Talk:Access to nonpublic personal data policy: Difference between revisions

Archives 2013⧼tpt-languages-separator⧽2014⧼tpt-languages-separator⧽2015⧼tpt-languages-separator⧽2016⧼tpt-languages-separator⧽2017 2018⧼tpt-languages-separator⧽2019⧼tpt-languages-separator⧽2020

Question

How do you provide contact and identification information now? I remember used to you could send a copy of an ID. Thanks. Bobherry (talk) 13:47, 23 October 2017 (UTC) {{helpme}}

No, that is not needed now. For example as an OTRS member (now former) at the moment when I became one I just needed to email my name and whether I am a major, and when the new policy was put in place I had to sign phab:L4 and phab:L32 and that's it, the action on Phab was all I needed. I believe nothing has changed since (at least not as of May when I still had OTRS access). --Base (talk) 10:50, 25 October 2017 (UTC)

@Base: Thanks. I signed phab:L4 the other day and I am just waiting for it to go through. I am working to get on the request an account team. Thanks again. Bobherry (talk) 13:33, 25 October 2017 (UTC)

Identification

The big blue box at the start of the page says "Provide contact and identification information", and links to a section titled "Identification", but that section does not exist. Does an identification requirement currently exist for holding advanced permissions? If so, it isn't enforced. Can this wording be changed or removed? – Ajraddatz (talk) 08:34, 12 November 2017 (UTC)

See Talk:Access to nonpublic information policy/Noticeboard#Identification. From what I understand, you sign your name and then are added to the noticeboard. No additional identification is required. Would be great to hear confirmation. --Eurodyne (talk) 08:53, 12 November 2017 (UTC)

Ah yes. Incidentally enough, I came here after noticing out of date text on enwiki regarding identification. But when I go here, I found that the outdated text remains here as well. Hopefully the WMF can clarify a bit! – Ajraddatz (talk) 09:24, 12 November 2017 (UTC)

The requirement of identification was removed from this policy in April 2014. What is left is that users need to give their email address (can be under a pseudonym), "certify" that they're of age (accepted as AGF) and provide a signature that can be also made with a pseudonym. The blue box has not been updated regarding the "identifcation information" and twice refers to it, which is very misleading in my opinion. Could it please be updated to better represent the actual policy? -kyykaarme (talk) 10:32, 9 December 2018 (UTC)

I updated it myself three months ago. kyykaarme (talk) 21:34, 23 June 2021 (UTC)

Reference to the authentic text of this document

Hi. I miss, like it happens with other Foundation policies, a mention about the "authentic language" of this document. In this case the authentic text of this document is the one written in English, and differences between the English text and its translations should be solved in favor of the English version. As such a note like in the wmf:Terms of Use (In the event of any differences in meaning between the original English version and a translation, the original English version takes precedence.) could be added, just in case. Thanks. —MarcoAurelio (talk) 18:16, 27 November 2018 (UTC)

Sets of nonpublic personal data

This policy targets nonpublic personal data from OTRS, CheckUser, email response teams like ArbComs, and possibly other sets. This is written as a broad policy.

Some weirdness has crept into the wiki community without documentation. At some point in the past WMF staffers permitted the registration of Wikimedia user groups to be a nonpublic personal data issue. I am not sure why this happened or if the staffers were even conscious of what they were doing. AffCom was a part of this but seemingly acting at the behest of staff.

Over at Wikimedia Foundation bylaws/December 2018 - Affiliate-selected trustees, term limits, and diversity there is the proposal that user groups should get some powerful voting rights. That could be okay, but if that were so, I wish that the registration and governance of user groups would shift from being nonpublic personal data to being on-wiki in the usual way. The implication is the new power to user groups would give voting rights to individuals who would vote behind this nonpublic personal data policy, instead of making themselves known as Wikimedia account users. In all previous Wikimedia elections most votes come from people with Wikimedia accounts, sometimes from IP users, and never from people who were neither account holders or IP editors. Blue Rasberry (talk) 15:01, 11 December 2018 (UTC)

(iv) authorized parties, with the express permission of the user whose nonpublic information is to be disclosed

I am a little confused about 1/ what is meant by "authorized parties" in this context and 2/ why it is thought necessary to inform the Foundation in advance --or inform the Foundation at all--when the person whose data is being disclosed consents that it be released — The preceding unsigned comment was added by DGG (talk)

How do I sign?

