that are no longer needed.

From what I've seen much of the secret list contents is just gossip. It would be beneficial to move these discussions into the open.

For the above reasons, I hereby nominate the ArbCom list and archives for deletion. (Stop using them, and take them offline. WMF counsel can keep the archive.) Jehochman ^Talk 10:21, 1 July 2011 (UTC)

• Strong support. This can't be kept securely, and every year when new Arbs arrive, it poisons the well against editors who've been gossiped about. I know that several editors have been asking for years either that this be deleted, or that portions of it be sectioned off and moved, so that new people don't continue to gain access to old discussions. SlimVirgin ^{TALK|CONTRIBS} 17:06, 1 July 2011 (UTC)
• Strong oppose The Archives are units of collective memory that are an essential resource for future cases and researchers. I would support moving them into a more secure location but deleting them would be more detrimental in the long term and likely have unforeseen consequences. The Resident Anthropologist (talk)•(contribs) 17:33, 1 July 2011 (UTC)

  Moving the archive offline is what I suggested. The other half of the problem is the ongoing mailing list. With near certainty there are several Arbs at this very moment using Windows who have machines compromised by malware. Virtually every Internet connected Windows machine has malware. These machines are not secure. Antivirus software is a joke. In the best case, AV detects just 30-40% of infections, because modern malware is polymorphic. Nothing confidential should be emailed to any Arb. There are no controls in place to assure security. Until there are (which might never even be feasible) ArbCom shold stop misleading people that corresponence will be kept secure. Post all business on wiki, or take it up with WMF office if matters need to be kept confidential. Jehochman ^Talk 18:11, 1 July 2011 (UTC)

• (edit conflict) At this point, I'm ambivalent about the proposal as a whole (the preceding two comments summarize well what the pluses and minuses are), but I'm quite interested in the idea of making a clearer line between what the Committee should do, and what should instead be sent to WMF counsel. I think the silver lining in this awful leak business is an opportunity to look constructively at ways to better define ArbCom's role, by removing tasks to which they may perhaps not be well suited. (Offhand, what stands out to me is doing investigations, and doing human resource management things.) --Tryptofish (talk) 18:15, 1 July 2011 (UTC)
  • Funnily enough, "investigation" was specifically part of the committee's scope under the original Arbiration policy. I wrote it out in the new version. That said, the committee as a whole has rarely investigated anything though individual arbitrators have done so. Critical examination - which does sometimes involve many one's own enquiries - is important simply because what somebody says is not necessarily true and some degree of corroboration is sometimes necessary.  Roger Davies ^talk 18:35, 1 July 2011 (UTC)

(od) In response to both your posts, Jon, security issues aside, the WMF is deliberately moving further and further away from with wiki internals as it could jeopardise their legal status. (They host around 5000 wikis now, and counting). People do seem to think they're prepared to get hands on, nothing could be further from the truth. And, I suppose, custofy of the archive implies some sort of fiduciary care in respect of its contents. While there is a load of dross in the archives, there is also useful stuff to aid detection of the various crazies who return time and time again.  Roger Davies ^talk 18:21, 1 July 2011 (UTC) PS: This is not a wriggle but where has anyone said that the data is specially secure?  Roger Davies ^talk 18:24, 1 July 2011 (UTC)

5000 wikis? Surely you meant 1000 (which would still be overshooting the actual number, which is about 850). --MZMcBride (talk) 20:20, 1 July 2011 (UTC)

I actually meant 500 (the last actual figure I heard was 491) but thanks for picking it up and the update.  Roger Davies ^talk 20:25, 1 July 2011 (UTC)

Ah, fair enough. There's a fairly nifty page at Special:SiteMatrix that tracks nearly every Wikimedia wiki (with a count at the bottom). :-) --MZMcBride (talk) 20:27, 1 July 2011 (UTC)

Thanks! Book marked.  Roger Davies ^talk 20:37, 1 July 2011 (UTC)

• (e/c)Strong support for Jehochman's proposal. I guess the archives of a mailing-list are not deletable through WP:MfD, so let's have an RfC on the matter. Slim's point about the archives poisoning the well against our notorious gossip-targets every time new arbs come in is enough reason to delete those archives. (Even though I'm credibly informed by my friend Deep Throat that the only thing new arbs are likely to search the archive for is comments about themselves. A refreshing touch of fallible humanity there!) Anyway, please take the monster off the internet and leave it on WMF's doorstep; perhaps they can be persuaded to take it in. A minor point: no doubt arbs and functionaries will hang on to archived e-mails that they have a more personal interest in. I don't blame them, I'd do the same. But in case some of them are as klutzy as I am with their personal security, I suggest sending them to boot camp to learn the essentials about protecting their computers. @Resident Anthropologist, above: I don't think there's enough anthropology in your argument. The collective memory of Wikipedia resides in the History tabs — the remarkable way we keep everything (with some minor exceptions) that was ever posted here. Analysing those would be a lifetime job for some crazy researchers, and far more susceptible than the Arbcom Gossip Archives to juicy conclusions as well as to breaking down in various statistical ways. Bishonen | talk 18:29, 1 July 2011 (UTC).

Jehochman, I largely agree. A revolving group of 18 is far to big to keep secure. I would like ArbCom to conduct the bulk of its business on a publicly-readable list.

That said, there is a need for discussing CU and any genuinely-private user-submitted information related to on-site disputes (which is not the domain of WMF GC). I am interested in your thoughts on how it can be handled; if you have no process, arbitrators will simply email each other directly about it, which does not promote transparency or collegiality. My current thought is that ArbCom can be divided into a small subcommittee (perhaps 3) who would have access to this information and make public reports of it for ArbCom (and the community) at large. As I imagine it, this subcommittee would not be allowed to vote on committee matters, but could participate in the public list discussion. I would expect such people to be publicly identified, and perhaps better known by WMF.

This is just my current idea, but I would be interested in alternatives. Cool Hand Luke 19:09, 1 July 2011 (UTC)

I don't think having a private e-mail archive is really problematic, per se. The issues are (a) that the list and the ArbCom wiki are very regularly used for matters that are not private; and (b) ArbCom's scope is so ill-defined that a lot of matters that should be referred to Wikimedia/OTRS/another venue/the trash have not been. I think both of these problems are fairly easily solved. --MZMcBride (talk) 20:20, 1 July 2011 (UTC)

Yes, we do get items that should really go to WMF, OTRS, on-wiki, or the trash (particularly the last two categories). My issue is that most of the traffic on the list doesn't really need to be private. On the other hand, perhaps a concentrated list of private information would only make the content more vulnerable. Cool Hand Luke 21:01, 1 July 2011 (UTC)

• The discussion of the mailing lists also relates, in a much broader sense, to the essence of the Committee itself. When one looks at the major issues that the Arbitration Committee has faced, these are almost invariably related to a lack of communication within the committee rather than too much communication. I agree that 18 arbitrators is too many (that was the community's idea, and I don't think anyone who's ever been on the Committee supported it), but there's nobody on the current Committee whom I'd exclude, as every voice has made a difference and brought a valuable perspective to just about every issue that the Committee has addressed in my 2-1/2 years on it. And I think my colleagues are fooling themselves when they say that archives aren't useful; almost every issue we've discussed this week that doesn't revolve around the mailing list has involved some review of archival material, with the exception of "fresh" unblock requests. Even some of them have had us looking at past emails to see that "oh, we reviewed a request from XX three months ago, turned it down because of XXX" or the like.

