The following discussion is closed.
The draft is not very clear about identification requirements for regular OTRS volunteers. For some time now (despite many didn't like it), every OTRS volunteer is supposed to be identified, but in practice past volunteers (and perhaps some of the new too) were not asked to provide identification. Is some clarification of the issue coming? --Nemo 06:13, 4 September 2013 (UTC)
- Agreed imo. Age restriction for OTRS volunteers is set to 16 currently. In my opinion, OTRS volunteers who do not reached at age 18 should be marked seperately in Identification noticeboard. – Kwj2772 (msg) 08:22, 4 September 2013 (UTC)
- That fairly clearly marks someone as "under 18", doesn't it, potentially opening us up to disclosure and child protection issues? Philippe (WMF) (talk) 10:07, 4 September 2013 (UTC)
- Then raising the age restriction to 18 would be only option if we're really going to go identification process for OTRS volunteers. Otherwise we can't distinguish them from the identification for checkusers/oversighters. – Kwj2772 (msg) 10:28, 4 September 2013 (UTC)
- Couldn't we, though? We just have to do it in a more secure area. For instance, we could use a message board that stewards have access to but others don't. Philippe (WMF) (talk) 10:35, 4 September 2013 (UTC)
- Child protection issues for OTRS volunteers?? I might have lost track of what "child protection" term is used for in USA, can you explain? Anyway, whatever you decide please make clear decisions and apply them or it will be again a huge mess with flames everywhere and mass sacrifices of innocents. --Nemo 21:02, 4 September 2013 (UTC)
- If an OTRS volunteer is under 18, they deserve the same protection that we offer anyone else. :) Philippe (WMF) (talk) 21:56, 4 September 2013 (UTC)
- That is? I just said I've no idea what protection you're talking about... --Nemo 12:29, 5 September 2013 (UTC)
- Sounds like protection from revealing personal information, which would happen if you put someone's name in a section which specifies that they are younger than 18 but older than 16. Philippe's logic is definitely sound here, but I wonder if the OTRS age should be raise to 18 for consistency and to address the issues raised. Ajraddatz (Talk) 19:07, 14 October 2013 (UTC)
- We have been talking internally about whether OTRS agents should be covered by this policy. Currently, only OTRS administrators are covered. There are strong reasons to consider adding OTRS agents given that they have access to nonpublic emails sent by third parties which frequently include sensitive information about those who sent the email (and others). I understand that the current minimum age for OTRS agents is 16. If we were to add them to this policy, we could either make the minimum age 16 for OTRS agents only and keep the rest at 18 or the OTRS agent minimum age could be raised to 18. What do others think about these ideas? We've love to hear the community's thoughts on this subject. Mpaulson (WMF) (talk) 23:28, 15 October 2013 (UTC)
- If you raise the age to 18, then there arises the issue of what to do with those who are between 16 and 18. Any account removals would be publicly logged, and people could guess their age that way. --Rschen7754 02:41, 16 October 2013 (UTC)
- Fascinating point! If the age is raised, then removing <18 accounts would clearly identify those users as such. However, you couldn't simply grandfather them in - why would the change be needed in the first place if current 16 year olds still had access? Ajraddatz (Talk) 02:54, 16 October 2013 (UTC)
- The OTRS admins could simply not remove people <18 from the public list of accounts immediately, but at later times in smaller inconspicuous groups (to make it look like normal fluctuation). --MF-W 14:12, 16 October 2013 (UTC)
- Now that you've said that, it's probably not going to be a useful way to hide it. You could just get rid of all non-identified OTRS agents with the same reason, not making public whether it was over their legal ability to usefully identify or not. --Krenair (talk • contribs) 23:53, 20 October 2013 (UTC)
- If having <18 people hasn't caused any issues for this long, there won't be any issues for two more years. We could just stop accepting new applications from people under 18, and then people who are currently under 18 will be 18 within two years. -- King of ♥ ♦ ♣ ♠ 23:21, 25 October 2013 (UTC)
- Regardless of whether OTRS users should be subjected to this outrageous policy, the thing with the Identification noticeboard needs to be clarified. It is untenable that someone might identify for OTRS, be added to the I.N. and then happen to become a CU/OS/steward based on that entry, even though he is still <18. --MF-W 14:12, 16 October 2013 (UTC)
- Yes, but admin actions are generally logged on OTRSwiki. --Rschen7754 17:29, 16 October 2013 (UTC)
- Speaking as an OTRS volunteer, I have no problem with being identified to this degree - David Gerard (talk) 22:26, 25 October 2013 (UTC)
- Doesn't bother me, either. The age issue is interesting, two questions: (1) how many would this affect as of today and (2) is this to do with the age of legal majority and legal responsibility for handling this kind of informaiton (probably covered already but there's a loooot to read through). JzG (talk) 22:54, 25 October 2013 (UTC)
- As an OTRS volunteer, I think it would be even necessary to identify yourself, because there are some volunteers that would have probably have much more professional and warm approach to people addressing OTRS, if they weren't allowed to hide behind pseudonyms. And as someone, who became an admin on a local Wikipedia at the age of 14, I don't really think age is a good measure when it comes to someone's maturity, responsibility, loyalty to community or ability of taking autonomous decisions, but in this case it would probably make sense to restrict it to 18 for legal reasons. Of course, the information should stay of a closed nature (at least I don't want that just about everybody has an access to a photocopy of my id and would definitely reconsider my volunteering if any of these data date would become public) --Smihael (talk) 23:48, 25 October 2013 (UTC)
- I don't have a problem as well with such identification. I am not sure about the legal issues, but if this wasn't severely needed, I would highly oppose such a restriction. Many of the active Wikimedia contributors are school students, and a lot of them become admins before 18. Possibly many of the OTRS agents, too. The important thing is, how far is this necessary; was there any particular case ever when this caused a serious problem? In the case there wasn't, how much would be the possibility of having such a problem in the future? And what's its worst possible scenario for it? I would like to know what the answers looks like before making an opinion --Abbad (talk) 04:53, 26 October 2013 (UTC).
