- recent changes
- purge this page
- view or discuss this template
Currently, there are no requests for arbitration.
Currently, no requests for clarification or amendment are open.
Motion name | Date posted |
---|---|
Proposed amendment to the arbitration policy | 10 February 2019 |
Restoration of sysop privileges to Necrothesp | 7 April 2019 |
Motions
This page can be used by arbitrators to propose motions not related to any existing case or request. Motions are archived at Wikipedia:Arbitration/Index/Motions. Only arbitrators may propose or vote on motions on this page. You may visit WP:ARC or WP:ARCA for potential alternatives. You can make comments in the sections called "community discussion" or in some cases only in your own section. Arbitrators or clerks may summarily remove or refactor any comment. |
Proposed amendment to the arbitration policy
Version 1
Pursuant to the arbitration policy's section on "Ratification and amendment", the Arbitration Committee resolves that the following change to the arbitration policy will be submitted for formal ratification by community referendum:
The "Conduct of arbitrators" section of the arbitration policy is amended to add the following underlined text:
Any arbitrator who repeatedly or grossly fails to meet the expectations outlined above may be suspended or removed by Committee resolution supported by two-thirds of arbitrators, not counting the arbitrator in question and any arbitrators who have been inactive for a period of at least 30 days.
This amendment to the arbitration policy will enter into force once it receives majority support, with at least one hundred editors voting in favour of adopting it. Until this amendment is ratified, the existing arbitration policy remains in effect.
- For this motion there are 11 active arbitrators. With 0 arbitrators abstaining, 6 support or oppose votes are a majority.
- Support
-
- ~ Rob13Talk 03:11, 10 February 2019 (UTC)
- @Joe Roe: Would you support if we added to the end "provided attempts have been made to contact them through all known communication mediums"? My intent is, of course, not to speed things through while ignoring as many arbs as possible. In practice, we've had several arbitrators who were quite literally uncontactable for long periods of time last year. Ks0stm was the main one. ~ Rob13Talk 16:32, 4 March 2019 (UTC)
- Now second choice. ~ Rob13Talk 02:34, 18 March 2019 (UTC)
- This is an improvement, and gets us nearer to a level playing field. It should not be harder to remove an arbitrator than an admin. SilkTork (talk) 11:11, 4 March 2019 (UTC)
- RickinBaltimore (talk) 13:46, 4 March 2019 (UTC)
With preference for the addition of a contact clause like the one Rob mentions above.Now second choice to version 2. ♠PMC♠ (talk) 16:03, 7 March 2019 (UTC)
- ~ Rob13Talk 03:11, 10 February 2019 (UTC)
- Oppose
-
- Per below. This is such a rare event that extraordinary efforts should be made to get all serving arbitrators to vote. – Joe (talk) 06:55, 4 March 2019 (UTC)
- Per comments and discussion below. After a long process of redrafting and consultation a few years ago, this bar was intentionally set at two-thirds. I think the member removal provision has passed the few tests thrown at it since then. AGK ■ 20:20, 4 March 2019 (UTC)
- Prefer option 2. GorillaWarfare (talk) 16:07, 30 March 2019 (UTC)
- Version 2 isn't perfect, but is better than this version. Opabinia regalis (talk) 08:04, 4 April 2019 (UTC)
- Abstain/Recuse
-
Version 2
Pursuant to the arbitration policy's section on "Ratification and amendment", the Arbitration Committee resolves that the following change to the arbitration policy will be submitted for formal ratification by community referendum:
The final paragraph of the "Conduct of arbitrators" section of the arbitration policy is amended as follows:
- Any arbitrator who repeatedly or grossly fails to meet the expectations outlined above may be suspended or removed by Committee resolution supported by two-thirds of all arbitrators excluding:
- The arbitrator facing suspension or removal, and;
- Any inactive arbitrator who does not respond within 30 days to attempts to solicit their feedback on the resolution through all known mediums of communication.
This amendment to the arbitration policy will enter into force once it receives majority support, with at least one hundred editors voting in favour of adopting it. Until this amendment is ratified, the existing arbitration policy remains in effect.
Enacted – Bradv🍁 22:58, 8 April 2019 (UTC)
- For this motion there are 10 active arbitrators, not counting 1 recused. With 0 arbitrators abstaining, 6 support or oppose votes are a majority.
- Support
- I'm proposing this slightly altered version based on the discussions below and conversations with individual arbitrators. The intent of this proposal has always been to discount the votes only of those arbitrators we are entirely unable to reach. This alternative proposal moves the text closer to that intent by starting the "clock" not when an arbitrator goes inactive (but may be lurking around, able to contribute to an important discussion), but rather when we attempt to reach out to them to solicit their feedback using every possible medium of communication. If we're wholly unable to even get an "I've seen this" back from them after 30 days, we move on without them, one way or another. To be clear, even such a small comment would stop an arbitrator's vote from being discounted, giving them every possible opportunity to vote on a motion to suspend or remove an arbitrator. ~ Rob13Talk 02:34, 18 March 2019 (UTC)
- Second choice. SilkTork (talk) 09:04, 18 March 2019 (UTC)
- Second choice RickinBaltimore (talk) 15:09, 18 March 2019 (UTC)
Second choice; I'm still ok with the first version though.After discussion, first choice, assuming we would be starting the "contact clock" (so to speak) when the discussion started. ♠PMC♠ (talk) 04:08, 30 March 2019 (UTC)- I think this makes sense. I worry about the first proposal, given "inactive" is a bit vague. An arbitrator may not have asked to go inactive, and so there would be a judgment call about whether or not they should be considered such. There are also situations where arbs may not be responding to arb business, but are otherwise active in different ways. GorillaWarfare (talk) 16:07, 30 March 2019 (UTC)
- I just realized I hadn't voted on this. I like this better than version 1, which I'm going to stay silent on now that I've put this into majority. Katietalk 21:40, 7 April 2019 (UTC)
- I do not think it will be confused, but "resolution" is being used here to refer to the time a resolution is put forward for voting, and not the initiation of a discussion that seeks to resolve a situation possibly by removal. The resolution should be held formally with a voting period and not necessarily the first time someone says "I vote for removal". I think it is important to know exactly when this timer is started. Mkdw talk 15:43, 8 April 2019 (UTC)
- Oppose
- While this seems like a compromise or evolution on the first proposal, 30 days is a vanishingly short period of time and this second proposal consequently provides insufficient comfort. I oppose effectively on the same grounds as in my earlier submission about this topic. AGK ■ 23:00, 3 April 2019 (UTC)
- I'm not a firm oppose but I think Joe is right that there's some vague aspects still remaining here. (On Joe's question: starting the clock on the last attempt to contact by email or on-wiki makes sense to me. "Known mediums" is too variable; arbs can reasonably be expected to make themselves available by those two methods.) Sorry for taking a long time to come back to this and then being nitpicky. To be honest, I think the existing very high bar has to some extent served its purpose precisely by seeming "unfit for purpose" - that is, it's so unwieldy that it forces alternative approaches if at all possible, ideally ones that decelerate and deescalate whatever the problem is and refocus the conversation on the actually problematic elements rather than on the simplest-looking solution at hand. I've been on both ends of the arb-activity spectrum and I do think 30 days without any contact at all is sufficient - when I first started and I was one of the "hurry up hurry up come on slowpokes I sent that email two whole days ago" crowd, I would've thought 30 days incommunicado was insane, and even now that I'm on the "I'll get to that in two weeks, maybe" end of things, there's still no chance I'd miss all possible efforts to get in touch with me for a month straight. That said, becoming one of the tortoises is an interesting change of perspective because now my experience of the hares is mostly "whoa, slow your roll". I think there's been a trend toward haste on certain topics over the last couple of years - though I'm not sure if that's a change in the committee or in my perception or both. Either way, it makes it hard to drum up enthusiasm for decreasing the activation barrier for smaller groups to take dramatic actions. Opabinia regalis (talk) 08:24, 4 April 2019 (UTC)
- Abstain/Recuse
- I can't talk myself off the fence. This is an improvement over the first version, but I still worry that this could create a chilling effect within the committee. If this does pass, the second point is potentially unclear: does the "clock" start with the motion? With the first attempt to contact an inactive arb specifically? When the last "known medium" has been tried? – Joe (talk) 11:28, 3 April 2019 (UTC)
- Arbitrator comments/discussion