  I agree that we need to find a method to cull useless stuff from archives - and that would make up the overwhelming majority of correspondence in the archives right now; the data thief hasn't bothered to share that publicly as it devalues what few "interesting" things he can pull out and edit into his chosen format. In an ideal world, we'd have the appropriate software to identify what does and does not need to be kept, and for how long; and would also have some ability to export what information should be retained to a more secure environment in an effective manner - depending on humans to do this is unworkable, we have tried various logging processes during my tenure but they are all too labour intensive to be sustained. (I can think of about a dozen other features I'd look for in mailing list software as well, but we'll stick to archives.) I understand the concerns about "poisoning the well"; however, most of the time another arbitrator will follow up with a different interpretation or will correct an erroneous statement. Let's be realistic though, the majority of people who are spoken of in a negative way on the mailing list are people who are being considered for sanction, which by definition means that there is something negative to say about them - and past history is a significant determinant in sanctions anywhere in the project. (Blocked editors are blocked longer for repeat violations, and so on.) I'll just remind everyone that you're reading highly selective excerpts from the archives, many of them out of context, and several of them very incomplete. Risker (talk) 20:02, 1 July 2011 (UTC)

Allegedly there is a private Arbcom wiki with dossiers on sanctioned/problem users... isn't that a better place to organize histories of unblock request (without needing to keep non-germane private information about those users around) than the mailing list? TotientDragooned (talk) 20:19, 1 July 2011 (UTC)

It's listed at Special:SiteMatrix. Yes, it is a better place but it doesn't stop people sending stuff to arbcom-l though. The problem there is not so much that it's been sent but that there's no easy way of removing stuff from the archives once it's there.  Roger Davies ^talk 20:37, 1 July 2011 (UTC)

TotientDragooned, you're correct that in an ideal world, that information would be transferred to the appropriate "dossier" on the arbitration wiki; however, as we all know, wikis are good for retention, but not very good for timely discussion, unless one is logged in all the time to them and constantly refreshing the relevant page. The key is finding effective ways to transfer the information from the discussion platform (mailing list) to the retention platform (wiki) without needing to task someone to devote most of their volunteer time to move information back and forth, summarizing threads and so on. We did try that in my first year of the committee, and it took hours and hours a week. I don't think anyone has ever volunteered to be an arbitrator so that they can spend their hours archiving information. And I say that knowing that even before this episode, I'd been actively working with the WMF on the archives and mailing list software, and had already planned to spend a lot of time on the issue this summer; it was my personal objective before my term was over to address this issue. Please believe me that I really do understand a lot of the concerns that have been expressed, because I share them. Risker (talk) 20:44, 1 July 2011 (UTC)

Possible solutions for ArbCom to consider:

1. Appoint a small number of custodians to hold and access the archive. Giving 18 people access creates way too big an attack surface.
2. Do not distribute or retain any unnecessary confidential info. If people blab about their mental illness, real name, home address, or other irrelevant details, redact it immediately. The existing archive is poluted with such info and should be taken offline until it can be expunged.
3. Warn users that there is no such thing as perfect security. If you have a very sensitive issue, email an individual Arb and ask them to delete the message after reading, or call them on Skype. The relevant info can then be extracted, sanitized and summarized for the rest of the committee. Decentralization avoids creating a juicy target that is worth expending a lot of resources to crack.
4. Conduct routine business in public. The stuff will leak anyways. Taking away the secrecy would be a real buzzkill for the hackers and dramamongers.
5. Yeah, the archives have utility to you, but they have disutility to the people who's privacy is violated. You serve us, not the other way around.

Thanks for reading. Somebody organized could turn this discussion into a proper RFC. Jehochman ^Talk 20:56, 1 July 2011 (UTC)

Jehochman, I'm afraid we've not made ourselves understood. We are unable in any way to alter the archive other than deleting it all or keeping it all. This is the limitation of the Mailman software provided by the WMF. The community has made it very clear, in the wake of the Cyberstalking list, that they have no tolerance for discussion of project-related matters on non-WMF platforms, and in any case the Committee has no financial resources to move to an off-WMF platform. We've already recommended to the WMF that we think a change in software for private mailing lists is an essential part of addressing any concerns about retention of private data, as well as personal information and confidential information which is every bit as sensitive to the individuals involved. Emails to individual arbitrators is not an effective method of reaching the Committee, and is entirely dependent on all of us being on call 24/7 for a volunteer position; needless to say, that is not even remotely reasonable. Risker (talk) 21:13, 1 July 2011 (UTC)

_{Waits for big acrimonious debate over premature proposal in the wrong venue.} The more things change, the more they stay insane. Durova⁴¹² 21:21, 1 July 2011 (UTC) (remembering why my volunteer time now goes to a different charity)

• In addition to what Risker said, such a prohibition is bigger than a local consensus RfC is appropriate to handle. WP:ARBPOL was just updated, after a rather complicated referendum. While that was three years of cumulative changes and updates, I would say that such a proposal is a bigger change than that. Again, while we're going to try to do things as best we can, we're 1) stuck on WMF infrastructure, and 2) have no direct ability to change that, so we'll work within the framework we're given, and try to do our policy-mandated job while respecting as many of the community's preferences as we can, again, within that framework. Jclemens (talk) 22:29, 1 July 2011 (UTC)

Risker, I don't know why you mentioned the cyberstalking list. That was a private list, not hosted by the Foundation (and nothing to do with the Foundation), and it also used mailman, but didn't keep archives.

If the only way to get rid of the objectionable material is to delete the archives, then that's what must be done. Alternatively, you could hand them over to the control of the Foundation and remove access to them by others. But the current situation can't be allowed to continue, for all the reasons that people have been pointing out for years. A simple fix: (a) hand over archive access to the Foundation by closing the mailing list; (b) open a new mailing list until a more permanent fix has been decided; (c) don't switch on the archive for the new list; and (c) conduct almost all of your business onwiki. SlimVirgin ^{TALK|CONTRIBS} 22:48, 1 July 2011 (UTC)

Regarding the issue of deleting a message from mailman archives, could you please elaborate on the problem? I did a quick Google search, and found "How can I remove a post from the list archive / remove an entire archive?". It is complicated, and requires high level system access, but there is a method. -- Seth Finkelstein (talk) 04:16, 2 July 2011 (UTC)

Yes, that's true and it's one of the options I've been exploring. However, it's a huge task identifying the stuff to go in six-years worth of archive and a similarly mammoth task physically doing it.  Roger Davies ^talk 04:23, 2 July 2011 (UTC)

That's an argument to declare email bankruptcy, delete all the old messases, and then start over with a proper system. You could probably cherry pick the most essential bits of old data in a couple (wo)man days of work, and send the rest to the bit dumpster. Don't let perfect be the enemy of good. Jehochman ^Talk 05:20, 2 July 2011 (UTC)

Well, it will actually take a few weeks, but essentially that is what we are planning to do. The key point though, is that the real solution is better software (the "proper system" you refer to), and that is currently outside of our control. We've made the pitch, though, did so months before this event. Risker (talk) 05:30, 2 July 2011 (UTC)

Great. If I were you, I'd ask nicely once for proper software to be installed, and if you don't get a serious reply, resign (or go on strike) until you get the tools you need to maintain high standards. Sometimes one has to draw the line and say, "No, I will not do shoddy work." Jehochman ^Talk 05:40, 2 July 2011 (UTC)

Funnily enough, that's almost entirely my position on this. There are a couple of practical problems here. First, there's isn't a software solution ready yet (more on this in a moment). Second, I reckon that effectively weeding the archives would take at least several hundred person hours and perhaps closer to thousands of hours, not a couple of days. Third, now that they've been stolen, for chain of custody reasons we need a back up copy of the whole thing somewhere (the WMF is unlikely to agree to doing this). One solution is to turn shut down the arbcom-l list, leaving the archives intact, with access severely limited. Then redirect all the incoming stuff to, say, arbcom-new, with archives but move that onto the new software when (if?) it comes on steam in a few months time. It is worth remembering that the new ArbPol is explicit about can be handled off-wiki. Finally, and this isn't intended to be a dig, while I appreciate your kind offer to help with new software very much indeed and have no reason whatsoever to doubt your integrity, many members of the community would go ballistic at the thought of a homegrown solution with all the attendent risks in terms of backdoors and so forth.  Roger Davies ^talk 05:39, 2 July 2011 (UTC)

I doubt ArbCom's needs are unique. If you Google around using the right keywords you can probably find an open source package that does everything you need (and more) off the shelf. Then it's just a matter of getting somebody to install it. I or some other volunteers could do some Googling and evaluate what software matches your needs. Custom development would be a really bad idea in this case, unless modifications were then released back to the open source project and became part of the community supported product. Jehochman ^Talk 05:46, 2 July 2011 (UTC)

This opens up a host of other practical issues. Where would we install it? Who would maintain, do upgrades etc? We don't necessarily have someone on the committee who could do all this, we don't have a full-time secretariat to provide maintenance continuity from year to year, and using non-WMF outsiders is a big no-no. It really has to be WMF driven.  Roger Davies ^talk 05:56, 2 July 2011 (UTC)

Risk is an unrealized expense. I submit that the cost of doing this right will be a lot less than the cost of doing it wrong. You should insist on having proper tools and resources to do your job. Your bargaining power is that you can quit. You don't need your Arbitrator paycheck and benefits -- because there are none. Unless WMF wants to handle Arbitration matters themselves, they will provide the software for the volunteers. All you need to do is assert yourselves. Jehochman ^Talk 06:18, 2 July 2011 (UTC)

I think you're overlooking the fact that the costs are not borne by the people who are at risk. This asymmetry tends to be the root of most monumentally stupid risk management decisions. Jclemens (talk) 06:28, 2 July 2011 (UTC)

