Like any other website that is open to user-submitted content, Wikimedia wikis get their fair share of troublemakers. Included in this are people who register multiple accounts and use them for malicious purposes like vandalism. This practice is known as sockpuppetry. However, unlike a lot of other major websites, the administration of a Wikimedia wiki is decentralized and managed by volunteers.

Four members of the Ombudsman Commission during their visit to the Wikimedia Foundation office in San Francisco. From left to right: Sir48, Levg, Deskana , Thogo.

Four members of the Ombudsman Commission during their visit to the Wikimedia Foundation office in San Francisco. From left to right: Sir48, Levg, Deskana , Thogo.

In addition, the privacy of all users is protected, so if someone registers an account, even the administrators cannot see the technical information associated with that account. This means that administrators are often left guessing as to whether a series of accounts are operated by a single person, which can allow that person to cause significant disruption to the wiki.

And so CheckUsers were created. The CheckUser extension allows certain highly trusted users to see a limited amount of technical information associated with an account, such as the IP address that the person operating the account is using. Although useful, there are risks to disclosing this information: in some cases a person’s IP address can be used to find out personal information about them. The Wikimedia Foundation privacy policy, which previously only governed when developers could release personally identifying information, was subsequently updated to also apply to the CheckUsers. But what happens if someone thinks a CheckUser has violated the privacy policy by investigating them? Who do they complain to?

The Ombudsman Commission is a group tasked with investigating complaints into alleged violations of the privacy policy. In 2006, the Board of Trustees of the Wikimedia Foundation created the Commission by resolution. Members of the Commission are volunteers who are experienced Wikimedians with an interest in upholding the privacy policy. Currently, the Commission is made up of users from the Danish (Sir48), English (DeskanaFloNight), German (ErzbischofThogo), Persian (Huji), and Russian (Levg) Wikipedias. In addition to their responsibilities with the Commission, many members have previously served on the Arbitration Committee and hold advanced permissions on their local wikis.

As mentioned above, the Ombudsman Commission’s remit is to investigate complaints received about privacy policy violations. Complaints are received by email, and can be submitted by anyone, including (but not limited to) blocked users, CheckUsers, and Commission members themselves. The Commission is reactive, meaning that they do not actively patrol for violations, instead only handling complaints that are brought to them. Commission members typically recuse themselves from any matter involving their home wikis, but they are often invited to comment on such cases, as the standards and culture of each wiki can vary significantly.

When a complaint is received, an acknowledgement of the email is sent to the case filer. The Commission discusses the case to decide whether it is within their remit, and informs the case filer of the outcome of this discussion. If the case is outside the Commission’s remit, it suggests alternative avenues to pursue the person’s complaint (for example, the email response team). If the case is within the Commission’s remit, the matter is investigated using the evidence provided by the case filer. If it is required, the Commission may ask the person filing the complaint for clarification, or invite comment from the relevant CheckUser.

The Commission was created as an independent investigative body. This means that if the Commission decides the privacy policy was violated by a CheckUser, it will make a recommendation to the Wikimedia Foundation’s staff or Board of Trustees as to what action should be taken. This may include taking no action if it is determined that the issue has already resolved itself; educating a CheckUser on their responsibilities; or even recommending the removal of the rights of the CheckUser and suggesting that the user never be given advanced permissions again.

So, what’s on the horizon for the Ombudsman Commission? After a series of meetings between Foundation staff and the Commission, it was decided that smaller wikis may have insufficient measures in place for handling complaints about CheckUsers. The Commission sometimes receives complaints where it is alleged that a CheckUser has abused their powers and privileges, but the CheckUser has not violated the privacy policy by disclosing any personally identifying information. Currently, such cases are summarily declined as they are outside the Commission’s remit. It has been proposed that this remit be expanded to also allow the Commission to handle complaints about the global CheckUser policy and Oversight policy, and allow proper responsibility and accountability for advanced permission holders across all Wikimedia wikis. The Commission is currently drafting, and will be launching, a request for comment (RfC) regarding the expanded remit.

If you have any questions or comments, or if you have a case for the Ombudsman Commission, contact information is available on the Commission’s page on meta.

Dan Garry (User:Deskana), English Wikipedia and Ombudsman Commission