- I think this proposal is essentially common sense. Two-thirds of arbitrators agreeing on anything is already difficult, but two-thirds agreeing on removal of an arbitrator when we have to count even the arbitrator being voted out and long-term inactive arbitrators (e.g. Ks0stm and DeltaQuad last year) is borderline impossible. This is especially true after the reduction in Committee size this year. This year, it would take 9/12 arbitrators to remove an arbitrator from the Committee, if we assume the arbitrator in question won't vote for their own removal. If we had two inactive arbitrators as well, it would take 9/10. That is an impossible task to achieve in a timely manner. This proposal would effectively reduce those numbers to 8/12 and 7/10, respectively, which is doable in the case of severe issues. I've proposed a month of inactivity instead of any inactivity to avoid decisions being made by a small subset of arbitrators in the event that a large number of arbitrators go inactive for short periods of time, which is common around holidays and the like. This proposal only excludes the votes of those unlikely to be reachable for an extended period of time. ~ Rob13Talk 03:11, 10 February 2019 (UTC)
- @Joe Roe: It has never happened, but that's because the current policy is terrible. That is despite an arb leaking information from arbcom-l and now an arb violating the access to nonpublic information policy repeatedly. If Alex had not resigned, I honestly do not know that we could have removed him, despite the Ombudsman Commission report. We may simply not have had the votes, given that we can't expect an arb to vote against themselves and we had several long-term inactive arbs that would be counted as de facto opposing if they didn't place a vote at all. "Just nine votes" sounds like a small number until you have a few inactive arbs. In the situation I detailed above, if we had two long-term inactive arbs and a similar situation came before this Committee, we would need an astonishing 90% of votes of active arbitrators to remove someone. That is not workable. ~ Rob13Talk 16:26, 10 February 2019 (UTC)
- I think it is appropriate to bring this up, though my feeling is that the Committee should not give fellow members a privileged position. We can desysop an admin on majority decision, so we should suspend an arbiter also on majority decision. Level playing field. So for me the "two-thirds" needs changing along with the automatic recusing of the arbiter under question. Desysopping an admin is more significant than suspending an arbiter. SilkTork (talk) 10:09, 10 February 2019 (UTC)
- I'm really not sure this is appropriate. Removing an arbitrator involves substituting the community's judgment ("We elect this person") with the committee's ("We think this person is unfit") or, more worryingly, a clique's ("The committee has listened to this set of users, who say the arbitrator should be removed"). I rather think that removing an arbitrator should be so obvious, gathering up the required Yes votes is easy. Even inactive arbitrators can usually be contacted for once-in-a-year votes like for removing an arbitrator. This feels like the thin end of a wedge, and like concentrating the power of a (hypothetical) set of arbitrators.Having a high bar also avoids arbitrators contemplating the removal of colleagues for lesser disagreements; it simply isn't open as a choice except in egregious cases. This change will alter the committee's dynamics, and therefore the role it plays in our project. While this proposal seems like a practical, procedural change (why should inactive arbitrators be counted?), it may unintentionally encroach on plurality. I am uncomfortable. If we think the community failed to consider this issue when they recently reduced the committee's size, perhaps we should first refer it to the 2019 ACE RFC – even asking for that be brought forward. Holding for comments. AGK ■ 10:50, 10 February 2019 (UTC)
- How many times has an arb been removed by vote, not counting "jumped before they were pushed" situations? If it's not very many, I'm inclined to say if it ain't broke, don't fix it. I also think AGK's point is a good one. If you have a situation where the arb in question refuses to resign, and those in favour of removing them are struggling to get just nine votes, chances are it's an issue that should be referred back to the community that elects us. – Joe (talk) 12:25, 10 February 2019 (UTC)
- @BU Rob13: No, and to be honest I would have hoped that was already implied by the current wording and common courtesy. My core concern is the mathematics. Let's say four arbs are inactive (as they are on this motion). That makes the threshold for removing an arb just six votes – less than half of the full committee. Recusals it would make that even less, as would reductions any further reductions to the size of the committee. I'm concerned that this could lead to unpopular views within the committee being stifled. – Joe (talk) 07:04, 6 March 2019 (UTC)
- @Joe Roe: Of course. I was just offering to put it in writing if that satisfied you. As a side note, this proposal would not lead to four arbs being inactive right now for the purposes of removal of an arb. Only Callanecc has been inactive for 30 days. We would have 12 of 13 arbs who are not long-term inactive under this proposal. If one of those 12 was the arb facing removal, eight votes would be required. ~ Rob13Talk 12:44, 6 March 2019 (UTC)
- @BU Rob13: No, and to be honest I would have hoped that was already implied by the current wording and common courtesy. My core concern is the mathematics. Let's say four arbs are inactive (as they are on this motion). That makes the threshold for removing an arb just six votes – less than half of the full committee. Recusals it would make that even less, as would reductions any further reductions to the size of the committee. I'm concerned that this could lead to unpopular views within the committee being stifled. – Joe (talk) 07:04, 6 March 2019 (UTC)
- @Mkdw: I fully agree with what you said above, for the record, with the additional caveat that we also need to have contacted them through all known mediums before the timer starts. So, for instance, where one of us has an arb's cell number, we would need to shoot them a text before the timer starts to make sure they've had every possible opportunity to be aware of it. ~ Rob13Talk 19:00, 8 April 2019 (UTC)
Discussion and comments
- This unfortunate episode from 2012 may be worth reviewing. --Rschen7754 03:16, 10 February 2019 (UTC)
- I also had that in mind, yes. When I've discussed this change privately with a few editors, it was brought up several times and only further convinced me of proposing this amendment. The massive hole in this clause turned that situation into a larger dumpster fire than it might have been. ~ Rob13Talk 03:39, 10 February 2019 (UTC)
- Though I supported Elen in that motion I was the only one, and five Committee members voted for her to be suspended. That's a clear majority, and she should have been suspended, but enough Committee members remained silent for the motion to fail under the 2/3s rule. Even with the proposed changes, the motion would have failed. Under standard simple majority rules, with the abstain, five votes would have seen her suspended. SilkTork (talk) 11:18, 10 February 2019 (UTC)
- I also had that in mind, yes. When I've discussed this change privately with a few editors, it was brought up several times and only further convinced me of proposing this amendment. The massive hole in this clause turned that situation into a larger dumpster fire than it might have been. ~ Rob13Talk 03:39, 10 February 2019 (UTC)
- You might (or might not) wish to add that any recused arbitrators not be counted. Newyorkbrad (talk) 03:30, 10 February 2019 (UTC)
- Probably should have explained this from the get-go: I have intentionally not omitted recused arbitrators in this proposed amendment, because I believe there should be no recusals when adjudicating the potential removal of an arbitrator. In jurisprudence, judicial disqualification carries with it a concept apparently called the "rule of necessity", based on that article. If the normal rules of disqualification would result in no judge being able to hear a case, then no judge is required to recuse so as to allow a case to be heard to the best of the court's abilities. Given that all arbitrators necessarily work extremely closely with each other for an extended period of time behind closed doors, requiring any one of us to recuse makes little sense when we all have a substantial appearance of potential conflict. I believe a similar "rule of necessity" applies in this situation; because all arbitrators would need to conventionally recuse themselves from ruling on a sitting arbitrator, none should. (You know all of this, of course, Brad. I'm saying it for the benefit of other editors.) ~ Rob13Talk 03:39, 10 February 2019 (UTC)
- [1] :) Newyorkbrad (talk) 03:45, 10 February 2019 (UTC)
- In the Elen motion those who recused did so because there was an election in which they and Elen were standing, so there was a conflict of interest, and the recusals were appropriate. There are other circumstances in which recusal is appropriate. Simply not wishing to make a decision on a colleague is not one of them; so using that inappropriate reason for recusal as a reason to over-ride legitimate reasons for recusal wouldn't be workable. SilkTork (talk) 11:32, 10 February 2019 (UTC)
- And note that in the elections she still got above 56% votes and was close to being re-elected, which, at least at the first glance, invalidates the theory she lost all the community support (I opposed her candidacy then FWIW).--Ymblanter (talk) 11:50, 10 February 2019 (UTC)
- Every arbitrator has a potential conflict with every other arbitrator. We work too closely not to develop opinions about each other, camaraderie, etc. Often, we will be directly involved in the events related to potentially removing an arbitrator, if such a situation comes up again. Sure, the extent of those rationales for recusal may vary, but nevertheless, we could all be legitimately considered involved. ~ Rob13Talk 16:29, 10 February 2019 (UTC)