I agree strongly with Jehochman. WMF has the funds to provide software and support. The point is, you have enough leverage that in the end it depends on how important you think it is, not how important Jimbo and the Foundation think it is. So decide amongst yourselves whether you think this is important enough that you really, really want it. "Jimbo and the Foundation" would be a pretty good name for a technopop group. Short Brigade Harvester Boris (talk) 00:49, 3 July 2011 (UTC)

No more excuses

Risker, Jclemens and other apologists for the sorry status quo, it is time for you to step down. If you can't be part of the solution, get out of the way. Your mail software is inadequate for the job. Rather than risk further injury to third parties, you must shut it down and take it offlne now. Then, you need to make a list of our requirements and we will find a suitable replacement technology. This might take a little time, but if you stop fighting the people who want to fix the problem, you might find that there are people around here who can find, install and upgrade a suitable piece of open source software. Have an open mind. Jehochman ^Talk 23:12, 1 July 2011 (UTC)

I agree, but what confuses me is that we should all be on the same side. It's in the Arbs' interests not to have this stuff floating around, especially Arbs who live in the UK with its draconian libel laws. It's the interests of the discussed not to have it retained. It's in the Foundation's interests not to be linked to a legal and ethical hot potato. It's in the community's interests to have an ArbCom that does most of its business onwiki, with fair and efficient private discussions where absolutely necessary. So, please, as Jehochman says, if we could stop fighting and act on those shared interests, there would be progress. SlimVirgin ^{TALK|CONTRIBS} 23:18, 1 July 2011 (UTC)

Jehochman, you're entitled to speak your mind, but your calls for reform are ill-considered. ArbCom cannot compel the WMF to do anything; my predecessors have been griping about the software for years, and it hasn't been fixed yet. We can't run a pilot on a non-WMF site, we can't install software on a WMF server for our own use, we can't... you get the picture. When it comes to a decision with "continue with the status quo" versus "radically restrict ArbCom's ability to function, indefinitely, in the hopes that a new solution will magically materialize", the decision is not as clear-cut as you suggest. First, of all the damage that can possibly be done, the vast majority of it has been done. Nothing we can do now can be reasonably expected to prevent the eventual leaking of everything damaging that has not yet been leaked--all indications are that the entire list archives were compromised. If you want to vote all of ArbCom out and install new arbs, that's your right--but the new arbs won't be able to do anything any faster. We have no budget, no hardware, no server access rights, nothing of the sort, and all that a new ArbCom can do is harass the WMF or resign en masse in protest. I'd love to have a better institutional memory facility than the archives--I could probably write a set of specs that would not only meet but exceed your security expectations, but I have no way to get those specs implemented. You term me an 'apologist' for pointing out the reality that ArbCom is entirely dependent on the WMF for our technology support; I think 'pragmatist' is a far better label. I am not a politician, and yet was nevertheless elected to ArbCom. If I tell you I can't make a difference, it's because I speak plainly and have six months' perspective on what ArbCom can and cannot do. If you'd rather elect a sycophant next election who will say pretty things and be just as ineffective, be my guest. Jclemens (talk) 23:41, 1 July 2011 (UTC)

Jclemens, the list administrator only needs to delete the list. That's it. Just stop cold turkey. Then you all tell WMF you need suitable list software and suggest they ask for help. I've built complex software (e.g. https://codeguard.com) and would be happy to volunteer my expertise. This is a problem that would easiy be solved if only people would just make a little bit of effort. Now, if you would please stop disrupting the discussion with walls of text, We might make progress. If you really feel unable to help, please resign and let somebody else have a try. Maybe the whole committee ought to resign. That might force WMF to finally deal with the issue. Your honor is at stake. You shouldn't serve in a position unless you can fulfill your obligations. clearly you have all failed to keep confidences entrusted to you. Either you have to fix this situation, or else resign. Jehochman ^Talk 23:58, 1 July 2011 (UTC)

... And how are we supposed to conduct ArbCom business without the list? Just set up a Google Group? Or maybe a Yahoo group? Where's the institutional memory going to reside? You can feel free to discuss Reichstag-climbing antics, but part of the reason I stood for election was that I'd rather stick around and try and actually fix problems, rather than implementing closing-the-barn-door measures that hinder our ability to discharge our elected responsibilities. If I could delete the hacker's illegitimate copies of the mailing list archives along with our own, we'd be having a different conversation--but given that nothing we do on this end makes a difference to that situation, I'm hard pressed to see the urgency in deleting a mailing list. Oh, and my honor is not at risk, nor is my resignation on the table. For what it's worth, several of the other arbs are all in favor of deleting the archives in their current location, and moving them elsewhere, which I see as somewhere between security theater and rearranging deck chairs. The archives may well be deleted from their current location in the near future, but the risk profile won't substantially change. Once there's a change that makes a difference on the table, you better believe I'll support it. Jclemens (talk) 00:23, 2 July 2011 (UTC)

Another change would be to make sure Arbs don't talk about editors unnecessarily, don't use real names if it can possibly be avoided, don't discuss medical conditions and other sensitive issues, don't engage in sockpuppet investigations and blocks that can be left to others. What the list shows is a lot of micromanaging, which causes extra work and stress for the Arbs. Admins, CUs, oversighters, and editors who specialize in SPI can handle most of the stuff we see being discussed on the Arb mailing list, which would leave the Arbs free to focus on arbitration. That would make the mailing list content less problematic. Would you support that? SlimVirgin ^{TALK|CONTRIBS} 00:44, 2 July 2011 (UTC)

I agree that even on a confidential list people should be discreet. But one the purposes of a confidential list is to discuss sensitive issues that shouldn't be discussed in public, including medical conditions and real identities. Let's not go so far with restrictions that we impede the necessary work of the ArbCom to settle behavioral problems on Wikipedia with a minimum of fuss.   Will Beback  talk  01:05, 2 July 2011 (UTC)

But it's not confidential because (a) every year the committee invites more people to view its archives; and (b) it retains the archives in a way that's not secure. And even if it were confidential, can you have discussions like that with a minimum of fuss with so many people on the list? It's human nature for people to want to add their views and their bit of information, and therein lies the danger.

The list needs a strong moderator with a whip. Maybe there's a job here for Taxwoman after all. :) SlimVirgin ^{TALK|CONTRIBS} 01:16, 2 July 2011 (UTC)

Many people have commented on issues concerning the retention of material in archives, and issues of access to whatever is kept from old cases. The number of people on the list is also a legitimate issue. But I think that we need to give the ArbCom the tools they need to settled disputes which include sensitive information, and a confidential mailing list or something like it, is necessary.

For example, let's say someone writes to the ArbCom to complain that a prominent and controversial academic is making non-neutral edits regarding his theories and his opponents. We don't want to out the editor so the discussion needs to be confidential. How could they discuss it without, at least once, mentioning the editor's purported real name? Or let's say an editor who'd been acting strangely tells the ArbCom that he's been taking pain medication and that explains his behavior. How can they evaluate that defense without discussing it confidentially? Maybe a once-a-week conference call for issues to sensitive to put into emails? Maybe small sub-committees that work off-list and report back to the whole committee without getting into unnecessary details? There are many possible solutions that don't require the ArbCom to stop discussing sensitive issues off-Wiki.   Will Beback  talk  01:29, 2 July 2011 (UTC)

Why would we write to the arbitration committee about that? It isn't about arbitration. It would be more appropriate to send it to an admin or functionary, or to a group of two or three admins/functionaries if it's difficult to deal with, and have it discussed quietly that way.

The arbitration committee has set itself up as a mini-government, and that has led to these difficulties. If we would allow admins to administrate, SPI specialists to handle sockpuppets, functionaries to handle CU and oversight issues, as well as sensitive identity and COI issues, then the arbitration committee could concentrate on the thing they're elected to do, and we wouldn't have these sensitive matters piling up in one mailing list. SlimVirgin ^{TALK|CONTRIBS} 02:08, 2 July 2011 (UTC)

Perhaps so, but that involves questions of scope and authority which would need considerable input from the community, and may concern the just-approved ArbCom policy. Perhaps a multi-pronged effort is needed: one to deal with email security, another to deal with archive retention and access, and a third to deal with best practices for dispute resolution.   Will Beback  talk  02:13, 2 July 2011 (UTC)

We have a fundamental problem with these committees, and the secrecy and lack of responsiveness. Just one example: I noticed in April an odd use of oversight during an ArbCom case that I was involved in. I knew what the post said, and it seemed innocuous. I couldn't find out who had done it or why, so I filed a complaint with the Audit Subcommittee, all good people, outlined my concerns, and asked what the complaints procedure was. I received an acknowledgment, and a request for permission to forward it to the functionary. No explanation of the complaints procedure. I said yes, and asked who the subject of the complaint was. A week later another email telling me enquiries were continuing. No explanation of the procedure, no reply to my request for information about who I was complaining about. That was April 14, and since then nothing.

