Shortly after a new tool was unveiled which allows people to track who has been editing Wikipedia entries, reports have surfaced about how at least one Statistics SA employee edited entries on Wikipedia including an entry on HIV/AIDS in South Africa.
This entry was edited by a person whose IP address resolved to a server in Centurion operated by the State IT Agency. What this person probably didn’t realise was that his/her IP address was logged and could be traced back to his/her server:
Anyway, two ITWeb journalists, Paul Furber and Kim Guest did a little digging and used the vandal’s IP address to track his/her location:
Wikipedia’s edit history for the article “HIV/Aids in South Africa” shows repeated vandalism from IP address 18.104.22.168. This address resolves to a machine called mx1.statssa.gov.za, located just off the Ben Schoeman highway in Centurion, and is owned and operated by the South African government.
There has understandably been considerable outrage that government employees are actively censoring potentially critical commentary or information that is simply not to their liking about such an important issue. This is especially troubling not just because someone is acting in this manner but because the person taking these steps is a government employee. Jane Duncan, the executive director of the Freedom of Expression Institute, pointed out that the public service has an ethical duty to promote free expression in South Africa and this act of vandalism is a violation of that duty.
As objectionable as the thought of government employees behaving in this manner is, did you notice how quickly the Wikipedia community corrected the vandalism? The entry was deleted at about 11:13 on the 27th of July and was reversed within a minute. The damage was addressed by other members of the community within the next 3 minutes. That is the power of Wikipedia and a strong sign that the system is working and that freedom of expression is protected on Wikipedia.
There are a couple things to take from this incident. One important question to ask is whether you, as an employer, are taking steps to protect yourself and your company from claims that may be instituted by 3rd parties who may be defamed by action taken by employees from behind the curtain of the a shared server or other forms of civil or criminal liability as a result of that sort of action? Do your internal policies address these issues? Are you doing what you can to monitor what your IT infrastructure is being used for?