- I'm no lawyer, but this 'necessity' argument isn't working for me either. There's a huge difference between the mild inherent conflict in making decisions about a colleague, which would apply equally to the whole committee, and the more significant reasons that might prompt individual arbitrators to recuse - being candidates in the same election as the arb potentially being removed is about as pure an example as I can think of of an irresolvable individual conflict. (Assuming of course that no one is going to withdraw from the election just to participate in the removal vote.) I'm not explicitly arguing for allowing recusals - I haven't thought in enough depth about this yet, but I'm concerned that counting both inactivity and recusal would result in a group that is too small to be practical for a decision of this magnitude. For a group that normally does everything pretty slowly, I can think of a number of cases both during and before my time when I thought it was clear that people were rushing too much. However, I am explicitly arguing that this 'rule of necessity' stuff is insufficient justification for not permitting recusals in this context. Opabinia regalis (talk) 20:37, 10 February 2019 (UTC)
- Probably should have explained this from the get-go: I have intentionally not omitted recused arbitrators in this proposed amendment, because I believe there should be no recusals when adjudicating the potential removal of an arbitrator. In jurisprudence, judicial disqualification carries with it a concept apparently called the "rule of necessity", based on that article. If the normal rules of disqualification would result in no judge being able to hear a case, then no judge is required to recuse so as to allow a case to be heard to the best of the court's abilities. Given that all arbitrators necessarily work extremely closely with each other for an extended period of time behind closed doors, requiring any one of us to recuse makes little sense when we all have a substantial appearance of potential conflict. I believe a similar "rule of necessity" applies in this situation; because all arbitrators would need to conventionally recuse themselves from ruling on a sitting arbitrator, none should. (You know all of this, of course, Brad. I'm saying it for the benefit of other editors.) ~ Rob13Talk 03:39, 10 February 2019 (UTC)
- My thoughts generally align with AGK's. While I can see the logic in not counting the vote of the arbitrator being voted about, I do think every effort should be made to get in contact with inactive arbitrators for their opinions to be counted. I assume that arbitrators still share contact information with each other on the arbwiki? When I was on the Committee, had the need arisen, I could have contacted I think every other arbitrator by phone and/or an email address in addition to the one they used on the mailing list. If there is a breach of the privacy policy then the WMF are empowered to remove access to the tools and arbcom definitely has the means to contact them in an emergency. I think (but am happy to be corrected) that Jimbo still has the power to dismiss an arbitrator in extremis. If that really isn't enough then what you should be creating is a recall petition mechanism whereby the community can decide whether the arb in question still holds their trust - abuse of this could be prevented by requiring a petition to be authorised by at least N (non-recused and/or active) arbs (or N%) (who would be under no obligation to vote to remove their fellow arb) and removal to happen if >2/3rds of those voting vote for removal. Thryduulf (talk) 16:54, 10 February 2019 (UTC)
- @Isaacl: There is (or at least was) a provision for arbcom to hold a special election at any time should the number of arbitrators fall below what they feel is required to discharge their duties. I can't immediately find where this is though, so cannot say whether it applies to total arbs, active arbs, or is completely at the committee's discretion, however I don't think the Committee could increase the total number of arbs beyond the maximum authorised by the community (currently 13). Thryduulf (talk) 17:39, 10 February 2019 (UTC)
- The relevant provision of WP:ARBPOL is "In exceptional circumstances, the Committee may call interim elections, in a format similar to that of the regular annual elections, if it determines that arbitrator resignations or inactivity have created an immediate need for additional arbitrators." I believe the "format similar to that of the regular annual elections" would mean that such an interim election would be preceded by an abridged election RfC, which would allow the community to select how many arbitrators they wish to elect. The Arbitration Committee could theoretically ask that the community allow additional arbitrators to be elected over the current total, but the community could also theoretically choose to elect none at all, effectively rebuking the Arbitration Committee for calling unnecessary interim elections. ~ Rob13Talk 19:29, 10 February 2019 (UTC)
- Since the relevant clause specifies inactivity as a reason to need additional arbitrators, I don't see any barrier to electing more. The number of arbitrators isn't fixed in the policy but is just a consequence of the rules established by the community in the annual elections. I agree though that it would be counter to community desires to increase the number of active arbitrators beyond the community's wishes. To that end, I think it would be best for the terms of the interim arbitrators to end once the previously inactive arbitrators return. isaacl (talk) 06:21, 11 February 2019 (UTC)
- @Isaacl: There is (or at least was) a provision for arbcom to hold a special election at any time should the number of arbitrators fall below what they feel is required to discharge their duties. I can't immediately find where this is though, so cannot say whether it applies to total arbs, active arbs, or is completely at the committee's discretion, however I don't think the Committee could increase the total number of arbs beyond the maximum authorised by the community (currently 13). Thryduulf (talk) 17:39, 10 February 2019 (UTC)
- A couple of times it is mentioned that the percentage of active arbitrators required to remove an arbitrator increases as the number of inactive arbitrators goes up. I don't think it matters, because in the end, nine arbitrators have to be convinced, and I don't think it gets easier to convince one of them if there are more active arbitrators. I think it is practical to look at scenarios where there are fewer than ten arbitrators active, and so meeting the threshold becomes impossible, but I also think it should be determined if there ought to be a minimum quorum for any vote in support of removing an arbitrator. Should the number of active arbitrators drop below this quorum value plus one, then a contingency procedure can be brought into effect. For example, a special election could be held for substitute arbitrators, or for an oversight group whose sole purpose would be to participate in votes to remove arbitrators. isaacl (talk) 17:07, 10 February 2019 (UTC)
- I suggest that an amendment along these lines should be accompanied with one that sets a threshold at which interim elections will be held to elect interim arbitrators. As each regularly-elected arbitrator returns, the term of the interim arbitrator who had garnered the least support would end. For example, say a threshold of three-quarters of the size of the full arbitration committee is specified: this would mean that interim elections would be held if the number of arbitrators required to remove an arbitrator drops to one-half of the full committee. isaacl (talk) 15:30, 4 March 2019 (UTC)
- @Joe Roe: Your concern about the absolute number of arbitrators required to remove one is the reason for my suggestion of an accompanying amendment. @BU Rob13: I'm not clear what you offered to put in writing; can you clarify? isaacl (talk) 16:34, 6 March 2019 (UTC)
- @Isaacl: See my comment below my vote. ~ Rob13Talk 16:36, 6 March 2019 (UTC)
- @Joe Roe: Your concern about the absolute number of arbitrators required to remove one is the reason for my suggestion of an accompanying amendment. @BU Rob13: I'm not clear what you offered to put in writing; can you clarify? isaacl (talk) 16:34, 6 March 2019 (UTC)
- I suggest that an amendment along these lines should be accompanied with one that sets a threshold at which interim elections will be held to elect interim arbitrators. As each regularly-elected arbitrator returns, the term of the interim arbitrator who had garnered the least support would end. For example, say a threshold of three-quarters of the size of the full arbitration committee is specified: this would mean that interim elections would be held if the number of arbitrators required to remove an arbitrator drops to one-half of the full committee. isaacl (talk) 15:30, 4 March 2019 (UTC)
- @Joe Roe: No arbitrator has ever been removed by committee vote for misconduct. One was removed for long-term inactivity; that was in 2011. Newyorkbrad (talk) 16:39, 11 February 2019 (UTC)
- I would be interested in your take on whether that's because the provision isn't needed or because it's too strict. I take the view of the latter. ~ Rob13Talk 18:57, 11 February 2019 (UTC)
- I don’t believe the difficulty of removing an arbitrator has been a major issue. Newyorkbrad (talk) 22:28, 11 February 2019 (UTC)
- I've always thought that this provision has made it unreasonably hard to remove an arbitrator. As I recall, it was added to prevent the possibility of a coup at one particular time. Doug Weller talk 16:03, 26 February 2019 (UTC)
- I don’t believe the difficulty of removing an arbitrator has been a major issue. Newyorkbrad (talk) 22:28, 11 February 2019 (UTC)
- I would be interested in your take on whether that's because the provision isn't needed or because it's too strict. I take the view of the latter. ~ Rob13Talk 18:57, 11 February 2019 (UTC)
- I have a minor qualm with the grammar of the proposed sentence and might suggest it would be read more clearly as
Any arbitrator who repeatedly or grossly fails to meet the expectations outlined above may be suspended or removed by Committee resolution supported by two-thirds of active arbitrators, not counting the arbitrator in question. Active is defined as activity within the past 30 days.
