The MNHQ Moderation team

[BarrackerBarmer]

Dear MNHQ

I'm very grateful for the commitment to free speech you've publicly taken, and for Justine's courage this week.

A former disgruntled employee of MN is writing on Twitter about the 'transphobia' of MN staff, and calling you TERFs. She is showing a great deal of bias and intolerance towards women with feminist views, this may well be her honest opinion, which is no big deal I suppose, since she is no longer an employee.

At least, it isn't an issue until she calls a shout out to her
'friends who still work at MN' to report and take down posts by 'transphobic scum', by which she appears to be referring to any poster objecting to being called TERF by her friend.

Regardless of the personal views of the MNHQ staff, who should be as free to hold their own views as I am mine, I am disturbed that there may be a small contingent of employees who are invested in unfair moderation and will not be applying fair-handed principles, at least if the claims of this ex-employee are credible.

Can you please give posters some reassurance that the difficult job of fair-handed moderation isn't being abused by the 'friends' of ex-employees who are 'reporting it all' and taking down posts because any gender criticism means the poster is 'transphobic scum'?

Thank you.

I believe she should be reported to the police and this reported to the ICO, even if her former colkeagues do consider her a nice person.

If anyone maintains she is 'nice' after this has poor judgement.

This is not a mistake - no way. She deliberately took screenshots of people's data (IP address) and published it on Twitter. You have no idea what other data she has retained from her time accessing your systems MNHQ. This is extremely serious.

Which is why I asked if her devices and messaging apps etc will be investigated?

To do that would require her to be arrested and/or subject to a search warrant. The ICO does not have those powers without a lot of hoop jumping, as witness the shambles over Cambridge Analytica clearing boxes out in advance.

I'm not quite sure who you think is in a position to demand that a former intern in a company provide access to personally owned devices and the messaging applications thereon, and in pursuit of investigations of what crimes, but for straightforward suspected breaches of the DPA the answer is "no one".

The people in the frame for this at the moment are MN: were this to escalate to a formal referral to the ICO (and I am not currently a signatory to a company's DPA registration, but I have been in the past, and personally I'd be assembling my legal ducks and getting ready to phone Manchester) then the question is going to be whether MN's data protection regime is adequate for the sensitivity of the data being processed.

Given that large portions of the forums only escape being "sensitive personal data" by virtue of being disconnected from identifiable name information - the DPA doesn't, regrettably, protect you against jigsaw attacks which re-identify otherwise anonymous data, and that gap was one of the reasons for the loss of trust in the care.data project - then it's going to be regarded as worrying that a random intern was able to, by the sounds of it, link sign up data to postings, screenshot it and walk it off the premises. It might be that the precautions MN take are proportionate to the risk: the ICO does not ask for perfect security, but security commensurate with risk and sensitivity. I assume the MNHQ have data protection lawyers on speeddial. If not, they should find some. Now.

Holy moly. This is insane.

IP addresses are no small thing. Everyone knows how techy TRA often are.

@MNHQ I sincerely hope you have already alerted the authorities (including ICO)

The TRAs are already trying to defend this as 'journalism'. .

They would defend anything and any means to serve their own ideology, seriously

This IS what we are dealing with

I don't reboot often, so my IP is not changed often

And that's only relevant for home users. An IP will probably identify an employer if someone is posting from work. It will identify an educational establishment for someone posting from college/university. It will identify some home users, uniquely (customers of Xen, for example, and some of the similar "boutique" ISPs which still dole out static IP numbers, Demon-style).

Hot tip: access MN via a VPN.

This is absolutely premeditated. What other information has Emma Healey stolen and who has she given it to?

Bear in mind the screenshots were already edited, so it would have been very simple to edit out the usernames and IP addresses too- she left that data there deliberately while bleating about 'transphobia'.

Leaking IP addresses may not seem serious to some (you can see which neighbourhood someone lives from their IP address), but on a website where users share personal info about their age, appearance, car, children etc. this is pretty worrying. It also makes users vulnerable to DDoS attacks.

Have the police been contacted yet? Who else should be dealing with this data breach?

@JustineMumsnet

What a horrible week. This is a very worrying action by a former employee but I wanted to say I am still thankful you came out on the side of free speech and risked drawing fire on MN.

For those posters on this thread who are shouting about disgusting transphobia, and posters on FWR getting their just desserts, shame on you. If you’ve ever read threads on FWR you will have seen we are worried about the effect on women and girls that these proposed changes to the GRAwould bring. I will repeat, again, that nobody on FWR wants trans people not to exist, nor do we support a rolling back of their existing rights. We are just trying to ensure that women and girls do not end up with fewer rights than they started with.

I do trust MN to deal with this in the appropriate fashion.

I note one of Emma's Twitter chums is saying that no offence has been committed because there's an exemption for journalists exposing wrongdoing (hate speech) and Emma was acting as a journalist ...

I don’t expect MNHQ to have some sort of ideological purity policy for recruitment, but I do expect them to have users’ data security at the top of their priority list. This person has had access to all sorts of personal information and obviously had no qualms about taking and storing it for their own personal use. This isn’t a bit misguided, it’s a deliberate breach of data protection by an adult who knew very well what they were doing. I hope MNHQ takes this person through the legal route as an indication to their users of how seriously they take breaches of this kind and to discourage anyone else thinking of doing the same thing.

Data breach is 'free speech'

I really think this is a police matter and that CAMRA should be informed of their employee's illegal actions.

How to shut down forums you don't like Create a data breach to scare everyone off

Oh god, now everyone is going to rehash their GDPR training day content in a half-baked way....

I sincerly hope a search is being done on all MNHQ emails to see if anyone has been emailing data to themselves or others.

Journalism 🤣 A twitter rant!

You simply can't excuse a breach of data laws and a breach of her contract with 'benefit of the doubt'. This is a serious breach of the DPA and I can guarantee if MN don't do something about this themselves, a poster will. The publicity would be so much kinder if MN acted and didn't leave it to a member to do so.

Cuboidal

Yes, I know, that's what I was saying.

I do use a VPN sometimes but didn't think it necessary for Mumsnet. This might need reviewing......

When I say "Faccenda"

You say "

@SandyDrawsBadly think we already follow each other. Bad toes ?!😂

What's a faccenda?