Wikimedia Foundation Office Actions Policy - Wikimedia Foundation Governance Wiki Jump to content

Wikimedia Foundation Office Actions Policy

From Wikimedia Foundation Governance Wiki

This page is a Wikimedia Foundation official policy, established by Jimmy Wales and endorsed by the Foundation as necessary for the operation of the sites under its jurisdiction.

The office actions policy is a set of guidelines and procedures regarding official changes to or removals of content on the Wikimedia projects, or actions against specific individuals, performed by Foundation staff members and under the authority of the Wikimedia Foundation, upon receipt of one or multiple complaints from the community or the public, or as required by law. Complaints that may lead to enforcement of office actions may include, but are not limited to, privacy violations, child protection, copyright infringement or systematic harassment. All office actions are performed pursuant to the Terms of Use.

Purpose and scope

The purpose of this policy is to help improve the actual and perceived safety of Wikimedia community members, the movement itself, and the public in circumstances where actions on local community governance level are either insufficient or not possible. Local policies remain primary on all Wikimedia projects, as explained in the Terms of Use, and office actions are complementary to those local policies. However, there may be some rare cases where the Wikimedia Foundation must override local policy, such as in complying with valid and enforceable court orders to remove content that might otherwise comply with policy or in protecting the safety of the Wikimedia communities or the public.

Some of the actions described or referenced in this policy mirror actions also taken by the Wikimedia communities and local governance mechanisms. All actions mentioned under this policy refer to actions taken by the Foundation and any equivalent actions performed by the communities are explicitly called out. For example, the terms "global ban" or "event ban" under this policy refer to global bans and event bans enforced by the Foundation respectively even though similar bans may be placed by Wikimedia affiliates or the Community.

Primary office actions

The Foundation does not hold editorial or supervisory control over content and conduct in the Wikimedia projects; this work is done by a largely autonomous community of volunteers who, in accordance with our Terms of Use, create their own policies meant to uphold the educational goals of our movement. However, in cases where community actions have not been effective and/or legal considerations require us to intervene, we may take actions accordingly.

Foundation global ban

A global ban is one of the most severe actions the Foundation may take in order to address misconduct or serious threats to the safety of users, the public or the projects, pursuant to our Terms of Use. It is performed primarily in order to help assure the actual and perceived safety of users of the Wikimedia projects and assist in preventing prohibited behavior that hinders contributions and dialogue. Situations that may lead to a Foundation global ban include, but are not limited to:

  • Users engaging in significant or repeated harassment of users on multiple projects;
  • Users engaging in significant or repeated harassment off of the Wikimedia sites so as to threaten (emotionally or physically) users;
  • Place in danger, significantly compromise or otherwise threaten the trust or safety of our users or employees;
  • Users repeatedly or egregiously violating our Terms of Use, such as through hosting illegal content on Wikimedia servers; or
  • Threatening or compromising the security of Wikimedia infrastructure.

In some cases, a Foundation global ban will be issued following Terms of Use violations that - individually - would not be sufficient enough to warrant a global ban, but form part of a broader pattern of seriously problematic conduct. In those cases, the global ban will typically be issued only after prior warnings (from the community, and/or the Foundation).However, the Foundation reserves the right to impose a global ban directly, in sufficiently severe cases of repetitive Terms of Use violation, or where it has not been practical to offer warnings. A global ban prohibits individuals, either in their own capacity or as agents of others, from all Wikimedia Foundation websites, platforms and activities. This includes, but is not limited to, any site listed at www.wikimedia.org, mailing lists hosted by the Foundation, Wikimedia Cloud Services and Wikimedia technical infrastructure such as Phabricator as well as any in-person events sponsored or funded by the Foundation. Accordingly, an individual globally banned by the Foundation may not participate in, edit, contribute, or otherwise modify any content on those sites, platforms, or lists without the explicit permission of the Wikimedia Foundation.

A global ban is placed against an individual instead of against a specific username. It therefore applies to any alternate accounts an individual may control and any accounts they might create after the ban has been enacted. It can also apply to anonymous / "IP accounts" the banned individual may be using or may use in the future.

Global bans are considered a last resort and are only enforced upon receipt of complaint, investigation, extensive review and explicit approval by several Foundation staff members. As they prohibit all involvement in the Wikimedia projects, websites, platforms and activities from the moment they are enacted, by definition they also prohibit potentially positive future involvement of the banned individual, regardless of the outcome of that involvement. Knowingly facilitating the contributions of a globally banned individual, acting as a proxy for such a person, or attempting to interfere with Foundation staff or volunteer administrators, bureaucrats or functionaries enforcing a global ban in line with local policies may result in sanctions, including loss of advanced user rights or suspension of contributing access to Wikimedia sites.Since global bans are reserved for severe cases, their duration should typically be expected to be indefinite.