--Izno (talk) 16:46, 2 March 2019 (UTC) - I think a change might be warranted but I'm not sure this is it. 30 days is too short, in my opinion - that can happen quite frequently. However, severely inactive arbitrators should not be counted in the 2/3 calculations (and neither should the arbitrator in question). Another way this could be solved is automatic removal or suspension of an arbitrator after 6 months. This would have the benefit of increased data protection as well. --Rschen7754 07:34, 6 March 2019 (UTC)
- @Rschen7754: automatic removal is a good idea, although I'd set it at 3 months of no participation in arbitration matters. "Participation" would be defined as commenting on any active request, discussion, motion, etc. on a page in the Wikipedia:Arbitration or Wikipedia talk:Arbitration hierarchy or the arb mailing list, excluding discussions related to their inactivity. If there was a reasonable explanation for the inactivity, then automatic removal could be deferred once for up to 3 months by a motion supported by 2/3 of active arbs (i.e. it takes a motion to keep an inactive arb not a motion to remove one). After 6 months of this complete inactivity they are removed without exception. Thryduulf (talk) 14:26, 6 March 2019 (UTC)
- @Rschen7754 and Thryduulf: Automatic removal gets very tricky for multiple reasons. First, we do need to respect that these arbitrators were voted onto the Committee by hundreds of voters. Kicking them off in cases other than a massive breach of trust is a bit iffy. Second, keep in mind that many arbitrators become inactive for reasons beyond their control that are nevertheless temporary – health, temporary situations at work, etc. We would lose perfectly good arbitrators permanently who might have come back to assist with Committee work if we kicked those individuals off. Additionally, arbitrators often go inactive on the activity list but remain active on individual matters because they do not have the time to handle the full workload of the Committee. This was the case for me for several months from December to February as I dealt with a variety of health issues. I stayed as active as I could, but I didn't want my lack of vote to hold up ban appeals, for instance, so I set myself to be presumed inactive until/unless I showed up to participate. Finally, the number of arbitrators who go completely inactive for six months is extraordinarily low (recently, only Ks0stm), but long-term inactivity from many different arbs for periods of 1-2 months could leave us with no quorum to remove an arb at any one point in time if they overlap. In that sense, this wouldn't fix the issue of an arbitrator being unable to be removed in a timely fashion upon gross breach of trust.
Having said all that, I definitely am committed to reworking this proposal as needed so we wind up with the right solution rather than just a solution. This was intended as a starting point to solicit community feedback and put this issue on our radar. I'm currently toying with several possibilities and plan to propose an alternative soon-ish. ~ Rob13Talk 19:40, 6 March 2019 (UTC)
- @BU Rob13: Temporary inactivity of the sort you describe would not result in automatic removal - all that is required of an arbitrator is a single comment on a single arb-related happening, on the wiki or on the mailing list, every 3 months. If they haven't managed that low bar but their colleagues still feel they should be kept around, then a majority of active arbs can pass a motion to keep them for another 3 months. If an arb has not managed to make a single contribution to arbitration matters in 6 months then they really are not doing the job they were elected to do and shouldn't be on the committee - and should be removed but removed in good standing. This is a much lower standard than required of oversighters who have to make 5 logged actions every three months. Thryduulf (talk) 19:49, 6 March 2019 (UTC)
- Looking back at the mailing list, not even Ks0stm would meet that definition of inactivity (going with the six months, because I don't see why ArbCom would ever not retain a member after three months). The potential automatic removal proposal would have no effect. ~ Rob13Talk 19:52, 6 March 2019 (UTC)
- I certainly would vote against retaining someone as an arbitrator who had not had any interaction with arbitration matters for 3 months absent truly exceptional circumstances and don't understand why you wouldn't. Arbitrators are elected to do a job, and if they aren't doing it they shouldn't be treated as if they are. Thryduulf (talk) 20:42, 6 March 2019 (UTC)
- I'm not about to overrule the results of a community election because someone fell sick. I think it would be patently absurd to do so. ~ Rob13Talk 20:51, 6 March 2019 (UTC)
- I disagree. It's always unfortunate when this happens, and our best wishes should always go to that person. But at the end of the day, it would be better to have someone who is able to be active in the role. (I can think of one arb who would have met that definition from this decade). For reference, stewards can be removed outside of confirmations if they fall below a certain activity level, although the last time this happened was 2015. --Rschen7754 21:16, 6 March 2019 (UTC)
- It's highly unlikely a removed arbitrator would be replaced, however. That would involve holding a special election, which seems extremely unlikely outside of some catastrophic scenario where a third or more of the arbitrators resigned or fell ill. ~ Rob13Talk 21:18, 6 March 2019 (UTC)
- Yes, the two need to go together: any special treatment of inactive arbitrators, whether it is removing them from the post, or taking them out of the quorum required for specific votes, should be accompanied with a willingness to hold interim elections to replace the inactive arbitrators. isaacl (talk) 23:01, 6 March 2019 (UTC)
- I agree with Isaacl and Rschen. If someone is so ill they cannot even make a single contribution in three months then they're too ill to do the job, and we should wish them all the best but the good of the project must come first and we should let them focus on their health. Arbs removed for inactivity would, just like administrators desysopped for inactivity, remain in good standing and would be free to, if they want to, regain their CU and/or OS privs, their functionaries mailing list access and even stand for the Committee again in the future. This is not overruling the results of the election - they were elected to do a job, they are not doing the job so the wishes of the community are already not happening. If the number of arbitrators actually arbitrating falls below a certain level, for any reason, there should be interrim elections to bring the committee back up to strength. This would reduce the chance of a small group of arbitrators taking over. Thryduulf (talk) 02:10, 7 March 2019 (UTC)
- To be clear, I didn't say most of that; I too have misgivings about permanently removing someone who has been selected by the community. isaacl (talk) 04:20, 7 March 2019 (UTC)
- I agree with Isaacl and Rschen. If someone is so ill they cannot even make a single contribution in three months then they're too ill to do the job, and we should wish them all the best but the good of the project must come first and we should let them focus on their health. Arbs removed for inactivity would, just like administrators desysopped for inactivity, remain in good standing and would be free to, if they want to, regain their CU and/or OS privs, their functionaries mailing list access and even stand for the Committee again in the future. This is not overruling the results of the election - they were elected to do a job, they are not doing the job so the wishes of the community are already not happening. If the number of arbitrators actually arbitrating falls below a certain level, for any reason, there should be interrim elections to bring the committee back up to strength. This would reduce the chance of a small group of arbitrators taking over. Thryduulf (talk) 02:10, 7 March 2019 (UTC)
- Yes, the two need to go together: any special treatment of inactive arbitrators, whether it is removing them from the post, or taking them out of the quorum required for specific votes, should be accompanied with a willingness to hold interim elections to replace the inactive arbitrators. isaacl (talk) 23:01, 6 March 2019 (UTC)
- Considering an arbitrator who has gone incommunicado to be inactive is reasonable, to facilitate the ongoing operations of the committee. However I'm not sure it is necessary to remove the arbitrator permanently, particularly in the absence of an interim election to replace the arbitrator. isaacl (talk) 16:31, 7 March 2019 (UTC)
