What do you know about the Ombuds Commission?

This Diff blog was drafted by and submitted on behalf of the Chair of the Ombuds Commission.

The Wikimedia community is full of volunteers fulfilling various roles. It’s not only editing that makes this free knowledge experiment work! The Ombuds Commission (OC) is an investigative committee of volunteers, supported by the Wikimedia Foundation, which is responsible for reviewing concerns regarding the Privacy Policy, CheckUser Policy, Oversight Policy and the Access to Non Public Data Policy. The OC also examines issues regarding the compliance of Local CheckUser and Oversight Policies with the Global Policies on Meta-wiki. Hopefully by reading this Diff post, readers will gain a better understanding about what the Ombuds Commission does.

In the current term there are 10 Ombuds, one observer from the Stewards, and a liaison with Trust and Safety. 

When writing local policies, all actions by CheckUsers, Oversighters and the like must be in compliance with the Global Policy, as Local policies must never permit actions that are not permitted in the Global Policy. 

The Policies

Let’s start with the policies that the OC works with. The Privacy Policy was developed to protect the private information of users of Wikimedia projects. In many countries this is a legal requirement, and with regards to CheckUsers and Oversighters, it is largely referring to the inappropriate disclosure of information whose disclosure is prohibited by the Privacy Policy or related policies. This information could be a user’s IP address linked to their username or other private information. The linking of IP addresses to usernames is one of the most common breaches of privacy we address.

The CheckUser Policy, apart from defining the role of checkusers and how they are elected or appointed, also outlines when a CheckUser may use the tools. As outlined in the relevant policies there must be valid reasons for running a check. Although vandalism, sockpuppetry and meat puppetry are annoying to everyone, and clearly can do significant damage, prior to running Checks the CheckUser’s must establish the defensible reasons for doing so. By this we mean that afterwards if questioned about it, for example by the Ombuds Commission, the CheckUser must be able to provide defensible reasons for using the CheckUser Tools. Not doing this is considered an abuse of the CheckUser tools and could lead to the CU being reported to the Ombuds Commission. When the CheckUser Policy is breached and a complaint is made it is often for inappropriate use of the tools.

Like the CheckUser policy, the Oversight policy determines how oversighters are elected or appointed and when these tools can be used. Given the types of information that Oversight tools are used to protect, oversighters generally lean towards hiding content that they may be unsure about. The majority of complaints about oversight, which are relatively rare, are because use of the Oversight Policy has been denied.

How Cases are Handled

At the outset, all of our cases are private and covered by the Privacy Policy, so no details here refer to specific cases. Here is a general summary of the process of the cases the OC reviews:

• Cases usually arrive by a request being made via the link on Meta-wiki on the Ombuds Commission Page. They sometimes come via private emails, or sometimes the OC members discover them. The latter can occur in two ways. The OC often has to check local policies and if there is an issue, a case will be opened to look into that policy more deeply. The other way is a secondary case may become apparent during another investigation.
• Once a case is received, the OC members do a quick readthrough to examine if the case falls within the OC’s mandate. The mandate is very strict, so cases that are outside of this, such as overturning blocks, will be rejected. Sometimes a case is within the mandate of another committee or community role, e.g. ArbCom, the Stewards or even Trust and Safety, in which case the OC refers the person to these avenues. If the case is clearly one the OC must look at, a case file is created and receipt is acknowledged.
• At this point the case will be assigned an investigator. As Chair, that is one of my responsibilities to assign cases to OC members. Generally I ask for volunteers but I also look at current case loads of each member, with the caveat that no members will receive a case from their home wiki. This usually is not an issue as the members are always selected from a wide array of projects.
• The investigator will then take charge of the case and will go through the provided information as well as conduct any interviews required. They will formulate a conclusion and recommendations. The OC will discuss this and then a resolution is formed.
• There are 10 Ombuds and our presence on-wiki is tracked to ensure our review of the situation. The vote on a resolution goes for a minimum of 5 days and must have a majority support among the Ombuds. If Ombuds go inactive, then our total number changes and as does the voting majority rule. Depending on the amount of discussion this can be extended, sometimes it even requires revisiting information. In general, as Chair, I try to ensure the OC has this part completed within a month of the receipt of the complaint.
• Any resolution that is a result of a breach must then go to the Wikimedia Foundation Legal department for confirmation. This can take a little time as it is entirely dependent upon their workload too.
• The next stage will be the delivery of all outcomes to appropriate parties. Often this is simply an email and rather uncomplicated, sometimes it requires some coordination with the Wikimedia Foundation so again this is an area that can delay things.

Importantly: what we cannot do

The OC receives many requests and complaints that are essentially asking us to reverse a block. On every project there is a process by which users can request a block be reviewed. If a user has been blocked, they will likely find a link to that process relevant to the block in question on their talk page. For the most part, the review of blocks is a local issue to be dealt with by local administrators, CheckUsers or the like on the wiki in question. In some cases, it may be more appropriate to take the case up with the Stewards. It is not something the Ombuds can deal with and cases asking us to reverse a block are almost always rejected. 

We also, just like any CheckUser, will not spend a lot of time searching for relevant information if not sufficiently provided at the outset. A complaint must be specific, with all issues linked to, by diff if one can or at least provide the link. When relevant, the complaint must name the users who have breached the policies the OC is mandated to look into. As a generalization we are providing accountability to those members of the community who have higher access and can actually access this private data, such as CheckUsers, Oversighters and Stewards. It’s actually rare for anyone without this access to have this information, or if they do it has been inappropriately sent to them by someone who has such rights.

Issues and Improvements

In recent years, there have been a number of issues raised on Meta-wiki in particular, also on various discussion forums on the efficiency of the OC. For example, the length of time taken to resolve cases, our massive backlog, etc. Some of these complaints are valid and we have taken steps to restructure the working of the OC in recent years to deal with this.

One such improvement was establishing a Chair position. The Chair is elected by the Ombuds each year and has some additional responsibilities beyond typical member expectations. The Chair is still an Ombud and can investigate and vote as any other Ombud. However, the Chair is also responsible for assigning cases, is involved in the process of accepting cases, and also ensures things keep moving to reduce the time the OC takes to move cases to conclusion. The Chair is also responsible for the notification of final resolutions to relevant parties and communication and feedback to the community. As Chair, I now frequently comment on issues where I can across many wikis. There is a limit to what I can say, particularly in public forums, due to the Privacy Policy. However, I can give some direction from the OC perspective when it is warranted or further explain some resolutions on those forums where they can be discussed. Between 2021 and 2022, we made a momentous effort to deal with the backlog, some cases were 3 years old. We managed to almost completely get rid of the backlog. In fact, at the time of writing, we have only a couple of cases that are over one year old and these are delayed due to case-specific complexities. This has drastically reduced the case load on each Ombud allowing for expedient resolution of cases.

Future Directions

This year has been the first year that the OC implemented a change in our policies to include a Steward observer among our group. This has, of course, required all of us to develop a working relationship with our roles in mind. We are all learning together. As Chair, it has seemed to me to be of great benefit to us. It has clearly increased our discussion with the Stewards. This is a great benefit as it will often fall to Stewards to implement our resolutions, and as such they should be in the loop.In the past the Ombuds have produced Activity Reports to keep the community informed. However, it is my belief that we should be more visible to the community than we are. Visibility for us is complicated and any one of us talking to the community must be mindful of privacy. In saying that, we should not be a black box invisible to everyone. We welcome any general questions as comments on Diff, on the OC Talk Page or by email. All I ask is that we must be mindful of privacy. If you’re unsure, contact me privately. My user page has many options for this.