Ombuds commission/2024/Functionaries banned on other projects

The Commission has been asked whether or not a volunteer may retain their access rights on one project after being banned from another, in terms of the global CheckUser, Oversight, Privacy, and Access to Non-Public Data policies and the Confidentiality Agreement to which the volunteer has subscribed.

About the commissionMake a reportEmail the commissionDiscuss the commission
Activity reports: 202420232022Earlier
Published decisions

In short, our decision is that:

  • Loss of trust on one project is not a ground for removal of access rights or of permissions on another project.
  • The decision to remove permissions is for the community where the rights are held.
  • The Commission will not interfere with the local community's decision unless the decision is manifestly unreasonable.
  • The right to access other systems, like wikis and mailing lists, is separate from holding a wiki permission.
  • In extreme circumstances, administrators of other systems are entitled to revoke an untrustworthy person's access even if they retain the permission.
  • The Commission will consider complaints about loss of trust but it may dispose of them summarily in accordance with the principles above.

Our reasons for this decision follow.

Removal due to loss of trust

The starting point for this question is that each community is responsible for granting permissions on its own project. That can occur by election or appointment and the process may differ across projects. The culture and norms of each community will also differ. Protecting the diversity and autonomy of Wikimedia projects is an implicit objective of the global policies.

When a volunteer with access rights loses the trust of their community, the primary responsibility for removing the access right lies with the community on the project.

It is implied in the global CheckUser and Oversight policies that the holders of advanced permissions should be both trusted and competent. It is for this reason, for instance, that the Commission has on past occasions recommended removal from advanced permissions holders whose use of the tool has been careless or inaccurate. Those occasions were an enforcement of the requirement to be 'competent'.

The requirement to be 'trusted' is also enforceable by the Commission. Volunteers do not need to have actually misused their data access in order to have breached the policy. If it would be unreasonable to continue having confidence in the user, the Commission is entitled to treat the data access agreement as untenable and recommend the removal of access.

Be that as it may, the Commission affords a margin of discretion to the individual communities. It would not interfere with a community's decision to elect or appoint a user to an advanced permission unless it was manifestly unreasonable to have trust in that user. Equally, a community is entitled to at any time remove the permission from one of its elected or appointed advanced permissions holders.

If a community has not exercised its right to remove permissions from a user, the Commission will seek to treat that as an expression of the community's will. It would not interfere with the community's decision unless the decision is manifestly unreasonable and no other course is open than to remove access rights.

In general, communities are better placed to assess the trustworthiness of its permission-holders. The community's members will tend to have more experience with the individual with access rights. They will all speak the same language. They may work together and regularly communicate. The community can dedicate more people and time to assessing the individual's past contributions, questioning them, and discussing the candidacy (or proposal to remove permissions). The Commission lacks those strengths.

There is also the risk of importing one community's standards into another community. If one community bans a user, it does not follow that they need to be banned on another project. Bans are issued for various reasons and numerous users banned on one project have contributed happily and productively elsewhere. Even bans for loss of trust on one project do not necessarily indicate that the user cannot be trusted with advanced permissions on another project. The decision to trust a user sits with the individual community. The Commission will interfere only if no reasonable community, whatever its nature or subjective norms, would take the decision to trust the volunteer with access rights.

Any case of loss of trust can be brought to the Commission for review in accordance with our jurisdiction and procedures on case handling. However, in general, if a volunteer has lost the trust of another community but committed no other breach of the global or non-public data policies, the Commission will not uphold the complaint.

In accordance with its case handling procedures, the Commission may also in those circumstances summarily dismiss the complaint without seeking a view from the user being complained of, on the grounds that it can dismiss the complaint without troubling them for their input.

Removal from ancillary inter-community systems

Certain access rights are conventionally granted alongside the checkuser or oversight permission. For checkuser, this includes access to the wiki, IRC channels, and mailing lists. For oversight, this includes access to mailing lists and VRT. The Commission has universal jurisdiction over any system which is subject to the Wikimedia Foundation Privacy Policy and no jurisdiction over other systems. It would be open to the Commission to remove access from these systems but not the access rights.

However, for the reasons given in relation to access to the permission itself, the Commission will also decline to remove access to other systems solely because of loss of trust on another project.

Parallel management structures may be available to consider any complaint that a checkuser has lost trust. For example, the global checkuser community can remove a checkuser from the global mailing list if it finds that checkuser disruptive or untrustworthy. IRC or Discord administrators can remove a checkuser from the community checkuser channels. VRT administrators can remove an oversight from the VRT system. Provided that removals on Wikimedia systems, such as mailing lists or VRT, are subject to appeal to the Commission, the respective community administrators are entitled to remove such checkusers. It should be emphasised that this would be a serious decision not to be taken lightly.