- In most circumstances in the RW, people can take leaves of absence without losing their status. Considering that the period of service of an admin is 2 years, if someone could not act for 6 months or even somewhat more in that period for medical or family or personal reasons, there's no reason why they shouldn't be allowed to act the other 18 months. There's no need to make a rule in the matter, as nobody that I can recall has ever abused this. DGG ( talk ) 04:02, 19 March 2019 (UTC)
- It's highly unlikely a removed arbitrator would be replaced, however. That would involve holding a special election, which seems extremely unlikely outside of some catastrophic scenario where a third or more of the arbitrators resigned or fell ill. ~ Rob13Talk 21:18, 6 March 2019 (UTC)
- I disagree. It's always unfortunate when this happens, and our best wishes should always go to that person. But at the end of the day, it would be better to have someone who is able to be active in the role. (I can think of one arb who would have met that definition from this decade). For reference, stewards can be removed outside of confirmations if they fall below a certain activity level, although the last time this happened was 2015. --Rschen7754 21:16, 6 March 2019 (UTC)
- I'm not about to overrule the results of a community election because someone fell sick. I think it would be patently absurd to do so. ~ Rob13Talk 20:51, 6 March 2019 (UTC)
- I certainly would vote against retaining someone as an arbitrator who had not had any interaction with arbitration matters for 3 months absent truly exceptional circumstances and don't understand why you wouldn't. Arbitrators are elected to do a job, and if they aren't doing it they shouldn't be treated as if they are. Thryduulf (talk) 20:42, 6 March 2019 (UTC)
- Looking back at the mailing list, not even Ks0stm would meet that definition of inactivity (going with the six months, because I don't see why ArbCom would ever not retain a member after three months). The potential automatic removal proposal would have no effect. ~ Rob13Talk 19:52, 6 March 2019 (UTC)
- @BU Rob13: Temporary inactivity of the sort you describe would not result in automatic removal - all that is required of an arbitrator is a single comment on a single arb-related happening, on the wiki or on the mailing list, every 3 months. If they haven't managed that low bar but their colleagues still feel they should be kept around, then a majority of active arbs can pass a motion to keep them for another 3 months. If an arb has not managed to make a single contribution to arbitration matters in 6 months then they really are not doing the job they were elected to do and shouldn't be on the committee - and should be removed but removed in good standing. This is a much lower standard than required of oversighters who have to make 5 logged actions every three months. Thryduulf (talk) 19:49, 6 March 2019 (UTC)
- @Rschen7754 and Thryduulf: Automatic removal gets very tricky for multiple reasons. First, we do need to respect that these arbitrators were voted onto the Committee by hundreds of voters. Kicking them off in cases other than a massive breach of trust is a bit iffy. Second, keep in mind that many arbitrators become inactive for reasons beyond their control that are nevertheless temporary – health, temporary situations at work, etc. We would lose perfectly good arbitrators permanently who might have come back to assist with Committee work if we kicked those individuals off. Additionally, arbitrators often go inactive on the activity list but remain active on individual matters because they do not have the time to handle the full workload of the Committee. This was the case for me for several months from December to February as I dealt with a variety of health issues. I stayed as active as I could, but I didn't want my lack of vote to hold up ban appeals, for instance, so I set myself to be presumed inactive until/unless I showed up to participate. Finally, the number of arbitrators who go completely inactive for six months is extraordinarily low (recently, only Ks0stm), but long-term inactivity from many different arbs for periods of 1-2 months could leave us with no quorum to remove an arb at any one point in time if they overlap. In that sense, this wouldn't fix the issue of an arbitrator being unable to be removed in a timely fashion upon gross breach of trust.
- @Rschen7754: automatic removal is a good idea, although I'd set it at 3 months of no participation in arbitration matters. "Participation" would be defined as commenting on any active request, discussion, motion, etc. on a page in the Wikipedia:Arbitration or Wikipedia talk:Arbitration hierarchy or the arb mailing list, excluding discussions related to their inactivity. If there was a reasonable explanation for the inactivity, then automatic removal could be deferred once for up to 3 months by a motion supported by 2/3 of active arbs (i.e. it takes a motion to keep an inactive arb not a motion to remove one). After 6 months of this complete inactivity they are removed without exception. Thryduulf (talk) 14:26, 6 March 2019 (UTC)
- @BU Rob13: Regarding your second proposal, I would remove the word "inactive." Activity / inactivity is a slightly squishy concept; you know as well as I do that it is usually based on an informal email to the clerks' list requesting that someone be listed as active or inactive. So if an arb just disappears, it could be argued they are still "active" as they never requested to be listed as inactive - and then their vote would be required to unseat another arb.
Regarding the discussion immediately above, I don't see a lot of value in removing arbs for inactivity, because in almost every matter the committee considers, inactive arbs are not counted anyway. GoldenRing (talk) 13:58, 19 March 2019 (UTC)- @GoldenRing: That's somewhat intended. Per WP:AC/P, "Any arbitrator who has not given prior notice of absence and who fails to post to the usual venues for seven consecutive days is deemed inactive in all matters with, where practical, retrospective effect to the date of the last known post." The idea is that we don't wish to discount the vote of an arbitrator who is around, but for some reason not participating in that one specific discussion. That carries a presumption that they do not support the motion to suspend/remove. If someone is genuinely not around, we can move them to inactive based on that provision of our procedures. ~ Rob13Talk 14:40, 19 March 2019 (UTC)
- Regarding the version 2 proposal, I suggest a minor wording change from "except" to "excluding". isaacl (talk) 15:00, 19 March 2019 (UTC)
- @Isaacl: Fair, done. ~ Rob13Talk 15:02, 19 March 2019 (UTC)
- Looking at Version 2, isn't the phrase "solicit their feedback on the resolution through all known mediums of communication" an invitation to wikilawyering? I mean, does ArbCom have to somehow demonstrate that "all known mediums of communication" were tried? What does that mean? Does an inactive Arb who is known to play World of Warcraft lead to a requirement that attempts be made to contact her or him in-game? A written communication sent through snail mail is a medium of communication, do the Arbs now need to maintain a list of each other's addresses (on their private wiki, presumably)? Taken to extreme, does someone need to try messaging by smoke signals or skywriting? Perhaps changing "known" to "reasonable" might avoid some problems. EdChem (talk) 13:45, 8 April 2019 (UTC)
- The chances of any arbitrator taking such a view are dim, and I'm not bothered by them. The point is that, if we know a second email, we try the second email. If we know a cell phone number, we text. If we know an address, sure, send a letter (though no arbitrator has made such information public in the past, to my knowledge). If we don't know the address, we wouldn't need to send a letter. We can't know where an arb will be at any given time, so no smoke signals or skywriting. Even a real-world court doesn't worry about how a statute could be interpreted by an unreasonable person. See reasonable person standard. ~ Rob13Talk 20:20, 8 April 2019 (UTC)
Restoration of sysop privileges to Necrothesp
Version 1 (Necrothesp)
On March 14, 2019, the administrator permissions of Necrothesp (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) were temporarily removed as a suspected compromised account under the Level 1 desysopping procedures.
Following discussion concerning account security, and pursuant to the procedures for return of revoked permissions, the Arbitration Committee resolves the following:
The administrator permissions of Necrothesp (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) are restored, provided he enables two-factor authentication on his account.
- For this motion there are 11 active arbitrators. With 0 arbitrators abstaining, 6 support or oppose votes are a majority.