I have tried loading this page in both of my browsers: Opera 12 and Opera 55 as well as via mobile but I can't see where to sign. The 'submit' button is just text. Am I missing something? Xania (talk) 04:15, 18 January 2019 (UTC)

Did you follow the steps at [ https://meta.wikimedia.org/wiki/Confidentiality_agreement_for_nonpublic_information/How_to_sign ]? --Guy Macon (talk) 22:49, 19 September 2020 (UTC)

How long does it take to process?

Hello! I'm interested in becoming involved with Account Creation over and en-wp and signed the agreement a couple months ago. I was wondering how long it takes for things to be processed, as I don't actually see my username on the noticeboard yet. Cheers, Cymru.lass (talk) 17:26, 23 January 2019 (UTC)

Hello Cymru.lass. I don't have access to the signatures so I cannot check (currently it looks like Samuel (WMF) is the one taking care of this). Please nonetheless make sure you've signed the updated Confidentiality Agreement (a.k.a. L37) because this policy was updated in November and they ain't adding people to this board who hasn't signed the updated NDA. Hope that it helps. Best regards, —MarcoAurelio (talk) 14:09, 24 January 2019 (UTC)

Link to other languages on left

Hi. Today I clicked on languages on the side bar (left side of the page) it goes to google chrome page. I even liked on English it went to google chrome page. Is this my problem (that I don't think so) or the links. Please check. Thanks.Gharouni 23:34, 31 October 2019 (UTC)

Okay, that's weird. You are correct, I am getting the same result, taking me to w:en:Chrome OS when clicking on "English", and the same article in other languages when clicking on other languages. No idea how that would be happening. Risker (talk) 01:18, 1 November 2019 (UTC)

@Gharouni and Risker: d:Special:Diff/1030549859 was the offending edit. Undoing. — regards, Revi 01:20, 1 November 2019 (UTC)

And restored to the original state. — regards, Revi 01:21, 1 November 2019 (UTC)

OTRS agreement

At the bottom of the text, a link is made to the "OTRS confidentiality agreement". Following that link leads to a statement that the OTRS agreement is withdrawn, apparently since 2015. Can somebody correct the link so it leads to the current OTRS agreement-if any exists? Thanks, Ellywa (talk) 22:28, 14 February 2020 (UTC)

I can't see any link to OTRS/Confidentiality agreement on this page. Stryn (talk) 07:42, 15 February 2020 (UTC)

I don't see such a link here either. Ellywa,

• the Wikimedia Foundation requires OTRS volunteers to agree to https://phabricator.wikimedia.org/L45, which is the OTRS version of https://phabricator.wikimedia.org/L37 (same content). This is the Confidentiality Agreement discussed in section 3(c) of the access to nonpublic personal data policy ("To ensure that community members with access rights understand and commit to keeping the Nonpublic Personal Data confidential, they will be required to read and certify that they agree to a short Confidentiality Agreement [...]"). OTRS access cannot be granted to volunteers unless they sign this agreement.
• Meanwhile, OTRS/Confidentiality agreement was intended as an additional OTRS-specific agreement (hereinafter: the "volunteer agreement"), authored and to be enforced not by the Wikimedia Foundation but by the group of volunteers managing OTRS access rights (the OTRS administrators). It was withdrawn many years ago. The idea was that when signing the Wikimedia Foundation confidentiality agreement discussed in the preceding paragraph, OTRS agents would in addition be asked to state their agreement with the volunteer agreement ("By typing your name below, clicking the check box, and clicking the 'Sign Document' ('Sign Document') button below, you acknowledge that you have reviewed and agree both to this confidentiality agreement between you and the Wikimedia Foundation as well as the OTRS confidentiality agreement."). I'm not sure why this language is still in Confidentiality agreement for nonpublic information, which is supposed to be the "Wiki copy" of the Phabricator document (maybe that is where you saw it?). Either the Phabricator interface was changed at some point to reflect the withdrawal of the volunteer agreement and the Wiki page was not updated, or the Phabricator interface in fact still asks new volunteers for that. So something probably needs updating ... Materially, however, it makes no difference since, as I said, a separate volunteer agreement no longer exists.