I know that other Wikpedians have similar stories going back years. What causes it? The people on the committee are good people as individuals. Something not good happens to Wikipedians when they gather under these secret umbrellas. James Forrester (I believe) set up the mediation and arbitration committees as equals, and I think we ought to return to that model, without this sense of secret governance. Then if we really do need a secret committee for sensitive things, we could have a Difficult Cases Committee, devoted to those issues. SlimVirgin ^{TALK|CONTRIBS} 02:43, 2 July 2011 (UTC)

Slim, this looks like the sloppy desk filing system: urgent stuff on top, middle priority in the pile, and low priority at the edge of the desk where it falls to the floor and gets swept away. Then to give the appearance of being organized the contents get transferred to a filing cabinet in color coded folders. When people work that way the tactful thing to do is nudge them now again about the specific thing you want. It just puts them on the defensive to ask probing questions about the big picture. Durova⁴¹² 04:16, 2 July 2011 (UTC)

This sense of secret governance, as you put it, exists far more in the mind of the beholder than in the reality. The reality is that over the past couple of years the committee done much to increase transparency and decentralising.  Roger Davies ^talk 04:19, 2 July 2011 (UTC)

Did you not read the example I gave above? I don't know who I'm complaining about, I don't know what the complaints procedure is, I don't know whether it's ongoing, and if it's not, I don't know what the outcome was. SlimVirgin ^{TALK|CONTRIBS} 04:23, 2 July 2011 (UTC)

SlimVirgin, I've just checked the AUSC mailing list archives, and I see that you are correct that a response was not sent. One was drafted, however, and I have asked that one of the community members vet the drafted response and then send it forward to you. Risker (talk) 04:30, 2 July 2011 (UTC)

Perhaps there is some use in the archives, after all ...  Roger Davies ^talk 05:05, 2 July 2011 (UTC)

Sticks of dynamite have some use. That doesn't mean I should keep them around the house. Jehochman ^Talk 05:10, 2 July 2011 (UTC)

Absolutely, but if you need to use them from time to time, there's no sense in storing them on another continent.  Roger Davies ^talk 05:20, 2 July 2011 (UTC)

A locked shed some distance from the main dwelling would be a good compromise. Jehochman ^Talk 05:24, 2 July 2011 (UTC)

Indeed, though of course if local kids succeeded in stealing your dynamite then I bet some here would want to know why it hadn't been stored in Fort Knox.  Roger Davies ^talk 05:47, 2 July 2011 (UTC)

Which is why you minimize the amount of dynamite, and minimize the number of keys in circulation. ;-) Jehochman ^Talk 05:51, 2 July 2011 (UTC)

Re: secret governance, I think it interesting that among the things the WR leaker has chosen not to get into in great depth are the committee's private squabbles. That omission--to which I attribute no particular motive, since we generally dispute in polite and boring terms--tends to favor the impression of ArbCom as some sort of monolithic governing-and-gossip club, when the reality is that we're 18 smart, opinionated, dedicated individuals with 18 separate perspectives on how to handle whatever is put to us. Jclemens (talk) 05:16, 2 July 2011 (UTC)

From the selection of what's been leaked, it seems like the leaker is more interested in uncovering dirt about ordinary editors who have been discussed on the list than they are in attacking the arbitrators themselves. I think this supports the idea that the contents of the list were leaked by an arbitrator, rather than stolen by a hacker. If a hacker wanted to harm miscellaneous ordinary editors, there would be many more effective ways of doing that; whereas if they wanted to attack ArbCom, they would have released e-mails that focused on the arbitrators rather than on ordinary editors. On the other hand, the selection of what was released seems completely consistent with what would be expected if an arbitrator wanted an underhanded way to attack editors whom they couldn't sanction using the normal processes. --Captain Occam (talk) 21:26, 2 July 2011 (UTC)

There's no question in my mind that the true motives of the leaker may be exactly as they appear, or they may be tailored to appear exactly as you say. Wikipedia has no shortage of smart people with variable ethics well-read in spy literature. I strongly doubt that it's an arb, though. There's nothing particular to have provoked any of us to do this, although more than a few committee members' nerves have been frayed in the ensuing aftermath. Jclemens (talk) 00:08, 3 July 2011 (UTC)

If there was something that provoked an arbitrator into doing this, would the other arbitrators necessarily know about it? I didn’t think that ArbCom kept that close a watch over the lives of all its members. Was ArbCom aware of something in particular that had provoked Kelly Martin, when she leaked the contents of the mailing list in 2009?

Something else to consider is that if it was an internal leak, the arbitrator who leaked the e-mails isn’t necessarily the same person posting them at Wikipedia Review. It may be that an arbitrator shared the contents of the mailing list with a friend who wasn’t an arbitrator, under the assumption that it wouldn’t be shared any further than that, and then the person with whom it was shared decided to post it publicly. That’s how it would have gone if there was any substance to the complaint in February about an arbitrator sharing CheckUser data. --Captain Occam (talk) 01:33, 3 July 2011 (UTC)

Given that the archives are rather difficult to work with and it would take at least one extra step to get them, I've ruled out the possibility of accidental leak as far as my own thinking about this incident, but I'm sure it's possible. Jclemens (talk) 02:08, 3 July 2011 (UTC)

Oversighting during this discussion?

Could someone explain?

1. (cur | prev) 00:07, July 2, 2011 SlimVirgin (talk | contribs | block) m (→No more excuses: formatting (getting hard to read))
2. (cur | prev) 23:58, July 1, 2011 Jehochman (talk | contribs | block) (→No more excuses: really, no more excuses -- deal with the problem or resign)
3. (cur | prev) 19:09, July 1, 2011 Cool Hand Luke (talk | contribs | block) (192,662 bytes) (→All information becomes public sooner or later: Jehochman, I largely agree.)
4. (cur | prev) 19:08, July 1, 2011 (Username or IP removed) (edit summary removed)

I assume number 3 was to deal with whatever number 4 was. But what happened to 1 and 2? SlimVirgin ^{TALK|CONTRIBS} 03:19, 2 July 2011 (UTC)

Personal information of an individual, which has not been released onwiki, was included in a post. This was redacted. All edits between the insertion and the removal of the personal information must be suppressed in order to remove the privacy violation. Risker (talk) 03:38, 2 July 2011 (UTC)

Okay, thanks. SlimVirgin ^{TALK|CONTRIBS} 03:53, 2 July 2011 (UTC)

I accidentally called an Arb by their very unoriginal first name instead of their handle. For instance, my name is Jonathan, as many people know, and people occasionally call me that on wiki instead of Jehochman. I wish certain Arbs cared about the rest of our privacy as much as they seem to cherish their own. Jehochman ^Talk 05:03, 2 July 2011 (UTC)

I suppose the reason that people know that your name is Jonathon is because you tell them so prominently on your user page. Similarly, it doesn't take too much detective work to establish that my first name is Roger :)))  Roger Davies ^talk 05:12, 2 July 2011 (UTC)

Roger, Roger. Jehochman ^Talk 05:14, 2 July 2011 (UTC)

[6] ←Baseball Bugs ^{What's up, Doc?} carrots→ 09:09, 2 July 2011 (UTC)

Ah ... indeed Roger ... now on the spelling of that last name. :) — Ched :  ?  08:59, 2 July 2011 (UTC)

Update

This is to update the community on major actions that have been taken over the past week since the unauthorized release of private mailing list material was first identified. This message highlights only key issues and is not an exhaustive list of actions that have been taken.

• Each individual arbitrator has carried out security scans, upgraded software/hardware as applicable, and changed all personal passwords to any Wiki(p)(m)edia related accesses. Several of the arbitrators work in the IT profession and have provided assistance and support to those less technically proficient; others arranged for professional inspection and other assistance in ensuring that their systems were secure.
• List administrator passwords have been changed for all mailing lists associated with the Arbitration Committee.
• The Arbitration Committee has continued to work closely with the WMF to identify interim measures that will permit improved management of archives and reduce the risk of recurrence. WMF staff developers and sysadmins have been actively involved in this process. The ability to download the Arbitration Committee mailing list archives via internet connection is being removed. A script is being written to enable transfer of the current archives to the arbitration wiki in a manageable format, and will be tested early next week.
• The Arbitration Committee has reiterated its recommendation that the WMF install different mailing list software that includes archive management tools and other security features, at least for private mailing lists.
• We will be continuing to analyse information as it comes in and to review current status and what further changes are appropriate.
• Everyone is reminded that this is a holiday weekend in the United States, and most WMF employees will not be returning to work until Tuesday, so it is unlikely that the situation will change significantly in the next three days.