- Support
- As proposer. Assuming he makes the request to the Stewards and we receive confirmation of the 2FA being activated before the bit is flipped back on. ♠PMC♠ (talk) 21:22, 7 April 2019 (UTC)
- Second choice. Katietalk 21:45, 7 April 2019 (UTC)
- I can support this while pondering the wording of procedures moving forward. And perhaps it would be more appropriate to have a separate motion on procedures rather than tangle up the voting of a resysop with the voting of procedures because if some Arbs are not happy with the wording of the procedures motion, that could hold up Necrothesp's resysopping further. Provided Necrothesp enables 2FA, he can have the tools back while we jiggle with the procedures motion. SilkTork (talk) 22:42, 7 April 2019 (UTC)
- Sympathetic to the view espoused by Joe, but I think enabling 2FA mitigates the risk well enough for me. AGK ■ 14:08, 8 April 2019 (UTC)
- It gets lost sometimes in the rhetoric around account security, but admin accounts do not actually have access to the nuclear codes. We do not now have evidence that Necrothesp's account is any less secure than any other active admin's, and indeed just-breached accounts are probably the safest :) Even though everyone who plausibly can use 2FA really should, I'm very hesitant about this as a general practice - "if you get compromised, you'll be required to enable 2FA after" - because of the possibility that it will end up excluding people whose circumstances don't fit with MediaWiki's somewhat clunky implementation. But for this case I think it's reasonable. (In general, we'll get more bang for the security buck yelling from the rooftops at every opportunity that Thou Shalt Not Reuse Passwords, not even once, not even if you used password123Reddit and password123Wikipedia and now think it's unique, not even if the recycled password is "correct horse battery staple", just no. Are you reading this post and unsure if you might have used your Wikipedia password on dodgy-downl0adz.com? Go change it, right now before you forget, I'll give you a cookie after.) Opabinia regalis (talk) 17:16, 8 April 2019 (UTC)
- Necrothesp has enabled 2FA and therefore has, in my opinion based upon the available information regarding the situation, adequately secured their account from being compromised again and should have the tools returned to them. Mkdw talk 21:36, 8 April 2019 (UTC)
- Oppose
- In favor of version 2, which also addresses how we should handle these situations going forward. ~ Rob13Talk 21:41, 7 April 2019 (UTC)
- I will switch to support if 3 passes. ~ Rob13Talk 15:12, 8 April 2019 (UTC)
- In favor of version 2. RickinBaltimore (talk) 22:54, 7 April 2019 (UTC)
- I am not convinced that Necrothesp adequately secures his account. By community policy, this is admin misconduct. In this instance, his negligence allowed a focused attacker to seriously vandalise the main page and a template used on almost every other Wikipedia page. Enabling 2FA is not going to solve the underlying lack of attention to basic security (it would also be impossible for us to monitor in the long term), so unfortunately I must come to the conclusion that Necrothesp can no longer be trusted with the tools. – Joe (talk) 05:27, 8 April 2019 (UTC)
- Abstain/Recuse
- Arbitrator comments/discussion
- @BU Rob13: How would it be Necrothesp's fault if motion 2 or 3 did not pass? It would not, so more importantly, why should Necrothesp's fate be tied to these two motions if you have reasonable confidence that their account will be secure (with 2FA enabled)? We are discussing and voting on increasing our security standards below, but I think it is unethical to hold someone hostage for effectively a political and policy position. They should be assessed fairly against our current enacted policies and protections, even if the ultimate decision is to deny their request to return their tools. Mkdw talk 16:03, 8 April 2019 (UTC)
- I absolutely agree. I want to reiterate that I think it is incredibly underhanded to suggest this kind of package motion where the handling of issues related to one person are combined with, and therefore made hostage to, a broader policy discussion. I sincerely hope that I don't see this kind of thing becoming a common practice. ♠PMC♠ (talk) 16:26, 8 April 2019 (UTC)
- +1 to PMC. This is a shabby way to treat a volunteer who made a mistake. We have plenty of other places to argue about internal wikipolitics. Opabinia regalis (talk) 17:16, 8 April 2019 (UTC)
- Our current policy on administrators states that administrators must secure their account. Necrothesp fell short of that standard in a way that puts me squarely on the fence when it comes to restoring permissions. The problem is that we haven't enforced our current policy for quite some time, which may have created an expectation we would not enforce it going forward. While certain administrators have lagged behind in their security standards and their understanding of relevant policies, so too has the Arbitration Committee when it came to enforcing those standards and policies. I believe opposing this motion is justified by our current policy, and the motions proposed below merely state that we will be enforcing existing community policy going forward. If, as a Committee, we decide that it's worthwhile to clarify that we will begin enforcing the current policy going forward, I am willing to support this resysop due to the expectations our shoddy enforcement caused. If we decide such a clarification is unnecessary, then there is no reason not to enforce the current policy now, which leads me to oppose resysopping. ~ Rob13Talk 17:52, 8 April 2019 (UTC)
- @Opabinia regalis: It's also sometimes lost in the WP:NOBIGDEAL rhetoric that Wikipedia admins are, amongst other things, entrusted with sysop privileges on the world's fifth most visited website. That includes some very risky buttons. Can you imagine the front pages of YouTube or Amazon being replaced with "hacked by <some kid with tor>", even for a couple of minutes? That we are a volunteer project shouldn't stop us aspiring to the same level of professionalism. It's not the nuclear codes, but all we ask of admins is to adhere the most basic of security practices. Things that, for example, have been technically enforced in every workplace I've been at, despite me rarely being trusted with much more than the coffee machine. The evidence that Necrothesp's account is a continuing vulnerability is the fact that it has already been compromised once, and in his public and private responses to this incident. – Joe (talk) 18:10, 8 April 2019 (UTC)
- I agree with Joe, but there's also just generally a myth that compromised admin accounts don't cause real world harm. For instance, imagine a compromised admin account edits the main page to include a violent or extremely sexual picture, which is not an uncommon type of vandalism. How many traumatized children whose parents rightfully expected a clean main page are acceptable to us? I'm not all too bothered by "hacked by <some kid with tor>". I'm very bothered with putting hundreds of children around the world into therapy. And don't even get me started on the possibility for compromised CU accounts. ~ Rob13Talk 20:16, 8 April 2019 (UTC)
- I'm not saying it's optimal for that kind of thing to happen, but suggesting that a single instance of accidentally viewing an inappropriate image would put "hundreds of children around the world into therapy" is a bit of an overstatement. ♠PMC♠ (talk) 22:23, 8 April 2019 (UTC)
- It depends what image. Someone who had been beheaded or something similarly gory? If viewed by a young enough child, that could certainly cause non-trivial issues for the parents to deal with, at the very least. ~ Rob13Talk 22:25, 8 April 2019 (UTC)
- I'm not saying it's optimal for that kind of thing to happen, but suggesting that a single instance of accidentally viewing an inappropriate image would put "hundreds of children around the world into therapy" is a bit of an overstatement. ♠PMC♠ (talk) 22:23, 8 April 2019 (UTC)
- I agree with Joe, but there's also just generally a myth that compromised admin accounts don't cause real world harm. For instance, imagine a compromised admin account edits the main page to include a violent or extremely sexual picture, which is not an uncommon type of vandalism. How many traumatized children whose parents rightfully expected a clean main page are acceptable to us? I'm not all too bothered by "hacked by <some kid with tor>". I'm very bothered with putting hundreds of children around the world into therapy. And don't even get me started on the possibility for compromised CU accounts. ~ Rob13Talk 20:16, 8 April 2019 (UTC)
Version 2 (Necrothesp)
On March 14, 2019, the administrator permissions of Necrothesp (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) were temporarily removed as a suspected compromised account under the Level 1 desysopping procedures. The Arbitration Committee has verified that Necrothesp is back in control of their account via multiple methods. The administrator permissions of Necrothesp (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) are restored, provided he enables two-factor authentication on his account for as long as he retains the sysop flag.
Since November 2018, six accounts have been desysopped under the Level I desysopping procedures as compromised administrator accounts. The Arbitration Committee would like to remind administrators that they are required to "have strong passwords and follow appropriate personal security practices." The current policy on security of administrator accounts provides that "a compromised admin account will be blocked and its privileges removed on grounds of site security" and "in certain circumstances, the revocation of privileges may be permanent."
The Arbitration Committee resolves that the return of administrator privileges to a compromised account is not automatic, in line with this policy. The Arbitration Committee will review all available information to determine whether the administrator followed "appropriate personal security practices." Factors the Arbitration Committee may use to make this determination include, but are not limited to, whether the administrator used a strong, unique password on both their Wikipedia account and associated email account, whether the administrator enabled two-factor authentication, and how the account was compromised. If the Committee determines the administrator failed to secure their account adequately, the administrator will not be resysopped automatically. Unless otherwise stated, they may regain their administrative permissions through a successful request for adminship.
- For this motion there are 11 active arbitrators. With 0 arbitrators abstaining, 6 support or oppose votes are a majority.