- As volunteer i don't any problem with my identification using a regular system (CU, OS, ...). Alan (talk) 15:16, 26 October 2013 (UTC)
- How about no. I gave my real name and my emailadress. This should be enough. I don't see why people have to send ID's. My privacy is worth more than beiing an OTRS-member which I quite enjoy. Some things are private. Why do they want to know what I look like? Why do they want to know where I live? --Natuur12 (talk) 21:02, 26 October 2013 (UTC)
I just wanted to note something, from a personal PoV (although I am an OTRS Admin I am speaking only on behalf of myself). Ever since May 1, 2007, it has been clearly stated on the OTRS Volunteer application page (although over the years there have been minor tweaks to the wording), that applicants must be willing to provide identification. The current wording is "Before applying, please ensure that you are...Willing to provide identification to the Wikimedia Foundation if necessary, considering the access to nonpublic data policy". So this really should not be such an issue for OTRS Agents.
Putting that aside, please remember that the current drafted version, and the drafts we've gotten all along up to this point have never included OTRS Agents under the policy; only Administrators will be affected. Rjd0060 (talk) 01:11, 27 October 2013 (UTC)
- Thus far "providing identification" has only ever meant that copies of the identification would not be retained (something that has been reiterated a number of times since 2007), so I'm afraid I don't see the link. Thehelpfulone 01:38, 27 October 2013 (UTC)
- There are users that are concerned with providing the ID all together, before even considering the fact that the information will be retained. But again, the most important thing here ... it isn't set to apply to Agents. Just the Admins. Rjd0060 (talk) 01:44, 27 October 2013 (UTC)
Balancing WMF's need to protect itself with volunteers' need to protect themselves
I am an OTRS volunteer. Through OTRS I was given access to (i.e. I handled as part of normal OTRS activities) an email in which I was pointed to a file that had enough information easily steal two people's identities. Obviously the file has since been Oversighted.
In order to get access to OTRS I sent a WMF staff member a copy of a state-issued ID, with some information (anything they didn't explicitly ask for) blurred out, with the understanding that the image would be deleted as soon is it was looked at.
I can absolutely understand the WMF's desire to have a better grip on who is handling the sensitive information on WMF projects. While it's certainly not every day that someone uploads a large chunk of personally identifying information to Commons, it's not entirely uncommon either. But it's important to note that all being an OTRS volunteer did was point me at the file. The file was already publicly available, and could have been found just as easily by ordinary Commons users doing cleanup (considering that the uploader had a serious misunderstanding of what Commons was, the file was likely uncategorized, and thus someone else finding it while doing cleanup is a near certainty). Hell, it could just as easily have been found by some random editor clicking 'Random file'.
The vast majority of the sensitive information that OTRS volunteers have access to is phone numbers and email addresses. Celebrities generally have paid staff dealing with OTRS on their behalf, so it's really just the phone numbers and email addresses of random, generally unremarkable (no insult intended) people.
The policy, as written, is unpalatable to a majority of the users that are participating in the discussion. That could be because a lot of people read the and policy and did commented because they have no issues, but considering that there are almost no positive messages about the policy, I would have to say that seems unlikely. On the contrary, right now several functionaries that would be effected by the new policy should it go into effect are threatening to resign over several clauses (parts 3.(b) and 3.(d) mostly).
OTRS already has backlogs that come and go based largely on the availability of volunteers, and it needs a large body of people to keep things running smoothly. If this policy is extended to all OTRS members, some of them will resign. I personally will, (and although I'm not active now, at one time I was doing a majority of the photosubmissions queue work). I have to imagine that other people will as well. If too many people decide that they're not going to accept the new policy, it leaves OTRS in a weaker position in terms of timeliness of responses, but does it really lead to a stronger position in terms of security? Is there really any positives? Do we really need to have the names and addresses of OTRS volunteers? I don't think so.
The WMF needs to balance the need to protect the WMF with volunteers' need to protect themselves. The WMF wants to have this information on file in case something goes horribly wrong and it becomes a legal issue, either where the WMF has to declare that personal information it was handling was leaked, or where someone writing into OTRS brings legal action (legitimate or no) against the person that responded to them.
However, by the same token, individual users have to protect themselves. Looking at the Wikivoyage fork debacle, one wonders if more people would be parties to that (frivilous) lawsuit if more people's information was public. If the WMF doesn't have the names and addresses of volunteers, it can't give people that information. That gives volunteers an added layer of protection from, to put it tactfully, are unpleasant. If volunteers don't feel that they have that layer of protection, they're not going to be willing to handle the angry people that write in threatening to sue the WMF and everyone that edited some article or another, and they're not going to be willing to handle the people that seem of questionable grounding.
Ultimately, I don't feel that there is enough of a benefit to the WMF, or enough of a risk that the WMF needs to protect against, to warrant having OTRS volunteers as an included body for this policy. Sven Manguard (talk) 20:42, 31 October 2013 (UTC)
- Thanks Sven Manguard. What do you think of our proposal to eliminate the identification process? Geoffbrigham (talk) 00:55, 6 November 2013 (UTC)