Foundation event ban

A Foundation event ban is an office action enforced in order to help improve the actual and perceived safety of users attending Wikimedia in-person events. It is placed under exceptional circumstances such as repeated abuse or behavior that compromises the trust and safety of our volunteers or users. While not limited to these examples, Foundation event bans may be enacted in situations such as where:

  • Users have already exhibited or have threatened to exhibit harassing or otherwise abusive conduct during in-person events.
  • Users have already exhibited or indicated intention to attend in-person events in bad faith or to systematically undermine discussions and collaboration in pursuit of the Wikimedia mission and vision.

An event ban restricts the access, attendance and/or participation of individuals at offline events that are sponsored or funded by the Wikimedia Foundation or, in some cases, associated entities (such as movement affiliates or partners). This is not an action unique to the Foundation; local Wikimedia communities may also enact event bans under relevant policy when they feel that a ban will help maintain the trust and safety of community members and users attending offline events. Event bans imposed by the Foundation may be subject to different criteria than those developed and observed by affiliated movement organizations, but are intended to complement them.

Being banned from local events does not automatically mean that one is banned from all global events. The terms of one event ban can differ from those of another and may depend on multiple variables. For example, Foundation event bans can be:

  • Location specific. One may be banned in all in-person events taking place within a certain geographical area, such as a city or a country.
  • Project specific. They may be applicable to any events relating to work and/or collaboration on particular projects or language projects, such as work on MediaWiki, Wikiprojects or the English Wikipedia.
  • Time specific. Event bans may not necessarily be indefinite; they may be placed for a specific period.

While an event ban may be lifted if it is found that it has served its purpose, continued abuse from the banned user may weigh into a decision by the Foundation to expand the ban. If notice of an event ban does not include a specific expiration date or note that it is irrevocable, an appeal may be sent to ca@wikimedia.org. (Event bans that are part of global bans or lead to global bans are not subject to appeal.)

Event bans may be one step before a global ban, as they are placed in situations where a complaint has been placed to the Foundation regarding user conduct that specifically occurs or may occur during in-person events. They may, however, exist in isolation, if the issue leading to the event ban is not a concern in online interaction or behavior.

Pursuant to this and the Foundation event bans policy, names or pseudonyms of individuals explicitly (through an event ban) or implicitly (through a global ban) banned from attending events may be made available to designated teams or individuals within an event organization team/safe space committee/chapter, in the form of the event bans list. The list may include more identifying information if available, including photographs to help in identification.

DMCA compliance

The Foundation encourages people to first consider taking advantage of the existing community-led processes in order to report and resolve instances of copyright infringement. This can be done by reaching out to the Wikimedia volunteer email response team (VRT) at info@wikimedia.org with an informal request for content removal, including all relevant information in support of your request such as the location of the reported material and well as information that helps establish copyright ownership and the legality or illegality of the material's use.

In some cases, the Foundation may also receive requests to remove content from a Wikimedia Project through a formal DMCA takedown process. Before complying with a DMCA notice, the Foundation reviews every DMCA notice we receive to ensure that it complies with the requirements of the DMCA statute and United States copyright law. We reject notices that we do not believe are legally valid. Upon review of the request by the Foundation's Legal team, the removal itself will usually be performed by a Support & Safety team member, using their staff account. In the spirit of transparency, the Foundation informs the Wikimedia community each time it performs a DMCA takedown through this page (also mirrored on Commons for Commons-based requests), as well as through aggregate statistics, in its biannual transparency reports.

Removals of material due to receipt of a valid DMCA notice can be challenged. The recourse for restoring such material is to file a counter-notice with the Foundation. Please note that filing a counter-notice may lead to legal proceedings between you and the complaining party to determine ownership of the material. The DMCA process requires that you consent to the jurisdiction of a United States court. If you believe there is no legal basis for a takedown notice which has been acted upon by the Foundation, you are welcome to visit the following sites, as a first step in learning about filing a counter-notice:

As with all office actions, reverting DMCA notice takedowns without appropriate legal reasons is strongly discouraged. As a matter of policy, the Wikimedia Foundation will terminate, in appropriate circumstances, the accounts of repeat infringers as provided under the Digital Millennium Copyright Act (17 U.S.C. 512). In most cases, it will also terminate the accounts of users who, upon being notified that content they have contributed has been removed as a result of a DMCA complaint, revert that removal.