— Pajz (talk) 19:24, 15 February 2020 (UTC)

Thank you for your explanation. I made a mistake, the link to the OTRS agreement I saw indeed on the page you mentioned: Confidentiality agreement for nonpublic information. Should that link be removed there?

Regarding the OTRS agreement, I was actually looking for my obligation, as an OTRS volunteer, to ensure all content I am uploading to Commons through the permission queues, or all content on Commons which I happen to see, is according to the copyright policies of Commons. I thought this obligation existed, and I wanted it to show it to somebody asking for my help. Ellywa (talk) 12:23, 16 February 2020 (UTC)

Signing Constraint

Who else has experienced this problem with signing the agreement in which the submit button is a text that literally cannot be clicked? I see Xania also experienced this problem & voiced out but did not receive a reply. This is a humble plea; please if you are reading this & are knowledgeable about this kind of problems what do you think could be the cause of this? I have used multiple browsers but the problem is still there. Could this be an overlooked error? Or are there pre-requisites one must attend to before signing this document? Celestina007 (talk) 13:49, 15 April 2020 (UTC)

Did you follow the steps at [ https://meta.wikimedia.org/wiki/Confidentiality_agreement_for_nonpublic_information/How_to_sign ]? --Guy Macon (talk) 22:49, 19 September 2020 (UTC)

Clarification of the ANPDP

Hi all, posting this on behalf of the Legal team here at the Foundation:

In June 2021, the Legal team encountered an ambiguity with the application of this Access to Non-public Data Policy (ANPDP) for information about which checkusers have run certain checks. We want to clarify that this information typically is confidential under the ANPDP unless local project policy requires checkusers to make it public. ANPDP applies to information that requires a special tool such as checkuser to access. This means that if a person must sign this policy and be given a special role to see personal information such as who ran which checks on an account, that information should remain confidential.

However, local project policy is allowed to require people to disclose data about themselves publicly as part of holding special roles, which could make this information public. For example, a local language policy that requires checkusers to post what checks they run publicly would be permitted and would make that data public and no longer covered by ANPDP. Local policy may NOT require disclosure of another's personal information. For example, a local policy could not obligate checkusers to reveal the result of a check or to post checks run by other users. Kbrown (WMF) (talk) 15:24, 21 June 2021 (UTC)

Policy adjustment on behalf of Legal

Introduction

Due to a need to better protect our community, the Foundation is initiating a policy adjustment that suspends Foundation volunteer NDA recognition to applicants who live in jurisdictions that have blocked access to Wikimedia projects and where there is reason to believe that their domicile associated with their user account is known to others than the individual applicant(s) and the Foundation. This means that all NDA-based access granted to users fulfilling both criteria in the change shall be revoked immediately. Nothing changes for users not fulfilling both criteria.

Can exceptions be granted?

There are some exceptions that may be granted on an individual basis and following a request for review submitted to the Legal department. However, the Foundation recognizes that granting such NDA-based access will put applicants as well as other volunteers relying on the Foundation’s platform at undue risk and will only grant exceptions due to extraordinary need if safety of volunteers is reasonably certain.

When is the policy adjustment effective?

All NDA-based access granted to users who do not meet the new criteria of the adjusted policy is revoked immediately. While we wish we could have pre-announced this change, unfortunately doing so could itself lead to the exploitation of the security gap we are attempting to address to preserve user safety.

Will the policy adjustment be reviewed?