We thank the community for its continuing patience as we continue to work through this unfortunate situation to mitigate the potential for a recurrence of this unauthorized release of information. Risker (talk) 03:33, 2 July 2011 (UTC)

Transferring the archives to the ArbCom wiki is a very bad move, in my view, because it will make them easier to read (I assume), and the wiki is just as insecure. Plus, it doesn't remove the "poisoning the well" feature, which is the major problem outside unauthorized access.

Also, do you know when and where there will be an announcement about the leak so that editors who don't watch this page or WR will learn about it? SlimVirgin ^{TALK|CONTRIBS} 04:04, 2 July 2011 (UTC)

Transferring the archives? Seriously? This old house of straw is no good, let's build one of sticks. → ROUX ₪ 04:11, 2 July 2011 (UTC)

It may not be perfect but think it through. Do you really want the only place where arbitrators can look up back stuff to be Wikipedia Review?  Roger Davies ^talk 04:15, 2 July 2011 (UTC)

Bwahahaha.... Well played, sir. Wish I'd thought of that comeback first. Jclemens (talk) 04:21, 2 July 2011 (UTC)

(edit conflict)Of course not. The superior solution, if the archives must be kept (and I think there are just enough arguments in favour of doing so), is for them to be archived to a machine under WMF control and not accessible online. Transferring the archives to another format which is just as insecure is more or less the definition of security theatre. → ROUX ₪ 04:24, 2 July 2011 (UTC)

Well, given the fact that not a single arbitrator has non-internet access to any WMF server (which I believe is an appropriate security measure on the part of WMF), whatever value the archives currently have is eliminated by making them inaccessible. By moving them to the arbwiki in a readable format, we can chop through the 85-90% of useless material and delete it from there, and properly organize what little remains. This is labour intensive, but probably would need to be done at some point anyway if we are able to persuade the WMF to obtain better software that will permit us to do this without unreasonable use of volunteer time. Risker (talk) 04:47, 2 July 2011 (UTC)

(ec) A significant portion of the community doesn't want you to keep on looking up old gossip about them, material that the subjects have no access to or a chance to correct. I'm surprised that Arbs from Europe, where there's a strong data-protection culture, don't respect the force of that argument. SlimVirgin ^{TALK|CONTRIBS} 04:22, 2 July 2011 (UTC)

Quite apart from the absence of proof that arbs "keep on looking up old gossip", as you so pejoratively put it, this gossip thing is looking more and more like one of those irregular verbs. You know: "I raise legitimate concerns", "he speculates", "they gossip". There's a fine line between legitimate concerns poorly expressed and wild speculation with inconclusive diffs. The arbitration case pages are stuffed full of examples, in some cases, running to tens of thousands of words.

Second, on the data protection front, I actually strongly believe people should have the right to answer what is said about them which is why I wrote it into the new policy. However, there are exceptions and the idea that an anonymous screen-name is entitled to the same human rights as a real publicly identified person leaves me utters puzzled. This, it seems to me is part of the problem here. What is this Wiki? A cyber-kingdom inhabited by cyber-citizens or is it primarily a website devoted to building an encyclopedia?  Roger Davies ^talk 05:04, 2 July 2011 (UTC)

I think the short answer to your question is that it's a MMORPG that acquired far too much power and influence than is healthy for anyone, on all sides. But you can't make that problem go away by saying you just wanted to kill Orcs (or more apropos, Trolls). -- Seth Finkelstein (talk) 06:17, 2 July 2011 (UTC)

You jest, but there is something to be said for Devil's Advocate and countervailing power. -- Seth Finkelstein (talk) 04:26, 2 July 2011 (UTC)

Of course :)  Roger Davies ^talk 05:04, 2 July 2011 (UTC)

My own $0.02: I've been following this discussion, and have been very pleased to see arbitrators taking this issue seriously, and actively engaging with the community to keep us informed. The steps being taken look to be appropriate, and I, as a member of the community, am satisfied with both the ongoing actions being taken, and the proposed solutions. Thanks very much for the updates, and please continue to keep us in the loop! --Elonka 15:45, 2 July 2011 (UTC)

Adding $0.01 of my own, I agree entirely with Elonka. I increasingly get the feeling that some of the more strident complainers in this talk are doing nothing but repeating themselves tiresomely. --Tryptofish (talk) 18:02, 2 July 2011 (UTC)

You are both correct that sycophancy isn't worth much. If you grow tired of the conversation, feel free to ignore it. Jehochman ^Talk 18:57, 2 July 2011 (UTC)

Actually, there's a big difference between sycophancy and criticism of the critics. If it makes you feel any better, I don't think that you were being either strident or tiresome (at least not until that last comment!). --Tryptofish (talk) 18:01, 3 July 2011 (UTC)

Question

Can someone just answer this for me because it could be important. If one singular Arb's ordinary personal email account had been hacked, could all this leaked information have been accessed? Giacomo (talk) 21:19, 2 July 2011 (UTC)

Yes, if they had not deleted the email they received giving them a password for the mailing list and archives. With that password, anyone could access and download the archives. Alternatively, if an Arb accessed the archives from a public computer and forgot to log out, that could also give someone else access. SlimVirgin ^{TALK|CONTRIBS} 21:27, 2 July 2011 (UTC)

Do we have a date for the most recent leak? Giacomo (talk) 21:29, 2 July 2011 (UTC)

The first leak was on June 23. The leaker continued to have demonstrable access until after CHL or Coren (forget which) posted to the mailing list to tell them about the leak on June 23 or 24. That email was the most recently dated leak. I believe the leaker set up his WR account on June 21 at 6:54 am UTC , so the breach probably took place just before that. SlimVirgin ^{TALK|CONTRIBS} 21:39, 2 July 2011 (UTC)

• Oh that's my theory kaputted then. All the leaks I have seen on WR have been quite historic, I thought it could possibly be from a hacked Arb account from a few months back. Giacomo (talk) 21:50, 2 July 2011 (UTC)

The breach could have occurred a long time ago, but there would have to have been continued access until June 23/24 (the most recently dated leak). And for some reason no desire to start leaking the material before that date. SlimVirgin ^{TALK|CONTRIBS} 21:52, 2 July 2011 (UTC)

Well an Arb's email was hacked a few months ago, I realised it when the esteemed Arb began trying to sell me viagra; I emailed him to negotiate a better price; he said his account had been hacked and that was the end of the story. I'm sure the Arbcom know all about it. I'm not sure of the exact dates because I deleted the email in case it was a virus, anyway it hardly seemed important at the time. I only remembered it recently because a nephew left his account open in an Australian internet cafe and he suddenly began trying to sell me vigra too - why do these people think I need viagra? Giacomo (talk) 22:02, 2 July 2011 (UTC)

Don't worry, brother. They think I need Viagra too. ;) Durova⁴¹² 00:43, 3 July 2011 (UTC)

It was actually mine (more like the password was guessed), but it wasn't the email I was using for Arb business (shortly after I was elected,but before I was subscribed to any lists I realized that the sheer volume of emails on arbcom-l and other lists would completely drown a email address that was already 6,000 or so deep), so I created another gmail address strictly for arb business. The old email address never received any of the passwords or anything that would allow it to do so... and about three hours after it sent out the first wave of spam, my brother, who builds computer networks for a living, was screaming at me, and everything got changed :) SirFozzie (talk) 22:18, 2 July 2011 (UTC)

Spammers seem to be able to (appear to) send spam from email addresses without gaining access to the accounts. No idea how, but I've received spam from quite a few Wikipedia accounts over the years. They offer me mortgages for the most part. SlimVirgin must look as though she doesn't need any more excitement. SlimVirgin ^{TALK|CONTRIBS} 22:23, 2 July 2011 (UTC)

Are you implying that the name "Giacomo" sound like a tired old man in need of assistance? Giacomo (talk) 22:27, 2 July 2011 (UTC)

• chuckles* No, in this case, it was a definite "hack" (in that they had access to the account), I had to delete about 25 of the spam emails from my sent email folder.. they hack the account to send out the spam because it gets around spam filters better (they harvest the address book). But again, this was only for 3 hours or so, and on an email that was not used for any Arb Buisness at all. SirFozzie (talk) 22:35, 2 July 2011 (UTC)

• Same thing happened to me a few months back. Didn't have control of my account, but the FacebookConnect or Yahoo bridge feature let someone send about ~1,500 emails from my account. Lucky I caught it midway through and changed the password or it would have sent out 15,000 emails. MBisanz ^talk 22:39, 2 July 2011 (UTC)

• Well that's that then, some other direction will have to be searched. Giacomo (talk) 22:41, 2 July 2011 (UTC)

As I said above, I think the direction that ought to be searched at this point is whether an arbitrator deliberately released these e-mails. The selection of what’s been leaked, the fact that there does not appear to be any evidence that an arbitrator’s e-mail account used for Wikipedia has been compromised, and the fact that there have been issues in the past with arbitrators giving out private information; all of these things seem to point more towards a deliberate leak than to a hacking event.

