Requests for
User Data

Jul – Dec 2017

Total User Data Requests
15

Jul – Dec 2017

Percentage of Times Information Produced
7%

Freedom of speech is essential to the Wikimedia movement—the projects cannot flourish in an ecosystem where individuals cannot speak freely. Our users trust us to protect their identities against unlawful disclosure, and we take this responsibility seriously.

However, every year, governments, individuals, and corporations ask us to disclose user data. Often, we have no nonpublic information to disclose because we collect little nonpublic information about users and retain that information for a short period of time. But when we do have data, we carefully evaluate every request before considering disclosure. If the requests do not meet our standards—if they are overly broad, unclear, or irrelevant—we will push back on behalf of our users.

If we must produce information due to a legally valid request, we will notify the affected user before we disclose, if we are legally permitted and have the means to do so. In certain cases, we may help find assistance for users to fight an invalid request.

Below, you will find more information about the requests for user data we receive.

Awareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.

Jul – Dec 2017
Summary


Total User Data Requests 15
Informal non-government requests 7
Informal government requests 7
Civil subpoenas 1
Criminal subpoenas 0
Administrative subpoenas 0
Search warrants 0
Court orders 0
National security requests 0
Information Produced 1

Jul – Dec 2017
User Accounts Affected


User accounts potentially affected 20
User accounts actually affected 2
User accounts notified 0

Type of Information Requested

We divide the requests we receive by the type of information requested: “content” or “non-content.”

Most content information on the Wikimedia projects is the public content of articles and project pages; “non-content” information refers to information such as IP addresses or user agent information. The distinction comes from the Electronic Communications Privacy Act, or ECPA. Please see our FAQ for more information.

Jul – Dec 2017

Content Requests
0%

Jul – Dec 2017

Non-Content Requests
100%

Compared to other companies, we received relatively few requests*

Total requests

Requests where information was produced

*

Due to the inconsistent release dates across different organizations, comparison data for the period covered by this report (July 2017 - December 2017) was not available, so we are presenting the comparison data above for January 2017 - June 2017. Please also note that figures for Wikimedia include additional types of requests for user data that are not included in the other organizations' figures. See the FAQ for more details.

Requests for user data, and how we responded

Request TypeShow All

Information Produced?

All

Partial*

None

*

Beginning with the July 2016 Transparency Report, the Wikimedia Foundation began distinguishing between "full" and "partial" compliance with user data requests. This distinction was not made for requests prior to July 2016. Please see our FAQ for more information.

By CountryShow All

Jul – Dec 2017
Government Requests Breakdown


Informal Government Requests Total 7
Australia Federal police 1
India Local police 1
State police 1
Italy State police 1
Korea Local police 1
United Kingdom Local police 2




Jul – Dec 2017

Total Preservation Requests
1

Preservation Requests

Occasionally, we receive a preservation request from the U.S. government under the Electronic Communications Privacy Act. A preservation request is an order to retain information that would otherwise be deleted, anonymized, or aggregated within 90 days, according to our Data Retention Guidelines. If we receive one of these requests, we are legally required to retain the specific information indicated. However, we will not turn this information over to the requesting party unless they subsequently follow our Requests for User Information Procedures & Guidelines, and obtain a legal order, such as a subpoena or warrant, for the information in question.

Here, we provide the number of new preservation requests we received during the period covered by this report.





Jul – Dec 2017

Total Emergency Disclosures
14

Emergency Disclosures

We report two types of emergency disclosures, which happen on rare occasions.

First, the Electronic Communications Privacy Act provides an expedited process for law enforcement to request user data from websites in cases of immediate threat to life or limb. We call these “emergency requests”. Such requests are also addressed in our Requests for User Information Procedures & Guidelines and Privacy Policy.

Second, we proactively contact the authorities when we become aware of troubling statements on the projects, such as suicide threats or bomb threats. We take these statements seriously and assess each one individually, contacting law enforcement as appropriate to help resolve the issue. We call these “voluntary disclosures.”

The stories below are real. They are also meant to be illustrative of the kinds of situations that would warrant a possible emergency disclosure of user information. Please note that these specific stories may not have occurred during the precise time frame that this transparency report covers. Some variables, such as the privacy of our users, may require our postponing the reporting of certain stories.



Jul – Dec 2017
Total Emergency Disclosures


Emergency Requests 1
Voluntary Disclosures 13




A Deadly Threat

The community shares threats with the Foundation when they find them. When an anonymous poster made an alleged bomb threat, we found that the edit was made from an IP address that was near the apparent threat location. As permitted by our Privacy Policy, we alerted local police, passing on the IP address and details we had about the threat. The police informed us they had located and arrested the person in question, who allegedly had weapons available and reportedly confessed.

Revealing Presidential Threats

On rare occasions we discover threats against public figures. This is uncommon, but something that happens on large websites. An individual had made specific, graphic threats against then-President Barack Obama. This is contrary to our policies, and against U.S. law. In cases of potential serious harm to a person, our Privacy Policy allows us to disclose relevant information. We immediately took action, reporting the user’s IP address, user agent information, and email address to the United States Secret Service.

Dealing with Suicide

Authorities advise contacting emergency services when a loved one threatens suicide. When someone shared what appeared to be a credible intent to commit suicide, we notified their local police department. The person was able to get medical help, and later let us know they were okay. If you are considering suicide, please seek out a mental health professional immediately. You can also contact emergency services; visit an emergency room or psychiatric walk-in clinic; or call a suicide prevention hotline.



Emergency Disclosures By Type