This policy adjustment may be reviewed in future depending on the safety of the community at large.--WMFOffice (talk) 18:02, 23 August 2021 (UTC)

@WMFOffice: Please announce the list of those jurisdictions, so that users based in those jurisdictions can decide not to apply for becoming VRT agents in the first place. 4nn1l2 (talk) 12:38, 24 August 2021 (UTC)

@WMFOffice: Since this is a change to the existing agreement, I would suggest mass-messaging everyone on the current signatory list. GeneralNotability (talk) 19:03, 24 August 2021 (UTC)

Hi everyone. We would like to provide some follow up from the Foundation Legal team regarding the updated policy.

NDA Policy Change

We are extremely grateful for the comments, encouragement and questions that we have received with regards to the NDA policy change. Indeed, keeping the community safe and vibrant is our collective responsibility. We want to acknowledge and appreciate your support and understanding in these unprecedented times.

Background on the NDA Policy Change

As a measure taken to protect the community, the Foundation suspended volunteer NDA access to applicants who live in jurisdictions that have blocked access to Wikimedia projects (currently or recently) and where there was reason to believe that the identity of the individuals using the accounts is known (or easily discoverable by) actors in those regions..

This was necessitated by recent world events, triggered by credible information about a more focused security threat to the Wikimedia community that placed multiple users at risk. The users who were at risk then, and who are still at risk now, are physically located in the jurisdictions we earlier identified.

Before initiating this policy change, the Foundation evaluated several options and strategies to keep these users and the community safe. To help us identify the credibility of the threat and in order to come up with the best course of action to take, the Foundation contracted a security consultant firm that evaluated the threat, authenticated its credibility, and advised immediate action to be taken to keep multiple users safe and reduce the exposure to harm.

While we wish we could have pre-announced this change, doing so could have led to the exploitation of the security threat that the Foundation was attempting to address in order to ensure user safety.

Progress on the NDA Policy Change

At the moment, all NDA-based access granted to users who do not meet the new criteria of the adjusted policy has been suspended. The Foundation may be granting some exceptions on an individual basis after an application for review is submitted to the Legal department.

However, exceptions will be extremely unusual at this time, as granting such NDA-based access may put not only applicants but also other volunteers relying on the Foundation’s platform at undue risk. Therefore, the Foundation is only granting exceptions that have an extraordinary need and if the safety of the volunteers (both the applicant and other users) seems highly secure. Before you apply for the exemption, the Foundation encourages you to bear in mind not only your security, but also that of the community at large. Keeping people safe is key.

Currently, the policy change covers all Wikimedia projects. It is our hope that we will be able to safely review this in future - always mindful of the security of the individuals and the community at large.

During the month of September, the Foundation will work within community processes to remove permissions under the adjusted NDA policy from accounts that can no longer hold those permissions and whose owners have not stepped down voluntarily. Again, we reiterate that this is for the safety of the entire community. -Jrogers (WMF) (talk) 15:39, 31 August 2021 (UTC)

@Jrogers (WMF), NahidSultan (WMF), JSutherland (WMF), and WMFOffice: For clarfication:

1. What does "live in" mean? Does this mean a steward must be temporary deflagged if they visit Mainland China? What about those who stayed in Mainland China for some time, such as one week or one month?
2. Does it affect users from Hong Kong? Wikipedia is currently not blocked there, but one may argue they will be affected by the national security law.
3. Does it affect users from Turkey or Venezuela? What about Iran?
4. What about mainland Chinese citizens living abroad?

--GZWDer (talk) 17:38, 31 August 2021 (UTC)

For the third question, it seems that Mardetanha is from Iran, so I think the policy applies to more than just mainland China. —— Eric Liu_（Talk） 12:37, 1 September 2021 (UTC)

@Jrogers (WMF):So now will these account be global lock in order to that them "voluntarily" resigned? Jonathan5566 (talk) 11:57, 1 September 2021 (UTC)

Yes, we are all locked until "voluntarily" resign to get back our account back Mard (talk) 12:06, 1 September 2021 (UTC)

Answers to some questions around policy change

Hello all,

We would like to offer more clarity with regards to the NDA policy change that is currently being implemented in certain locations. While doing this, we will try to be as clear as possible. However, in some areas we will not be as explicit as we would like to be due to privacy related reasons and the possibility of increasing exposure to individuals whom the Foundation is trying to keep from harm.