Of course, if that’s what happened, it might be difficult to identify who was responsible for the leak unless they voluntarily come forward. --Captain Occam (talk) 23:20, 2 July 2011 (UTC)

Another question

Is there anything undisclosed so far on WR that you would expect to have been leaked that was in the files? We are all aware, because we are reading WR, that the leaker is now responding to requests rather than posting unilaterally, but are there topics/individuals that the ArbCom is aware of not being released, and if so are they of any import into determining the method of the break in security? Obviously, if you need to kill me because of the security implications of my question my real identity involves the initials DG. LessHeard vanU (talk) 00:00, 3 July 2011 (UTC) Um, obviously I am not expecting any detail on what has not yet been published - just whether some stuff remains to be potentially aired. LessHeard vanU (talk) 00:16, 3 July 2011 (UTC)

Not that I'm aware of, however I wasn't familiar with all the leaked material simply because I hadn't looked at that much from before I joined ArbCom. PhilKnight (talk) 00:35, 3 July 2011 (UTC)

I have been trying to think of who it might be based on what has been released and what proportion of it, contrasting to what is left unreleased. Casliber (talk · contribs) 01:03, 3 July 2011 (UTC)

There are literally thousands of threads that contain such messages as "Hey guys, please vote on XX"; "We need more comments on the request for amendment about YYY"; people advising their colleagues of holidays, breaks, or other reasons they won't be around (in fact, I think one of the earliest threads is about someone going on holiday); tons of unblock requests and their responses; and similarly boring stuff. This sort of stuff makes up the majority of the archives. Risker (talk) 02:01, 3 July 2011 (UTC)

The most surprising thing so far about the leaks is how few surprises they have contained. Short Brigade Harvester Boris (talk) 02:14, 3 July 2011 (UTC)

Agreed, but don't underestimate the value of "officially" confirming what everybody-already-knows. -- Seth Finkelstein (talk) 03:00, 3 July 2011 (UTC)

It's not actually surprising, SBHB: day to day ArbCom business is singularly boring as a rule. Sometimes delicate, sometimes urgent, but rarely interesting to look at from the outside. I'm guessing that's why the leaks haven't yet generated offers for a treatment. — Coren ^(talk) 04:58, 3 July 2011 (UTC)

Actually, even the day to day business of outright dictators "is singularly boring as a rule". I once heard a talk from someone who studied literal Soviet Kremlinology, and he remarked about how much of it was just basically corporate management, made much worse by the fact that the members didn't want to delegate anything. Not that I'm comparing ArbCom there, but even ruling (part of) the world is an amazingly tedious job. The leaks here have been presented in a timing and format which has been stupefying. But I believe a more savvy selection and presentation could have generated some interest. -- Seth Finkelstein (talk) 05:48, 3 July 2011 (UTC)

At which point, let me be the first to invoke Godwin's law and refer to the banality of evil :)  Roger Davies ^talk 05:52, 3 July 2011 (UTC)

Well, making the trains run on time requires a lot of messages about train schedules :-) -- Seth Finkelstein (talk) 11:04, 3 July 2011 (UTC)

Community policy / discussion / reaffirmation of Arbcom email policy

I think that it may be of value to take the meta-discussion about what Arbcom's mail archives should contain and for how long to a centralized venue for community discussion and reaffirmation.

I don't personally know that removing old data is a good idea - Institutional memory is required for long running disputes and longstanding problems - but there seems to be considerable dispute over what the underlying policy should be, what the value is of retained data versus risks and privacy concerns, etc.

Thoughts? Georgewilliamherbert (talk) 02:48, 3 July 2011 (UTC)

Georgewilliamherbert, if you've been following along, right now the Mailman mailing list software made available to us by the WMF is either "archive/no archive"; no ability to manage the archives in any way, shape or form other than to delete or keep. We've urged the WMF to make software changes at various times, most recently in April of this year, and have done so again as a result of recent events. It is a holiday weekend in the US, and WMF staff are not available for big-picture discussions like this. The conversation so many people want to have is just going to have to wait for a bit while issues are assessed, current risks are mitigated, and future options can be developed. This is not something that is going to be completely "fixed" for a while, and I have no doubt that there will be periodic information shared with the community. Risker (talk) 03:22, 3 July 2011 (UTC)

I have been following along; I would like to separate out "technical means" - which I understand are not up to Arbcom per se - and "community mandate / policy" - which the community here and Arbcom can certainly refine, define, or reaffirm.

If the community were to mandate a change that was not immediately technically feasible then the WMF and Arbcom obviously wouldn't have to wave a magic wand and make the impossible happen, but it could define what the community wanted done as the technical situation was evolved.

If the community reaffirms the existing policy to generally keep archives then no change is required other than the security tightening going on.

I am not advocating a change. I'm advocating having a centralized discussion to lay out the issues clearly, develop a consensus on what's best for the Encyclopedia, project, community, Arbcom, etc.

I personally prefer keeping, but I am seeing the edges of community refutation of that longstanding policy, and I'd rather have an out in the open honest discussion and consensus about it rather than have everyone wondering if there really is remaining support for them. Georgewilliamherbert (talk) 03:31, 3 July 2011 (UTC)

I'm sorry Georgewilliamherbert, but the technical issues are a core component here, and they are entirely within the domain of the WMF. The community also does not have within it the power to dictate that individual arbitrators must use certain technology when carrying out their roles, as has been suggested by some commenting here. The community is justifiably concerned that there was theft of data that included both private and confidential information. There is not sufficient information at this point for any discussion to take place. The community will be kept updated as new information becomes available. Risker (talk) 03:57, 3 July 2011 (UTC)

Saying the technical issues are "entirely within the domain of the WMF" isn't altogether correct. You have plenty of leverage to sway Jimbo/WMF if you think the technical changes are important enough. Short Brigade Harvester Boris (talk) 16:16, 3 July 2011 (UTC)

We have a nuclear option that every time we use, the WMF can say "Sorry, we can't/won't do it" and then we'd HAVE to resign. So it's not a tool to be used casually or easily. Risker has spent the last few weeks working with the WMF to try to see what is possible (and isn't that what politics at whatever level is, the art of the possible?) SirFozzie (talk) 16:18, 3 July 2011 (UTC)

There are a number of strong options short of mass resignation, and in fact mass resignation isn't even your strongest option. For example, it's likely that at least one of the 18 people on Arbcom knows how to write a press release (filling in the details is left as an exercise for the reader). Of course, you are correct in first giving Jimbo/WMF the opportunity to do the right thing of their own free will. Short Brigade Harvester Boris (talk) 16:36, 3 July 2011 (UTC)

Mass resignation is not a serious option, nor is making a statement to the press. (Doesn't anyone remember the Colbert Report?) And why would anyone think that Jimbo has any more ability than any other member of the Board of Trustees to investigate software options, determine which options can run on the existing platforms, allocate and schedule funds as well as hardware, software and staffing resources? These are operational issues that require the time and knowledge of the WMF technical staff, as well as those who can help to assess the "human" end of things. We are all in this together, and options are just at the very earliest stages of development. It is not going to be a quick fix; anyone who has ever worked in a large IT-based environment knows that even small "fixes" can consume significant resources, and careful analysis of systemic impacts is part of the assessment process. Yes, the decisions about software are ultimately in the hands of the WMF. But the lines of communication are open right now, and this matter is being taken seriously on a very large number of levels there, just as it is here. Each group has its limitations. Risker (talk) 17:38, 3 July 2011 (UTC)

Your statement regarding Jimbo is an obvious red herring which does not merit a serious response. I am beginning to sense the all-too-human reaction to serious and difficult problems, which is to think of all the reasons why something can't be done. Short Brigade Harvester Boris (talk) 18:40, 3 July 2011 (UTC)

Well, I'm not the one who brought Jimbo into the conversation, but meh. SBHB, we know this needs to be fixed. We also know that it is going to take some time, and it's better to be honest about that than it is to create false expectations within the community. It is a serious and difficult problem, and I have never seen a serious and difficult problem that got completely fixed in just a few days. We have an entire community who works on the theory of crowdsourcing; I have to admit I'm surprised that nobody's tossed a list of potentially suitable publicly available software onto this page. I have no doubt there are open source programs out there that would be good, but I know I don't have the technical skills to review and assess them. Maybe some of the other people watching this page do. Risker (talk) 19:33, 3 July 2011 (UTC)

