The aftermath of the intern data leak?

[stealthsquirrelnutkin]

Has anything has been done to tighten security in compliance with law after the incident in April when the paid intern doxxed the women of FWR and drove so many Feminists off the site?

www.theguardian.com/media/2018/apr/19/mumsnet-reports-itself-data-regulator-transgender-rights-row-ip-addresses-posted-twitter

Yes I’d love to know if friends of Emma are actively modding on FWR.

Hi @MNHQ, is there any update on the further questions and when we can expect a response, please?

we're as sure as we possibly can be that the tweeting of three posters' IP addresses was genuinely unintentional

I don't care if it was unintentional, the effect on the women who had their data publicly released will be the same regardless of intent. I don't see why the consequences for her should be any less if it was unintentional to be honest.

I am very unsatisfied by this.

I don't care if it was unintentional, the effect on the women who had their data publicly released will be the same regardless of intent. I don't see why the consequences for her should be any less if it was unintentional

It hardly seems like good practice, how does allowing her to go on her merry way with an unblemished record act as any kind of a deterrent to other employees of the same unscrupulous bent?

We haven't heard anything about her "friends" who remained at Mumsnet and were still feeding her information. Were they ever identified?

I don't regard this as an acceptable response, if I'm honest.

I wonder if the women who were affected have legal recourse? Does anyone know? Is it one of those things where you need deep pockets?

I was wondering about legal recourse too - could the women who were affected pursue their own complaint?

Following, curious about this now.

I would like to know if the 'friends' (or others like them who seem to have their own modding agenda) are still working. It all sounds very insecure to me. It is worse than the Jeffrey debacle, because it was on the quiet, from the inside and I do not feel reassured that it is not still going on.

While I understand and am completely happy with the idea that employees are entitled to hold their own opinions, I think I'd like some sort of reassurance that - expressing this sort of attitude towards users of the site is completely unacceptable within MNHQ

Absolutely - we'd never condone language like this and we'd take it extremely seriously if we came across it. Hand on heart, though, I've never heard anything remotely like this in the ten years I've been at MNHQ.

- the 'friends of Emma' who still work at MNHQ understand that they should be applying modding in an evenhanded and fair way

As you say, MN staff are entitled to hold their own opinions, but it's a point of principle that we moderate according to the TGs, regardless of personal views. Inevitably, different people will make different decisions - though we think that what often looks like a variation between moderators is actually because the context of the decision is different. We're always happy to take another look at something if you think we may have missed the mark somewhere.

If they're not actively dealing with troll activity, then for what purpose do the senior team members need to view IP addresses? What, in practice, is this information being used for?

The senior team will occasionally moderate tricky situations directly themselves, so they need to have top-level access.

Secondly, are the IP addresses constantly viewable, or does it need to be accessed separately, i.e. by clicking on a link to the user's profile, which might be key-logged.

IPs are available on the admin view of a thread, so that mods can make decisions as quickly as possible.

Finally, what level of access do staff have to private messages, including deleted messages, and are attempts to access these logged in any way?

Staff with mod clearance are able to look at PMs, and they very occasionally do so if they believe that it's necessary in order to protect other users. Once PMs are deleted they can't be viewed or retrieved.

I don't think it's vindictive to want some type of follow up to her behaviour? Does she swan off to her next job with her history of this completely erased? Is mumsnet going to provide a reference? If so, will it be a personal reference? Will you include the details of this event?

She is an unethical person who was reckless with the information of others. Getting off scotfree after abusing her position and publicly calling women 'bigots' seems to me entirely unfair.

Yes I'm pretty pissed off that her Linkedin profile lists her impressively long list of responsibilities at MN whilst completely ignoring the carnage she caused. I get my revenge by slagging her off every time someone mentions CAMRA in conversation.

Thank you, Kate.

Staff with mod clearance are able to look at PMs, and they very occasionally do so if they believe that it's necessary in order to protect other users. Once PMs are deleted they can't be viewed or retrieved.

Are these access attempts logged in any way?

Thanks for the reply Kate, I appreciate you engaging.

I understand that it is reasonable for MN to have access to all the content they host, including PMs.

However from your reply I imply that MN staff accessing PMs is not logged.

Site users often use PMs to exchange sensitive and personal information.

I think it would be a sensible precaution to log any attempts by MN staff to access PMs, to prevent this access being abused.

Could you give your view on this?

Oh jinx Derek!

I also think it’s worth pointing out that Emma has caused a huge amount of damage to your brand. Although I have great sympathy for the modteam who, for the most part are doing an incredibly difficult job and doing it very well indeed. to the lot of you, but it only takes one bad apple, and the result is that I actively feel unsafe using Mumsnet now.

Great minds, Bernard.

Competition winners are also asked to send their address details via PM.

Staff with mod clearance are able to look at PMs, and they very occasionally do so if they believe that it's necessary in order to protect other users.

And what procedures do you have in place to ensure that they aren't looked at for nefarious reasons by people like Emma?

Do you track which of you has looked at PMs and why?

What level within Mumsnet does somebody have to be to have mod clearance to access our PM's @KateMumsnet?

I would also be interested in whether your systems maintain a log of which mod has accessed a user's account and who has access to that data?

"Do you track which of you has looked at PMs and why?"

Highly unlikely. That's a police level of DB monitoring.

There is always a chance of insider infiltration in any organisation. Until the TRA thing came about, I don't suppose there was any requirement to risk assess staff for it. There is now, obv and restrict access to staff who have been through a more robust screening.

She went to Leeds Uni too if my memory serves me correctly, didn't she? They do a good job of them there.

No, I wouldn’t say it ‘s a particularly high level of monitoring to log access attempts. I worked in a mobile phone call centre and any attempt to access customer data was recorded

I would regard that as a pretty standard precaution

All I can take from this, I'm afraid, Kate is to advise other MNers never to say anything in a PM that they don't want Emma2 to plaster all over Twitter - in particular, nothing that could identify them to abusive doxxers.

It's very worrying that you have had a data leak by an employee, taken no action against that employee despite that employee publicly stating MN continues to employ people who agree with her actions, and yet you are taking no action to ensure that such people are not able to access our PMs with malign intent.

On the relationships board, and occasionally fwr, women who are being abused get support. Given the vulnerability of these women (and their children) and the lengths abusers will go to to gain access to their victims, I think logging access would be a sensible precaution, and presumably not that difficult to do....

Agree with lang. I deleted all my pms after Emma-gate and don't use the pm feature anymore. Ah, yet another way women are prevented from talking to each other, there are so many......