As mentioned earlier, the NDA policy was modified in response to a current credible threat. We are sorry to inform you that this is not an isolated risk. Unfortunately, the Foundation has had to deal with cases where individuals have been identified, exposed and extorted with a deliberate effort to extract crucial information pertaining to other users and activities on Wikimedia sites. At the moment, and due to security reasons, we cannot reveal the extent of these details.

We are also aware that some of you would like the Foundation to name the jurisdictions and locations that are currently impacted by this NDA policy change. Unfortunately, we are unable to provide this for the safety and protection of the individuals impacted by the NDA policy change. We realize that these locations may be widely known, but public disclosure may increase the risk of exposure to harm to multiple users. What we can inform you is that the jurisdiction and locations are among those that currently or in the recent past have blocked access to Wikimedia projects.

Though the purpose of the NDA policy is to protect everyone, it is worth noting that it is not intended to impact individuals visiting these locations (since vulnerability is lower for a temporary and likely not widely known visit). That said, we have had arrangements in the past where NDA-holding individuals who are easily identifiable have requested temporary removal of their non-personal information access when visiting these regions. We encourage people to think carefully about security issues when they travel in order to prioritize the safety of the community overall.

There does seem to be some misunderstanding that accounts are being locked until they voluntarily request removal. We would like to clarify that accounts were locked in order to immediately secure the safety of individuals especially in these jurisdictions while we reached out to the impacted NDA-holding users.

At this time we have offered the impacted NDA holding users an opportunity to voluntarily request removal if they prefer. This is because these are not removals under a cloud. For security reasons, we are well aware that it may not be safe for all impacted users to self-request this removal. All impacted users have been made aware that we will be removing access and then unlocking the accounts of those users who do not feel safe or comfortable self-requesting removal (or simply prefer not to).

Any user who may be thinking of applying for an NDA is welcome to reach out to see if this policy might impact them. We will be evaluating future NDA requests against this policy and will advise individuals if we detect a risk at the time of their application.

We have prepared some frequently asked questions with regards to the NDA Policy Change and shared them below. We have tried our best to offer answers to questions around the policy change. It is our hope that you will understand that there is certain information we cannot provide at this time due to the sensitivity of the threat.

Sincerely, WMFOffice (talk) 19:13, 1 September 2021 (UTC)

FAQs

1. What is the NDA Policy Change?
   • This is a policy adjustment that suspends Foundation volunteer NDA recognition to applicants who live in jurisdictions that have blocked access to Wikimedia projects and where there is reason to believe that their domicile associated with their user account is known to others than the individual applicant(s) and the Foundation.
2. Why has the NDA policy change been effected?
   • The NDA policy change has been necessitated by recent world events triggered by credible information about a more focused security threat to the Wikimedia community that places multiple users at risk. The users who were at risk are physically located in the jurisdictions identified.
3. Who is affected by the NDA policy change?
   • Applicants who live in jurisdictions that have blocked access to Wikimedia projects and where there is reason to believe that the domicile associated with their user account is known to others than the individual applicant(s) and the Foundation have been affected.
4. For how long will this policy be in place?
   • This policy adjustment will be reviewed in future depending on the safety of the community at large.
5. What practice does this policy impact?
   • The Wikimedia movement relies on volunteers, not only in creating and curating content but also in performing the bulk of movement governance work. In order to do this, some users have been trusted by the broader user community with access to tools that let them see information that is not otherwise public.

     This includes information about devices that are used to access Wikimedia sites, including assigned IP addresses. This information does not directly identify the individuals using these accounts, but can be used alongside other information (or with information supplied by internet service providers) to help figure out who a person is.

     This policy change is intended to reduce the risk of bad actors gaining access to information about who is editing Wikimedia projects by targeting community members who are vulnerable to force.