Perhaps you've had no suggestions because it's unclear what the purpose of this mailing list is. Is it to allow secure communication between individual editors and ArbCom? Or is it to enable secure communication between ArbCom members? Right now it appears to be doing neither well, but they're functions that ought to be separated. Malleus Fatuorum 19:46, 3 July 2011 (UTC)

Are you aware of any solution, Malleus, which would allow both? Right now, email from the list sets reply-to to the list itself, so that when an editor emails arbcom, the arbs can discuss the merits of the request without losing threading--i.e., you can see the original email, plus any other arb comments, all in one email thread. Jclemens (talk) 20:04, 3 July 2011 (UTC)

My point was that the functions need to be separated, not combined. So far as secure communication between ArbCom members is concerned then VPN seems like a natural solution. Isn't there an ArbCom wiki? Is it only accessible via VPN? This isn't so much a "should we use this software or that software" issue it's a security issue. Malleus Fatuorum 20:07, 3 July 2011 (UTC)

You're right, it's a security issue, but the two are intertwined. What is needed is a system that feeds externally received emails in, permits all those with access to discuss them, and then respond with a reply (ideally using a "system" return address rather than one's personal email address, as is the current situation). Ability to add attachments would also be useful, as would some form of "tracking" mechanism so that it is easily determined which tasks/threads are complete (especially valuable for unblock requests) or to permit scheduling of specific activities. I know these features are available in various commercial products, but we do need to consider the WMF mission as well, which strongly emphasises open source software wherever possible. Risker (talk) 20:19, 3 July 2011 (UTC)

Get behind a VPN. The software issue is secondary. Malleus Fatuorum 20:30, 3 July 2011 (UTC)

Err, what? If an arb's account was hacked, the VPN would have done almost nothing for anyone. It would have required the attacker to proxy through their system into the VPN to access the archives, beyond what was stored. Is there any VPN implementation these days which prevents split tunneling? I know the users I was responsible for hated it, because it made it impossible for them to print to their local TCP/IP printers when connected to the corporate VPN... and "Get a bloody USB cable" was not perceived as a user-friendly response... Jclemens (talk) 21:26, 3 July 2011 (UTC)

Make public everything that has been leaked

I understand that it is not practical to email everyone who has had contact with ArbCom. Then we have the following problem. WR is not going to release everything what they have today or tomorrow, so you never know if some information concerning you is going to appear there next week, next year, 5 years form now, or perhaps never. If it were just information that you have communicated yourself to ArbCom, you could still deal with that by simply pretending that this is now in the open and taking appropriate measures. However, ArbCom members may have been discussing you and then you don't know what they have written about you.

Then if it is indeed not possible to disclose information privately via email to all concerned, the next best thing is to make everything public. E.g. one can put everything in one or more (compressed) files and upload that on Wikimedia. It's far better to have to deal with anything that is in there now than to find out some years later that people have been discussing you for some time on some websites on the basis of information about you that may not be correct (what the Arbitrators say about you may not be correct, or it may be presented out of context by people leaking it). Count Iblis (talk) 16:07, 3 July 2011 (UTC)

I'm sorry, this is a ridiculous idea. What's out there is bad enough, but you want to turn the trickle into a flood.. Let me say it clearly. This is NOT going to happen. SirFozzie (talk) 16:09, 3 July 2011 (UTC)

Have to agree with SirFozzie here. It may seem like a good idea at first glance, but there is no way the community would support this. The Cavalry (Message me) 18:40, 3 July 2011 (UTC)

I have to agree with the Count, the reality is Malice only has the power because we made them secret in the first place. I am a realist though I know its not going to happen but I think count makes a valid point. The Resident Anthropologist (talk)•(contribs) 18:44, 3 July 2011 (UTC)

The one thing that argues against this proposal is that Malice and the WR admins have been willing to redact some of the material that had the most potential to damage real people. If it were just the ArbCom at risk of public embarrassment, then it would be a different conversation, but as long as Malice and the WR admins are willing to protect the people we care about (if not our own privacy, oh well), then there's no defensible reason to do this. Jclemens (talk) 19:01, 3 July 2011 (UTC)

The leaker on WR presumably is not the one who stole it from the ArbCom list, so this information may also appear elsewhere. Then I think one could make this public here and still protect the privacy of people involved to some degree by using some program that removes the real names and email addresses in the message headings. This won't fully protect the privacy of everyone but it would go a long way toward this. The involved people then know everything about how they are discussed, so they can take whatever measures they think are needed. Count Iblis (talk) 22:08, 3 July 2011 (UTC)

So your solution to the possibility that some harm-causing stolen email might surface in the future is for us to willfully release it now? No, this is not the route we will take. –xeno^talk 23:56, 3 July 2011 (UTC)

Sorry Count Iblis, there are all sorts of privacy bits and pieces sprinkled all through the archives (buried amid a stack of boring mundane posts as pointed above). This makes no sense. Casliber (talk · contribs) 00:30, 4 July 2011 (UTC)

• I think the files now seem undeniably to be a time bomb waiting to go off. Except for cases concerning minors and criminal acts they could be placed in an open forum. Or at least, on request, those mentioned could be given all information pertaining to them. In many European counties those mentioned could legaly demand to see the files anyway, why don't we all have a taste of European freedom? It seems very wrong to me that European editors are denied their rights only because the servers are housed in USA. I don't think having them published salacioulsy and piecemeal on WR is ading to the lustre of the project. Giacomo (talk) 19:00, 3 July 2011 (UTC
  • I have a question for you about the rights issue you raise. What rights does an anonymous screen name, linked to an anonymous email account, with no connection whatsoever to a real person have? Now to extend this a bit further, if an anonymous editor (anoned1) writes to committee claiming that anoned2 is sleeping with anoned3 and therefore has a COI, what should the committee do about it? And, if anoned1 apparently outs anoned2 and anoned3 by including personal data to make the assertion, what trumps what: the COI guideline or the outing policy? And how does this help write an encyclopedia?  Roger Davies ^talk 20:13, 3 July 2011 (UTC)
    • I have a question for you. A few days ago I received an email from an ex-administrator containing a suggestion that I should write an article on the park directly opposite my house, following the WR revelations. Coincidence? So exactly how are we "anonymous"? Malleus Fatuorum 20:23, 3 July 2011 (UTC)
      • The bulk of emails are from anonymous email accounts, linked to anonymous wiki accounts, which contain no inkling of the real identity behind the screen persona.  Roger Davies ^talk 20:26, 3 July 2011 (UTC)
        • I'm not talking about the bulk, I'm talking about mine. Many other email addresses were leaked as well, and are continuing to be leaked. Malleus Fatuorum 20:33, 3 July 2011 (UTC)
          • At the point, the obvious thing to do is for everyone to express their displeasure at the people publishing the material. Roger Davies ^talk 20:40, 3 July 2011 (UTC)
            • My displeasure is directed towards those who were lax enough to continue using a system they knew to be insecure, or ought to have known was insecure, while misleading regular editors into believing that their communications were confidential. Was that laziness? Stupidity? Malleus Fatuorum 20:48, 3 July 2011 (UTC)
              • No system is 100% secure. A confidential letter can still be stolen by the postman. That still doesn't get round the issue here. If you wish to prevent further damaging disclosures that can impact on other people, why not try to pressure WR into being responsible about they publish?  Roger Davies ^talk 20:59, 3 July 2011 (UTC)
                • Are you a certified idiot or does it just come naturally to you? WR may do as it pleases, but it could not do it without the incompetence on display here. Malleus Fatuorum 21:44, 3 July 2011 (UTC)
                  • [Chuckle] It seems to me that any strategy is two-fold: fix the split pipe and turn off the stopcock. In the case, the stopcock is WR.  Roger Davies ^talk 22:09, 3 July 2011 (UTC)
                    • I'm not sure what this rabid obsession is with the Wikipedia Review. They have little to nothing to do the present leak -- if WR weren't around the leaker would have just dumped the archives somewhere else. TotientDragooned (talk) 23:15, 3 July 2011 (UTC)
                      • Any system can be hacked with human error or complicity - no matter how complex. Yes folks are working on how to make it more foolproof. And yes some folks at WR are trying to show some responsibility about information being released. Casliber (talk · contribs) 00:30, 4 July 2011 (UTC)
  • So let me get this straight: In Europe, if a group of people with no particular legal standing are having an email conversation about a third party, and that third party finds out about it, that third party has the legal right to compel the group to disclose what they said about him, and/or compel them to make alterations to their emails if he believes anything said in private to have been improper? Jclemens (talk) 21:29, 3 July 2011 (UTC)