- Support
- We need to start actually enforcing the community policy on the security of administrator accounts. The existing policy states admins must at least try to secure their accounts. Where we determine that they declined to do so and it resulted in damage to the encyclopedia, we should not be resysopping automatically. This alternate motion simply makes clear that we will be following existing community policy surrounding account security going forward. ~ Rob13Talk 21:41, 7 April 2019 (UTC)
- Second choice to Motion 3. ~ Rob13Talk 15:12, 8 April 2019 (UTC)
- First choice. It is not exactly fair to Necrothesp to change the rules midstream, but I am heartily tired of dealing with these compromised admin accounts. Now everyone is on notice that resysop is no longer automatic in these situations. Katietalk 21:45, 7 April 2019 (UTC)
- RickinBaltimore (talk) 22:54, 7 April 2019 (UTC)
- Oppose
- Oppose on principle; restoring Necrothesp's privileges should not be contingent on altering our existing procedures. They're two separate discussions. ♠PMC♠ (talk) 21:44, 7 April 2019 (UTC)
- I support the warning about enforcement from now on, but oppose resysopping Necrothesp, per above. If this doesn't pass, we should vote on a standalone motion with just the second two paragraphs. – Joe (talk) 05:30, 8 April 2019 (UTC)
- Unhelpfully, this motion conflates two different issues (our procedures for the future – and what to do with Necrothesp). AGK ■ 13:52, 8 April 2019 (UTC)
- On principle. Mkdw talk 16:04, 8 April 2019 (UTC)
- Now we have separated the resysopping from the procedure, this motion is no longer appropriate. SilkTork (talk) 17:07, 8 April 2019 (UTC)
- Per PMC and Mkdw. Opabinia regalis (talk) 17:16, 8 April 2019 (UTC)
- Abstain/Recuse
- Arbitrator comments/discussion
- Has it been confirmed by us that Necrothesp is back in control of their account? The question was raised on the email list, and it was thought that the Foundation did the confirmation. I don't wish to change the wording as I don't actually know who did confirm it. SilkTork (talk) 22:33, 7 April 2019 (UTC)
- Per the Global log, T&S verified this and unblocked him. ♠PMC♠ (talk) 22:56, 7 April 2019 (UTC)
- We've also verified it via the WMF. A WMF staff member assured me that the person who is currently in control of the account is definitively the original account holder. This matches the language of past motions on resysopping previously-compromised admin accounts. ~ Rob13Talk 23:14, 7 April 2019 (UTC)
- Per the Global log, T&S verified this and unblocked him. ♠PMC♠ (talk) 22:56, 7 April 2019 (UTC)
Motion 3: Return of permissions
Since November 2018, six accounts have been desysopped under the Level I desysopping procedures as compromised administrator accounts. The Arbitration Committee reminds administrators that they are required to "have strong passwords and follow appropriate personal security practices." The current policy on security of administrator accounts provides that "a compromised admin account will be blocked and its privileges removed on grounds of site security" and "in certain circumstances, the revocation of privileges may be permanent."
The Arbitration Committee resolves that the return of administrator privileges to a compromised account is not automatic. The committee's procedure at Wikipedia:Arbitration Committee/Procedures § Removal of permissions, subsection Return of permissions, is replaced by the following:
Removal is protective, intended to prevent harm to the encyclopedia while investigations take place, and the advanced permissions will normally be reinstated
onceif a satisfactory explanation is provided or the issues are satisfactorily resolved. If the editor in question requests it, or if the Committee determines that a routine reinstatement of permissions is not appropriate, normal arbitration proceedings shall be opened to examine the removal of permissions and any surrounding circumstances.In cases where an administrator account was compromised, the committee will review all available information to determine whether the administrator followed "appropriate personal security practices" before restoring permissions. Factors used to make this determination include: whether the administrator used a strong password on both their Wikipedia account and associated email account; whether the administrator had reused passwords across Wikipedia or the associated email account and other systems; whether the administrator had enabled two-factor authentication; and how the account was compromised.
If the Committee determines the administrator failed to secure their account adequately, the administrator will not be resysopped automatically. Unless otherwise provided by the committee, the administrator may regain their administrative permissions through a successful request for adminship.
- For this motion there are 10 active arbitrators, not counting 1 recused. With 0 arbitrators abstaining, 6 support or oppose votes are a majority.
- Support
- Proposed; splitting this from Motion 2 per our earlier discussions. In the wording for a new procedure, I have separated the requirement for a 'strong password' and for a 'unique password' to drive home the point: reusing passwords across systems is unsafe. AGK ■ 14:21, 8 April 2019 (UTC)
- Support as 2nd choice. RickinBaltimore (talk) 14:53, 8 April 2019 (UTC)
- Fully happy with this. First choice, since it puts it into our procedures directly. ~ Rob13Talk 15:11, 8 April 2019 (UTC)
- Explicitly adding it to our procedures is a good idea. – Joe (talk) 18:13, 8 April 2019 (UTC)
- Oppose
- Abstain/Recuse
- I'm going to abstain on this, although I support it in principle. I have to point out that although we can confirm some information about an editor's Wikipedia password and their use of 2FA, we have no way of actually confirming whether someone had a unique, strong password for their Wikipedia-associated email address, if they reused their password on other sites, and how the compromise occurred. At best all we have is the editor's word and (particularly with the last point) our best guess. I'm not sure it's fair for us to enshrine those points in policy as reasons not to return someone's permissions when we have no way of confirming the information. ♠PMC♠ (talk) 17:29, 8 April 2019 (UTC)
- Arbitrator comments/discussion
- I'm in favour of making clear moving forward that compromised accounts will not automatically have the admin tools restored. Where I am unsure is if this is the procedure we wish to adopt, as it amounts to us asking (as we have done in this case): "Did you have a strong and unique password?" and the admin saying (as they have done in this case) "Yes". But in this case, despite assurances that the password was strong and unique, the admin account was still compromised, which is why we have taken a long time to even get as far as this on-Wiki discussion, why we are insisting on 2FA, and why Joe is opposing a resysopping. I'm not sure a simple assertion that "Yes of course my password was safe" is quite enough, because if someone's admin account became compromised there was a flaw somewhere in that user's security which they didn't know about, and are possibly still not aware of. I think the procedure should be that if an admin's account was compromised and they didn't have 2FA, then they need to enable 2FA to get the tools back. SilkTork (talk) 17:34, 8 April 2019 (UTC)
- I have to strongly disagree with the premise that all we can do is ask the admin. Here, the WMF made a public statement in which they noted that the password was likely reused due to specific, credible information. We can ask the WMF for similar information in any future cases of a compromise and base our decision on that information as well as what the admin tells us. If an account is compromised on the first try and there is no indication of any type of attack perpetrated through Wikipedia itself (e.g. with site JS on smaller wikis), it's fairly clear it was from a reused password, phishing, or a keylogger. ~ Rob13Talk 17:56, 8 April 2019 (UTC)
Discussion and comments (Necrothesp)
I don't wish to beat up on this particualr admin (since that's already been done to the point where I'm sure the message has been received) but I would urge the committee to go with version 2, and to consider it a sort of final warning that admins are expected to secure their accounts and ignorance of the last 5-6 years (at least) of evolving policy on this matter is no excuse as we expect admins to be up to speed on important policies. And reports about this hae been in the monthly admin newsletter how many times now? I've lost count. Kinda a big part of the job, and if you can't be bothered to keep up you should be big enough to hand in the tools. Beeblebrox (talk) 01:18, 8 April 2019 (UTC)
- Should this pass, I hope that a MassMessage will be sent to all admins, active or not (and signed "On behalf of the Arbitration Committee" so they don't think it's just a newsletter that can be ignored). --Rschen7754 05:20, 8 April 2019 (UTC)
- @Rschen7754: We can certainly do that. ~ Rob13Talk 05:42, 8 April 2019 (UTC)
- @BU Rob13 and Rschen7754: would you want this for all users that are currently admins, or also those that are not currently admins but may be eligible for re-sysoping? --DannyS712 (talk) 06:00, 8 April 2019 (UTC)
- @Rschen7754: We can certainly do that. ~ Rob13Talk 05:42, 8 April 2019 (UTC)
- Likewise, although I'm sympathetic to both the optics and voting implications of splitting version 2 into two separate motions. ~ Amory (u • t • c) 10:16, 8 April 2019 (UTC)
- Don't the current policy wordings leave discretion with the bureaucrats and not mention ArbCom? EdChem (talk) 13:48, 8 April 2019 (UTC)
- We are dealing in this motion with scenarios where there is a removal due to a security breach. The policy wording you mention was added to deal with security concerns that arise in passing after an administrator requests restoration of rights removed due to inactivity. In the latter scenario, the bureaucrats are the first assessors of the security issues. In the former scenario, ArbCom deals with the security issues and votes to reinstate where it knows the issues are resolved. It would not make sense for the bureaucrats to duplicate ArbCom's work in cases of compromised accounts. This illustrates an issue with some language at WP:ADMIN: we keep adding sentences to deal with edge cases that then mislead readers, through the illusion of comprehensiveness, when a different edge case arises. AGK ■ 14:05, 8 April 2019 (UTC)
- AGK, I am aware that ArbCom can and does desysop for security reasons, it is the reason that I was surprised by the wording. WP:SECUREADMIN states that "[d]iscretion on resysopping temporarily desysopped administrators is left to bureaucrats," which appears to me to empower bureaucrats to duplicate ArbCom work and even resysop after a Level 1 desysop unilaterally provided the 'crat is convinced security issues are addressed so long as a leel 1 desysop can be placed into the "temporary" camp. Wikipedia:User account security#Privileged editors states that
Administrators, bureaucrats, checkusers, stewards and oversighters discovered to have weak passwords, or to have had their accounts compromised by a malicious person, may have their accounts blocked and their privileges removed on grounds of site security. In certain circumstances, the revocation of privileges may be permanent. Discretion on resysopping temporarily desysopped administrators is left to the bureaucrats, provided they can determine that the administrator is back in control of the previously compromised account.