6. Why is this policy coming into effect now? Did something happen?
   • The Foundation received credible information of threats targeted to the Wikimedia community. These threats, confirmed by a security firm contracted by the Foundation, place multiple users at risk. This information has prompted the Foundation to take unprecedented and extraordinary actions that aim to keep all users safe.
7. Which projects does the policy change cover?
   • This policy change covers all Wikimedia projects. In the future it may be reviewed after careful consideration of the security and safety of the individuals and the community at large.
8. Is the Foundation tracking the everyday moves of individual community members?
   • No. The Foundation is not tracking the moves of individual community members.
9. How is the Foundation working with the community and individual members to effect the change to NDA policy?
   • The Foundation is currently working with the Stewards with regards to the NDA policy change based on the preferences expressed by impacted accounts in response to its individual non-public outreach to them on the day the policy was rolled out.
10. Can exemptions be granted?
    • Yes, exceptions may be granted on an individual basis and following a request for review submitted to the Legal department. However, the Foundation recognizes that granting such NDA-based access will put applicants as well as other volunteers relying on the Foundation’s platform at undue risk and will only grant exceptions due to extraordinary need and if the safety of volunteers is certain.

WMFOffice (talk) 19:13, 1 September 2021 (UTC)

• A question for WMFOffice: I could have missed something. But if the concerns are all over some users being forced to give out "crucial information pertaining to other users and activities on Wikimedia sites", why not just split the NDA privilege into two, just as what has been done to the sysop usergroup in response to the security risk that all sysops were able to edit interfaces? Some of the user groups covered by the current NDA policy might have a significantly lower risk than others. For example, oversighters only deal with non-public infomation posted by others and such information may or may not cause threat to our users, while checkusers have access to raw user data generated or collected by WMF servers. OTRS members don't even deal with personal data about "users". Instead, they deal with that of the public. It would be better if the proposed policy change could differentiate over these different scenarios. --Antigng (talk) 07:08, 2 September 2021 (UTC)
  • I even imagine we can introduce a "semi-checkuser", which is a tool that may see accounts sharing IP or /16-/24 ranges with a given account, without revealing IP.--GZWDer (talk) 14:29, 2 September 2021 (UTC)

We appreciate your sharing your thoughts.

Before initiating this policy change, the Foundation evaluated several options and strategies to mitigate the security threat posed to the Wikimedia community at large. The solutions derived from these options and strategies were classified into three (immediate, short term and long term). Our immediate need was to suspend Foundation volunteer NDA recognition to applicants who live in jurisdictions that have blocked access to Wikimedia projects and where there was reason to believe that the domicile associated with those user accounts were known to others than the individual applicant(s) and the Foundation.

Currently, we are addressing the short-term needs which include getting in touch with the impacted users and working with the Stewards to effect the preferences expressed by impacted accounts in response to individual non-public outreach.

With regards to the long-term solutions, the Foundation is considering several options. While these long-term discussions are still at preliminary stages, the Foundation found some challenges that also relate to the options mentioned in your note.

First, the volunteer support team has access to sensitive user data, including but not limited to access to that of other agents, alongside the PII of readers, article subjects, and other third parties that are writing to them or are donating content. Secondly, there are technical and policy issues that would need to be reviewed collectively before such a change could be made. This includes users currently unaffected, potentially re-signing their existing NDAs (something that is not required in the current system). So splitting NDAs for permissions would be more complex than the introduction of the interface adminship user group.

It is important to note that the current system provides a one-stop service to users who are interested in supporting their communities in elected onwiki permissions. As we continue reviewing long term options, if we determine that a new NDA model is needed, we will organize a session to gather input and take it into account before embarking on any such model. Our goal is to find a long-term solution that does not burden users with more processes than they currently face. We’re looking into the best long-term action and the appropriate implementation mode and want to do some early exploration of challenges and benefits especially with the functionaries, who are familiar with the processes. -Jrogers (WMF) (talk) 16:18, 8 September 2021 (UTC)