Well "Roger" if you want to operate an "encyclopedia" able to be "edited anyone" one has to expect "anyone" to edit it - doesn't one? The project happily takes and uses the work of "anyone" (such as myself) to promote itself (my work has certainly been on discs etc) it either needs to say "This is the project anyone can edit so long as they realsie they count as nothing" or it needs to grow up and get real. Secret files on individuals are always a bad idea and in all civilized countries they are illegal. I am quite sure that the Arbcom file are full of references to me, one only has to look at WR to see the most recent and ludicrous (do you never think how silly you all sound?). I really don't see what can be so secret and vitally important about people called "Coren", "Fred" and "Clinically Dead" discussing someone called "Giacomo." I'm afraid you are all starting to beleive the fallacy of your own importance. I raised this matter in the Arbcom election of 2010, no satisfactory answer was given then and none is provided now. Because I choose (wisely as it turns out to protect my anonymity) does that mean I must surrender my human rights - or do you think I am inhuman and a horse? Giacomo (talk) 20:31, 3 July 2011 (UTC)

I think you need to be watching out very carefully for that horse's head on your pillow. Malleus Fatuorum 20:37, 3 July 2011 (UTC)

Don't worry Malleus, I eat kittens for breakfast! The fact is that the Arbcom have built an illicit house of secrets and then they have allowed it to fall like a house of cards into the hands of God knows who and yet are still scrambling to catch the cards in a 12 force gale and rebuild it. It's ludicrous. Giacomo (talk) 20:48, 3 July 2011 (UTC)

Nice analogy. Malleus Fatuorum 20:54, 3 July 2011 (UTC)

Interesting image, dunno how appropriate it is though. None of the current committee had anything to do with building this incidentally.  Roger Davies ^talk 20:59, 3 July 2011 (UTC)

Cop out! Giacomo (talk) 21:01, 3 July 2011 (UTC)

Hyperbole.  Roger Davies ^talk 21:05, 3 July 2011 (UTC)

• I am dissapointed Roger, that the Arbcom feels the justifiable anger of the community is just "hyperbole." The fact is the Arbcom have not been careful with their files and caused an immense amount of distress and anguish to many. It may be better if they adopted a little humility. Many of us wish the Arbcom to desist accumulating secret information on us all. You may do well to respect that position. Giacomo (talk) 21:10, 3 July 2011 (UTC)

• Please don't pretend you speak for the community. He was responding to one editor. I don't see a community enraged anywhere. RxS (talk) 21:52, 3 July 2011 (UTC)

Most of the community doesn't know about this, RxS. This page only has around 400 watchers, and that doesn't mean they are actually watching it. And most don't read WR. But I think it's clear that most Wikipedians would prefer not to have people keep secret files on them—which they have not seen and which may not be accurate—and particularly not make them available to new Arbs every year, and retain them in a way that isn't secure. Anyone who would want that for themselves would not be rational. SlimVirgin ^{TALK|CONTRIBS} 23:48, 3 July 2011 (UTC)

@SV, obviously the situation is not ideal, and thinking upon it, probably some degree of comments made on the list were better made on wiki. But there are serious issues for which privacy is very warranted - users with mental health issues, child protection and legal ones, plus some sort of institutional memory for the next orchestrated attempt at mischief. Given where wikipedia is, it will be only a matter of time before the next Poetlister, EEML, scibaby etc. There are very clearly checks and balances here and no solution is ideal. Casliber (talk · contribs) 00:36, 4 July 2011 (UTC)

Please don't mischaracterise this: I'm describing your firebrand style of rhetoric as hyperbole. All it succeeds in achieving is polarising rather than resolving. You have no idea at all what the individual views of individual arbitrators on this are but in your enthusiasm to make a point you are make sweeping statements about all of them, past and present.  Roger Davies ^talk 21:21, 3 July 2011 (UTC)

Roger, you seem you be the only person here, who does not realise that if we all want to know the "individual views of individual arbitrators" we just pop over to WR and have a look. Now were I you, in such a hole, I would stop digging. Giacomo (talk) 21:27, 3 July 2011 (UTC)

More hyperbole, I'm afraid. Can you please make a stab at answering the question? If you don't know, just say so :)  Roger Davies ^talk 21:31, 3 July 2011 (UTC)

Oh dear, you seem to be labouring under the misaprehension that it's me and the community who should be answering the questions. I don't think at present at Vote of No Confidence in the Arbcom would serve anyone well, but I am very much less than thrilled to see your pointless and insulting interrogation of me plastered all over WR together with my former email address. That you have made yourslelves look even more stupid is to be deplored. Now Roger, a little less arguement and little more humility might just save all your skins. Giacomo (talk) 21:45, 3 July 2011 (UTC)

I have no recollection of my ever asking you any questions, let alone "engaging in a pointless and insulting interrogation". For the record, I am angry and horrified about the data theft but that does mean that I will automatically accept whatever is thrown at me, especially if certain allegations are exaggerated, inaccurate or misplaced. Now, to return to my question, what is my position on retention of private data? If you don't know, just say so.  Roger Davies ^talk 22:04, 3 July 2011 (UTC)

• As I see it, from reading the emails that I have - and from such discussions as this, there is more that enough detail to start a RFC of no confidence in the current arbitration committee and its working processes... but although it may have support it may also be better to keep what we have for the time being and discuss than leave a void. Off2riorob (talk) 21:15, 3 July 2011 (UTC)

Having ArbCom sanction the violation of my own privacy, convict me of conduct which I did not do by "finding" me to have responded to alleged "canvassing" Emails which because of personal circumstances I had not actually read—checking Wikipedia check several times a day, personal Email once every week or two—I have zero sympathy here. PЄTЄRS J V ►TALK 23:28, 3 July 2011 (UTC)

Roger Davies, to address directly your query "What rights does an anonymous screen name ...", I would contend that is looking at it from the wrong angle for two reasons: 1) Often the screens names do end up being linked to a real-life identity at some point, and 2) We also are talking about people who use their real names. In specific, the material leaked already includes many insults and personal attacks on a named journalist. Now, perhaps that's life, and it's only to be expected. However, I don't think it's unreasonable to then wonder who else might be treated similarly. I don't put this in legal terms. But factually, it's not just an issue of screen names. -- Seth Finkelstein (talk) 03:55, 4 July 2011 (UTC)

Stupid solution due to stupid software

It is impossible to delete part of archives, so my suggestion is to:

1. create mailing list "Arbitration Committee, year 2011"
2. post vital data from old list
3. remove access for everybody in old list

in year 2012

1. create mailing list "Arbitration Committee, year 2012"
2. post vital data from "Arbitration Committee, year 2011"
3. remove access for everybody in "Arbitration Committee, year 2011" list

etc

Bulwersator (talk) 21:16, 3 July 2011 (UTC)

Problem; define "vital data"? Ironholds (talk) 23:25, 3 July 2011 (UTC)

The data which arbitrators need for "institutional memory" of previous problems (I'm quoting the need and justification for keeping data made by arbitrators). This is a solution which may be workable, so lets discuss making it work. Geometry guy 23:58, 3 July 2011 (UTC)

I think the general idea, of compartmentalizing the archives and restricting access to old material, is sensible. I'm not sure whether or not this is the best way of doing so, or even if it's workable as proposed, but I think it's a good strategy to consider.   Will Beback  talk  00:55, 4 July 2011 (UTC)

• Just for the record, we're continuing to communicate with WMF staff about both short-term and long-term solutions; their understanding of the strengths and weaknesses of various options are crucial to making good decisions that are both in line with the security issues and the ability of the WMF to support (both technically and with staffing) any particular solution. Risker (talk) 03:27, 4 July 2011 (UTC)

Arbitration Policy

Wikipedia:Arbitration/Policy says that arbcom will "resolve matters unsuitable for public discussion for privacy, legal, or similar reasons". It should now be apparent that since arbcom doesn't know how the leak occurred, cannot be sure the security hole is plugged, continues to transmit emails and passwords in plaintext, and now disclaims any representations of confidentially for messages to the mailing list (as well it should), arbcom now can't handle issues "unsuitable for public discussion". The policy should be revised to indicate that this sort of thing should be resolved by contacting the WMF, retaining legal council, ignoring the issue, or leaving the project, as appropriate, given the high probability of future submissions to the arbcom mailing list being plastered all over Wikipedia Review and other unseemly locations. 71.131.18.216 (talk) 03:56, 4 July 2011 (UTC)