Child protection

The safety of minors is extremely important for us, and we go to great lengths to help assure it. To that effect, if we believe minors are at risk, we will take actions right away. These actions aim at mitigating both conduct as well as content promoting child abuse. Child abuse may be discussed educationally as part of the content of Wikimedia projects, but never promotionally or with the purpose of titillation.

Pursuing or facilitating inappropriate adult–child relationships is not acceptable in the Wikimedia projects. This type of activity may include, but is not limited to, posting child pornography or any material depicting inappropriate sexual acts between adults and minors that violate applicable law, distributing or trafficking obscene material against minors that is unlawful under applicable law, conducting communications with under-aged users through the Wikimedia projects in an attempt to groom them or attempting to move their communications to platforms outside of the Wikimedia projects for grooming purposes, or attempting to approach minors inappropriately during Wikimedia in-person events.In contrast, contact for the purpose of organising and running school-related editathons is acceptable. Read more about our combating online child exploitation policy.

Concerns about child safety are reviewed and appropriate actions are taken as a matter of priority. Instances we believe to be child pornography, including information brought to our attention through requests for nonpublic user information, are reported to the National Center for Missing and Exploited Children (NCMEC), in line with our Requests for user information guidelines and procedures. If your request has already been reported to NCMEC or relates to a case being handled by NCMEC, please include the case or report information in your request. The Foundation may also take additional actions against individuals found be engaging in such activities such as alerting local or international law enforcement.


Secondary office actions

The actions listed under this section are generally performed at the Foundation's discretion, as a possible outcome of evaluation of a separate report. Direct requests for these actions will generally be deferred to appropriate community governance mechanisms. In the past, the Foundation has only taken these actions under extraordinary circumstances.

Conduct warning

A conduct warning is issued when a situation is observed to be problematic and is meant to be a preventative measure of further escalation. It is considered as a step geared towards de-escalation of the situation, when this is believed to have sufficient margin for it. It informs the recipient that behavior they may consider acceptable is in fact not, grants them the opportunity to reflect on it, and encourages them to take corrective measures towards mitigating and eventually eliminating it.

A conduct warning will usually be issued by the Foundation in situations where a contributor's online or/and offline behavior is considered borderline abusive, disruptive or otherwise hinders the collaborative process, but does not yet rise to the level of corrective actions. Such a warning will typically aim to address the type of conduct that may include, but is not limited to, repeated personal attacks, edit/status warring, impersonation or otherwise inappropriate in-person commentary and behavior.

No data has been compiled on how well conduct warnings succeed, and the Wikimedia Foundation lacks the resources to provide ongoing counseling to warned individuals on how to modify behaviors. However, while the Foundation does not believe that positive contributions outweigh harmful behaviors, there may be some circumstances where a warning is offered as a courtesy to contributors who may be otherwise sanctioned by an event or global ban. Warnings will be given only after an extensive evaluation, including review by multiple relevant staff, and will be issued confidentially. Their intent is not to shame the individual or escalate the situation, but to offer a contributor believed to be working in good faith an opportunity to cease behaviors that will otherwise lead to sanctions.

Removal of advanced rights

In extremely rare situations, the Foundation may become aware of circumstances and information regarding major breaches of trust performed by Wikimedia functionaries or other users with access to advanced tools. It may not be possible to share some or all of that information with the Wikimedia communities due to privacy reasons and therefore can not be handled through existing community governance mechanisms. In some of those cases the abuses reported may not rise to the level of irreversibly expelling Wikimedians from the communities; however, they may be severe enough to have breached the community's trust in the individuals involved and therefore warrant removal of administrative rights.

Removal of user rights are usually either permanent or long term. Rebuilding trust is not impossible, which is why individuals are encouraged to reflect on their actions leading up to their advanced rights removal and consider how they may best serve the communities moving forward. In situations of long term removals, and once the no-rights period has elapsed, a contributor may have to fulfill additional criteria before they are permitted to reapply for advanced rights; those are made known to them at the time of the removal of advanced rights.

Use of advanced rights by Foundation staff

There is a wide range of administrative actions that may be performed by the Wikimedia Foundation during evaluation of reports of misconduct, in upholding the Terms of Use. Theoretically, this could be any administrative action that can be performed by volunteers in the communities. The Foundation supports and encourages community autonomy and therefore strives to take the smallest amount of action possible, which is why it is not customary to accept community requests for said actions.

