Requests for
User Data

Jan – Jun 2017

Total User Data Requests
18

Jan – Jun 2017

Percentage of Times Information Produced
16.7%

Freedom of speech is essential to the Wikimedia movement—the projects cannot flourish in an ecosystem where individuals cannot speak freely. Our users trust us to protect their identities against unlawful disclosure, and we take this responsibility seriously.

However, every year, governments, individuals, and corporations ask us to disclose user data. Often, we have no nonpublic information to disclose because we collect little nonpublic information about users and retain that information for a short period of time. But when we do have data, we carefully evaluate every request before considering disclosure. If the requests do not meet our standards—if they are overly broad, unclear, or irrelevant—we will push back on behalf of our users.

If we must produce information due to a legally valid request, we will notify the affected user before we disclose, if we are legally permitted and have the means to do so. In certain cases, we may help find assistance for users to fight an invalid request.

Below, you will find more information about the requests for user data we receive.

Awareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.

Jan – Jun 2017
Summary


Total User Data Requests 18
Informal non-government requests 10
Informal government requests 4
Civil subpoenas 3
Criminal subpoenas 1
Administrative subpoenas 0
Search warrants 0
Court orders 0
National security requests 0
Information Produced 3

Jan – Jun 2017
User Accounts Affected


User accounts potentially affected 23
User accounts actually affected 3
User accounts notified 0

Type of Information Requested

We divide the requests we receive by the type of information requested: “content” or “non-content.”

Most content information on the Wikimedia projects is the public content of articles and project pages; “non-content” information refers to information such as IP addresses or user agent information. The distinction comes from the Electronic Communications Privacy Act, or ECPA. Please see our FAQ for more information.

Jan – Jun 2017

Content Requests
0%

Jan – Jun 2017

Non-Content Requests
100%

Compared to other companies, we received relatively few requests*

Total requests

Requests where information was produced

*

Due to the inconsistent release dates across different organizations, comparison data for the period covered by this report (January 2017 - June 2017) was not available, so we are presenting the comparison data above for July 2016 - December 2016. Please also note that figures for Wikimedia include additional types of requests for user data that are not included in the other organizations' figures. See the FAQ for more details.

Requests for user data, and how we responded

Request TypeShow All

Information Produced?

All

Yes

Partial

None

No

By CountryShow All

Jan – Jun 2017
Government Requests Breakdown


Informal Government Requests Total 4
India Local police 1
Singapore Federal police 1
United Kingdom Local police 1
United States State agency 1
Criminal Subpoenas Total 1
United States Federal law enforcement 1




Jan – Jun 2017

Total Preservation Requests
1

Preservation Requests

Occasionally, we receive a preservation request from the U.S. government under the Electronic Communications Privacy Act. A preservation request is an order to retain information that would otherwise be deleted, anonymized, or aggregated within 90 days, according to our Data Retention Guidelines. If we receive one of these requests, we are legally required to retain the specific information indicated. However, we will not turn this information over to the requesting party unless they subsequently follow our Requests for User Information Procedures & Guidelines, and obtain a legal order, such as a subpoena or warrant, for the information in question.

Here, we provide the number of new preservation requests we received during the period covered by this report.





Jan – Jun 2017

Total Emergency Disclosures
16

Emergency Disclosures

We report two types of emergency disclosures, which happen on rare occasions.

First, the Electronic Communications Privacy Act provides an expedited process for law enforcement to request user data from websites in cases of immediate threat to life or limb. We call these “emergency requests”. Such requests are also addressed in our Requests for User Information Procedures & Guidelines and Privacy Policy.

Second, we proactively contact the authorities when we become aware of troubling statements on the projects, such as suicide threats or bomb threats. We take these statements seriously and assess each one individually, contacting law enforcement as appropriate to help resolve the issue. We call these “voluntary disclosures.”

The stories below are real. They are also meant to be illustrative of the kinds of situations that would warrant a possible emergency disclosure of user information. Please note that these specific stories may not have occurred during the precise time frame that this transparency report covers. Some variables, such as the privacy of our users, may require our postponing the reporting of certain stories.



Jan – Jun 2017
Total Emergency Disclosures


Emergency Requests 2
Voluntary Disclosures 14




A Deadly Threat

The community shares threats with the Foundation when they find them. When an anonymous poster made an alleged bomb threat, we found that the edit was made from an IP address that was near the apparent threat location. As permitted by our Privacy Policy, we alerted local police, passing on the IP address and details we had about the threat. The police informed us they had located and arrested the person in question, who allegedly had weapons available and reportedly confessed.

Revealing Presidential Threats

On rare occasions we discover threats against public figures. This is uncommon, but something that happens on large websites. An individual had made specific, graphic threats against President Barack Obama. This is contrary to our policies, and against U.S. law. In cases of potential serious harm to a person, our Privacy Policy allows us to disclose relevant information. We immediately took action, reporting the user’s IP address, user agent information, and email address to the United States Secret Service.

Dealing with Suicide

Authorities advise contacting emergency services when a loved one threatens suicide. When someone shared what appeared to be a credible intent to commit suicide, we notified their local police department. The person was able to get medical help, and later let us know they were okay. If you are considering suicide, please seek out a mental health professional immediately. You can also contact emergency services; visit an emergency room or psychiatric walk-in clinic; or call a suicide prevention hotline.



Emergency Disclosures By Type