Wikimedia projects are created by the contribution and collaboration of users all over the world. As we work towards our goal of providing free and educational content globally, we here at the Wikimedia Foundation (“WMF”) understand that we must strive to protect user privacy (and sometimes anonymity), without which Wikimedia projects would not be where they are today. We also understand our obligation to individuals and agencies who are working to protect the public and stop illegal activity. Although rare, it is possible for these two responsibilities to collide when we are presented with a request for user information, such as a subpoena or a warrant.
Transparency and consistency through clear guidelines
Today, we are happy to announce the release of our Requests for User Information Procedures and Guidelines (“guidelines”). The purpose of these guidelines is threefold: (1) to create greater transparency and understanding around the types of information collected and retained in relation to the Wikimedia projects; (2) to set appropriate expectations with third parties seeking user information as to what requirements they must meet before we will consider their request; and (3) to establish a clear and consistent procedure by which third-party requests for user information will be handled.
Helping users help themselves
While we do our best to defend user privacy on our end, we believe in also empowering users to protect themselves. Users impacted by a third-party request for their information can only legally challenge such a request if they know that the request exists. Therefore, when we think we will be legally compelled to release user information to a third party, we will inform affected users of the request for their information, assuming we have a means of notifying them and we are not legally prohibited from providing notice. This way, users can make their own informed decision about the legal options available to them.
We encourage users to learn more about their legal rights. To that end, we are working to provide informational starting points, such as our Subpoena FAQ, about these sensitive topics.
Use of these guidelines
We hope that the guidelines we release today will help everyone — our users, civil litigants, government agencies, law enforcement, and even those at the Foundation — better understand the responsibilities and rights that are evoked when a request for user information arises. It is our hope that through transparency and mutual understanding, those involved in the difficult situations that lead to such requests can make more responsible and better informed decisions.
Michelle Paulson, Legal Counsel*
- * I would like to thank Roshni Patel (Privacy Fellow at WMF) for her help and guidance in the development of these guidelines.
- For the avoidance of doubt, we believe a warrant is required by the 4th Amendment to the United States Constitution, which prohibits unreasonable search and seizure and overrides conflicting provisions in ECPA. We believe that the ECPA needs to be updated so that equivalent protections are granted to your electronic communications and documents that are already granted to the physical documents you keep at home or in your office. To that end, we joined the Digital Due Process Coalition last year to help in that effort.
- While user privacy is one of our top priorities, we also care about keeping the public safe and keeping our users free from harm. To that end, we may provide user information in response to an emergency disclosure request. You can learn more about how to file an emergency request in the guidelines.
- Certain information about requests for user information will also be publicly reported in our transparency report. The first WMF transparency report is currently scheduled to be released later this summer.