CheckUser

Of all admin rights, CheckUser is the one most commonly used by the Foundation's Trust & Safety team, in order to help assure the trust and safety of Wikimedia communities. More often than not, it is used during the review process of emergency reports regarding threats of harm against Wikimedia community members, contributors, public figures or the general public. It may also be used in response to requests for information, in line with Requests for user information procedures & guidelines and our Privacy policy, or in connection with legal disputes (for example to verify the truth of claims made by someone that is suing the Foundation) and regulatory investigations. It may sometimes be used in relation to investigation of long term abuse in consideration of a global ban as well as when issuing a global ban. Last but not least, it may be used when reviewing reports of sockpuppets suspected to be used by globally banned users, in enforcing a global ban. In any case, performing CheckUser alone does not mean/prove that the person checked has done something wrong.

It should be noted that, because of the sensitive nature of the information it may convey, CheckUser is only used when the information is pertinent in protecting the communities and broader Wikimedia movement, and only if there is no other reasonable way to obtain it. While the Foundation may share CheckUser information with highly trusted members of the community (i.e. stewards), we may opt to withhold said information if revealing it hinders ongoing efforts by law enforcement to protect the public or endangers Wikimedia community members. This action is performed through a Foundation staff account.

Page protection

Page protection prevents a broad range of users from editing a specific article or page. It may affect contributors with or without special permissions and we may also impose a "do not touch" rule that impacts all contributors. Foundation page protection is granted in only the rarest circumstances and typically requires a court order or a substantial risk to the trust and safety of users, staff, or the public. It is otherwise left for community mechanisms to handle, in line with local project policies.

When a page is protected under this policy, the template "{{pp-office}}" will be placed prominently on the page and the page will be protected. An article may be reduced to a few sentences to remove questionable content, and people are then invited to build it up to a more reputable state. This will be indicated by the template {{reset}} (or related, such as {{pp|reset}}) along with instructions to be followed by everyone.

Range blocks

Range blocks are typically an action taken by the communities in order to help reduce vandalism and disruption. However, in some cases the Foundation may impose a range block in order to enforce a global ban, while upholding our Terms of Use.

Range blocks prevent a group of IP addresses from becoming active on the Wikimedia projects; range-blocked IPs are disabled from creating an account, editing on the projects, contacting other contributors through on-wiki features, etc.

When range blocks are placed in the course of enforcing a global ban, they are performed under the WMFOffice account. In any other situations, they are performed through a staff account.

Requesting an office action

A request for consideration of an office action should be placed to the Foundation team whose purview the specific action falls under. This can be the Trust & Safety team or the Legal Affairs team. While requests may initially be sent to other Foundation teams or staff and then forwarded accordingly, it is best that the request is sent directly through one of the above communication channels, to ensure speedier review.

In order for the request to be considered, it is important that it includes the following:

  • Explicitly specifies the action requested.
  • Includes a succinct summary of the reasons for the request.
  • Provides evidence (URLs) that there have already been attempts to have the issue resolved through local community governance structures where applicable and where possible.
  • Includes any crucial information and evidence in support of the request, including pertinent documentation, subject to specific action requirements as detailed under the corresponding section.

Who performs office actions?

Office actions are performed strictly by Foundation staff or contractors. They may be authorized by any representative or delegate of the Wikimedia Foundation - usually as directed by the Foundation's legal counsel, certain members of the Foundation office staff or as prescribed by each individual policy related to the specific office action.

The Foundation staff members usually performing office actions are:

The office actions will usually come from a role account, with the username User:WMFOffice. In some cases, like performing DMCA takedowns, office actions may be performed by one's staff account. Either way, they will be clearly indicated both during and after to prevent ambiguities.

Wikimedia administrators and others who have the technical power to revert or edit office actions are strongly cautioned against doing so. Unauthorized modifications to office actions will not only be reverted, but may lead to sanctions by the Foundation, such as revocation of the rights of the individual involved. When in doubt, community members should consult the Foundation member of staff that performed the office action, or their line manager. However, details regarding an office action are only shared to the extent that they do not compromise the safety of users, the public or the project.


Timeline of office actions

A flowchart documenting the office actions workflow
The Office actions workflow (in English)

Each office action request is as unique as the person it regards. This applies especially to requests regarding conduct issues; content related actions tend to be more straightforward. Moreover, each action listed under this policy is subject to different internal processes; it may be the outcome of evaluation of a reported behavior rather than the evaluation happening in order to determine if a requested action is warranted.

