We recently we had to deal with a suspected breach of privacy by a former admin of the site. Here we’re going to do our best to answer questions about that event, so that we can then leave it in the past and do what we came here to do; talk about esk8.
We’d like to begin by noting that we had no precedent for this kind of situation – this series of events has never occurred during the forum’s lifetime. We didn’t do everything right. We’ll own that and explain where we failed. In this post we are not confirming or denying the validity of the logs that were found, that can be done, if needed, at another time.
Important background: esk8.news had 4 admins until last week. Damon, Bill, Mike, and Jamie. Mike and Bill had some recent public, and private, disagreements, but generally we’ve gotten along well and have supported each other.
Mike had come under scrutiny by some forum members, for some out-of-character behavior; abrasive responses, moving content when it didn’t make sense. The admin pool was notified and that lead to the creation of new rules for mods and admins that were publicly posted.
The platform we use to run the forum, called “Discourse” provides little control over permission that site Admins have, at least in the default installations without complicated customization. Essentially, Admins can see everything, and thusly requires strong dedication by Admins to not misuse those priveledges. For example, Admins can see logs of all user activity, and they can review system logs to review all system events. Another feature that is available to admins is the ability to see ALL content that a user generates on a site, including the user’s personal messages to other users (PMs).
On August 23rd Bill turned on a logging feature that tracks instances of Admins checking personal messages of users. By default, this system feature is turned off (which seems like a terrible default). The feature is called “Log personal message views by Admin for other users/groups.” When engaged, if an admin account accesses a personal message, a record will show up in the system log. There are other ways to trigger this log entry. We explored this in a new thread we created on the Discourse Community forum: https://meta.discourse.org/t/when-does-it-log-check-personal-message/162285/4
On August 24th, Bill noticed two entries in the system log showing that personal messages were viewed through with Mike’s admin account. He notified the other admins, which was absolutely the correct step to take. We had some online discussion through telegram, and made a plan of action. The plan was: 1) admins have a call that night to discuss our approach to resolve the issue 2) Have a discussion with Mike to get his side of things 3) Reconvene the admins and decide on a final course of action.
We felt it was very important to closely review what happened before action was taken, and before a serious accusation was made. It is often that an entry in a system log does not show the whole, irrefutable truth about human behavior. Logs can be triggered indirectly, and we wanted to be diligent and respect each person involved.
The next day Zach made a public post about the log entries that were identified. Zach’s post was well-written, and well done. The problem was with the timing of it. We had agreed to talk to Mike about the logs first, and then reconvene to discuss the right course of action. We had agreed that this was a serious accusation that warranted discussion and careful thought before we made an accusation. We were frustrated because Zach’s post defied our plan, and meant that we didn’t have the chance to hear Mike’s side of things before action was taken.
When asked, Zach explained that others, outside of the mod\admin pool already had screenshots of the system log, and that it was already publicly known. This is now less than 24 hours since we first met to discuss the incident. We were surprised, because at the time only Damon, Bill, and Jamie knew about the incident. Assuming that Zach had taken the screenshots and distributed them to external parties before we could execute our plan, we removed Zach’s mod permissions and temporarily silenced his account. A public statement was then made about the issue.
The next day some discussion occurred, and Zach denied taking or sharing the screenshots. Zach is upstanding, so we believed him. The issue was, then, who in the admin pool sent system log images to an external party? When asked, Damon said it wasn’t him, Jamie said it wasn’t him, Bill said it wasn’t him. Bill later confessed that it was him. When this was discovered, Bill’s mod and admin rights were removed, and his account was temporarily silenced. At this point, we believed that Bill had not only taken the screenshots and shared them with an external party, and disrupted our plan to address the breach, but also allowed Zach to take the blame for his action for a full day. We were also concerned that there was further action was intended; if sharing screenshots of the system log was possible, what other actions could occur? We wanted to understand Bill’s intent before we changed his account status again.
This surprised and saddened us, because we also consider Bill to be an upstanding person and a friend. A close friend. A personal apology was sent to Zach for the misunderstanding.
Here’s where we seriously screwed up : We temporarily silenced both Bill and Zach’s accounts, but we did not silence Mike. His mod and admin rights were removed, but we did not silence him during the “investigation period.” In hindsight this was a very major mistake, since the others were silenced. We will learn from this, and make sure we don’t make that same mistake in the future.
We learned just recently that, in fact, Zach, Bill, and the external party they shared the system logs with were aware of each other’s activities, and had worked together. This means that Bill and Zach were actually supporting each other and trying to support each other as they each accepted blame for about sharing the screencaps.
The other big mistake : Somewhere in the interactions between the admins, there was clearly a breakdown in communication and understanding about how the incident would be handled. Bill and Zach (must have) believed that the issue was not going to be dealt with appropriately, leading them to take action outside of the agreed-on plan, and in defiance of the rest of the admin pool. While we can’t condone going “rogue” and making accusations without proper investigation, or being dishonest to the admin pool, we must respect their intention to be truthful and diligent to the community.
We hope that Zach and Bill will accept our apology. They have both contributed tremendously to this community, and this forum would not be as vibrant and successful as it is today without their hard work and input. Both accounts are now available to them and we hope they will continue to engage here.
We’re thankful to the community while we derp’d our way through this messy situation, and hope we’ve answered enough questions for everyone to feel at ease.
( original thread here: Breach of Privacy Update [SERIOUS] )