This mentions nothing about ArbCom. It asserts desysopping or other rights revocations may be permanent under "certain circumstances," but gives no clue as to what those might be, nor does it define who makes the decision. For sysop permissions, the discretion could be argued to be held only by the 'crats. - I agree with you that duplication is unhelpful, and that in practice ArbCom has the decision-making role... but I am surprised to see nothing in policy that supports that this is the case. I know that ArbCom gets to design its own procedures but cannot make policy. Arguably, above attempts to codify the desysopping being permanent falls into the former case rather than the latter, but that argument becomes much weaker when the policy basis for security breaches leading to permanent action is vague, does not mention ArbCom, and (I suspect) may not have been subject to community endorsement as policy. It may come from WMF actions / directions, but then that should be explicitly stated. Before codifying procedures, the basis for ArbCom authority should be clearly found in policy that is WMF mandated and / or community endorsed. I get that there is something about this particular case and the mishandling of security that has ArbCom annoyed. Perhaps it is a particularly egregious case, or just the latest in a series of cases that should never have arisen. Privacy concerns mean that can't be disclosed in detail, but those motivations don't justify acting as if policy support for ArbCom's authority in this area is clear when the policy documentation does not bear that out. The language on removals becoming permanent goes back at least a decade, so perhaps merely codifying that the decision-maker is ArbCom is needed, along with clarifying when bureaucrats can exercise the discretion that they have under the policy? EdChem (talk) 14:52, 8 April 2019 (UTC)
- I think the functional part here though is that since the removal was authorized under WP:LEVEL1 the return is only authorized under WP:RETURN. That is, as ArbCom has explicitly removed the permission, only ArbCom may explicitly return it. If the user group is not returned by ArbCom, WP:RfA still exists. WP:SECUREADMIN seems to specifically refer to things such as password requirements; if WMF ever did one of the promised audits, they could presumably pass that on to bureaucrats for action. ~ Amory (u • t • c) 15:08, 8 April 2019 (UTC)
- Our authority to act here is solid. There are several ancillary policies and procedures we could cite (see above), but ultimately it comes down to the fact that WP:ARBPOL gives ArbCom the responsibility for removing the admin permissions. It necessarily follows that we can decide if/when to give back bits we remove, and impose conditions (analogous to topic bans imposed by individual admins as unblock conditions). It would be helpful to amend WP:SECUREADMIN to note that this eventuality exists. – Joe (talk) 18:29, 8 April 2019 (UTC)
- AGK, I am aware that ArbCom can and does desysop for security reasons, it is the reason that I was surprised by the wording. WP:SECUREADMIN states that "[d]iscretion on resysopping temporarily desysopped administrators is left to bureaucrats," which appears to me to empower bureaucrats to duplicate ArbCom work and even resysop after a Level 1 desysop unilaterally provided the 'crat is convinced security issues are addressed so long as a leel 1 desysop can be placed into the "temporary" camp. Wikipedia:User account security#Privileged editors states that
- Please keep in mind that there is no mechanism available to stewards or bureaucrats to validate if a user has enabled 2FA, nor do they have a mechanism that can be used to determine if 2FA is deactivated at a future time. (WMF staff and certain developers can access this user-level data only). There is some consideration for building this functionality (see phab:T209749) however the last notes from the foundation suggest it is unlikely to be made available to project volunteers. To this end, I don't think ArbCom should be creating a user restriction ("account X requires 2FA") that has no mechanism to validate or audit, thus no means to enforce. — xaosflux Talk 14:30, 8 April 2019 (UTC)
- @Xaosflux: This specific concern was discussed quite a bit internally. We can get this data from the WMF, and have in the past. ~ Rob13Talk 15:14, 8 April 2019 (UTC)
- @BU Rob13: thanks for the note. From my reading of the first proposals above, once enacted this motion completes correct? That is, ArbCom is not creating a continuing requirement that this specific user must maintain 2FA as an ongoing condition of maintaining their administrator access correct? — xaosflux Talk 15:54, 8 April 2019 (UTC)
- For the second proposal, it seems to be missing a few things: (1) Under what authority is ArbCom creating a new account restriction, (2) What are the mechanics for enforcement? — xaosflux Talk 15:56, 8 April 2019 (UTC)
- I am not the best person to address the first question as a broad question, because I raised the same concern myself at one point and am not fully satisfied with the answer. Having said that, Necrothesp has noted privately to the Committee that he is willing to enable 2FA going forward. I would say our authority in this case is consent of the editor. In terms of enforcement, theoretically, the Arbitration Committee can request a list of editors with 2FA enabled from the Foundation. We've been provided with such information as it relates to the functionary team in the past. As a practical matter, I am more than happy to AGF that Necrothesp wouldn't blatantly lie to us about enabling 2FA and keeping it enabled. ~ Rob13Talk 18:02, 8 April 2019 (UTC)
- We already have a password strength policy that is supposed to be binding on all admins, it has just never been enforced even one single time. And now there is also a global policy. We asked the WMF for password auditing in 2015 but as far as I kno wthat's never been done either, but I seem to recall seeing somewhere recently that that is close to being a reality as well. Beeblebrox (talk) 17:34, 8 April 2019 (UTC)
- Discussed at phab:T121186, the "regular audits" and "password strength bar" have, obviously, not been implemented. ~ Amory (u • t • c) 17:50, 8 April 2019 (UTC)
- @Xaosflux: This specific concern was discussed quite a bit internally. We can get this data from the WMF, and have in the past. ~ Rob13Talk 15:14, 8 April 2019 (UTC)
- In Version 3 by AGK et al. the unchanged text from the current policy at WP:RETURN appears to proscribe a case if ArbCom doesn't return the perms, is that a fair assessment? Would it be worth indicating that a case is not required in all cases (such as this), perhaps simply by changing shall be opened to may be opened? ~ Amory (u • t • c) 15:26, 8 April 2019 (UTC)
- Given the typically private nature of discussions regarding an individual account's security, I would argue we're already opening "normal arbitration proceedings" when an account is compromised by seeking evidence regarding the account's security privately. The normal proceedings in such a situation would be a private case, not a public one. I would consider the new language on our procedures for compromised accounts as descriptive of "normal arbitration proceedings" in that situation. ~ Rob13Talk 18:06, 8 April 2019 (UTC)
- Please note that Necrothesp has enabled 2FA on his account. See here. Thank you for taking that step. ~ Rob13Talk 18:57, 8 April 2019 (UTC)
- I've been informed that log is noting he got oauth-tester, which allows him to enable 2FA. Either way, thanks for taking a step toward 2FA. ~ Rob13Talk 19:01, 8 April 2019 (UTC)