For these reasons there is no set timeline for office actions in general. However, we do try to respond to them as soon possible and try to adhere to the following timeline guidelines:

  • Global bans: 4 weeks
  • Event bans: 4 weeks
  • DMCA compliance: 7 business days
  • Child protection: 24 hours

While we strive to adhere to the aforementioned timeline guidelines, it is possible that it takes a lot longer for an office action request to be evaluated and granted. Delays in evaluation can be caused due to receipt of additional/new information regarding the original request, the request expanding substantially during evaluation or other unforeseen circumstances.

Appeals

Office Actions, or Foundation decisions not to take an Office Action, can be appealed within 6 months of their first issuance or of their substantial, atypical modification (the extension of a suspension by several months, for example, does not trigger a new right to appeal) upon legal counsel approval.

Only individuals directly involved in a case may request review, either as an individual who requested the initial case or as an individual under investigation. Reviews may be requested following our decision (i.e., whether or not to take an Office Action), at the end of the investigation.

Appeals against office actions should be sent by email to appeals@wikimedia.org, setting out the reason(s) why it was inappropriate.

With regards to office actions undertaken around investigations into the behavior of specific users, the volunteer Trust & Safety Case Review Committee has been formed to review appeals of eligible Trust & Safety office actions. More details may be found on the Trust & Safety Case Review Committee page.

General information

It is important to help clarify a few points regarding office actions in general:

Office actions are extremely rare.

In comparison to actions taken throughout the Wikimedia projects, led by the local community governance mechanisms in pursuit of our vision and mission and in compliance to our Terms of Use, the number of office actions is very, very small.

Office actions are preventable.

All conduct mitigated by office actions is unwanted on a Wikimedia project in the first place; if such is observed and corrected (i.e. removed, ceased or otherwise prevented), no complaint is likely to be made as there is nothing to complain about. Similarly, if a complaint is resolved before any action is taken, it is unlikely for an office action to subsequently take place.

Office actions are transparent when possible, but safety (and legal compliance) come first.

It is not always possible to maintain the same level of transparency for every office action listed under this policy as, in some situations, complete or even partial transparency can compromise the right to privacy and/or safety of involved individuals or hinder ongoing police investigations. We are committed to be transparent wherever possible, but not at the risk of placing Wikimedia users, the public, or the projects in danger.

Office actions are governed by strict internal processes.

The lack of transparency involved in certain office actions does not remove accountability of those enforcing them; they are required to comply with internal processes and protocols and are never enforced without multi-level review and explicit approval. We will share information regarding final office actions and internal processes followed in enforcing them, whenever we can.

Office actions are not based on personal grudges.

They are performed only following explicit complaints to the Wikimedia Foundation about the content of a Wikimedia project or certain abusive behavior taking place within or affecting the wellbeing, trust and safety of contributors in a Wikimedia project. In some cases, investigations may be prompted by Law enforcement requests or as part of our policy enforcement processes.They are also taken in line with prescribed processes and are subject to strict internal review by multiple members of staff in the Wikimedia Foundation hierarchy.

Abusive requests are not acceptable.

We are committed to attempt to address all valid requests for an office action submitted to us, in good faith, and through the appropriate communications channels. However, we will not consider requests themselves breaching our Terms of Use or Friendly space or other behavioral policies, or requests accompanied by demands for preferential treatment (such as control over the article). We will not tolerate intimidation, threats of harm or any other communication that may constitute harassment towards our staff. If any of the above conduct is observed and if inappropriate reporting behavior continues after we have issued a warning, we may entirely refuse to communicate with the reporting party. The lock-out period will be determined based on the seriousness, frequency, number and - if reasonably apparent - presumed intent (e.g. apparent bad faith) of the abusive reports.

Post-action monitoring.

The Foundation does not generally monitor the projects for breaches to the office actions it has enforced. It relies on the Wikimedia community's help in keeping the communities safe and thriving by reporting such breaches to the Trust & Safety team, who will review them on a case-by-case basis and take appropriate actions.

Enforcing office actions.

Community members are welcome to but not expected or obliged to help enforce office actions. If they choose to do so on the grounds of upholding the Terms of Use, however, this should not be a punishable action and they should not be subject to sanctions. One can help enforce office actions in multiple ways such as reporting socks of an interaction-banned contributor using them to interact with another user, removing content uploaded by a globally banned user, informing of an event banned contributor's intent to turn up at an event they should not be attending, etc.

Abuse of office or staff actions.

If you think that the office actions listed under this policy have been abused, you can submit your concerns through ca@wikimedia.org. This email address can also be used to report potential abuse by staff accounts such as inappropriate conduct or use of their advanced user rights.