Requests for user information procedures & guidelines

From the Wikimedia Foundation
Jump to: navigation, search

These guidelines are intended for parties (such as law enforcement, government agencies or administrative bodies, or civil litigants) who wish to request disclosure of nonpublic information regarding Wikimedia users or their content or activities on the Wikimedia projects. These guidelines are also made available for Wikimedia users who are curious about our internal policies and procedures for dealing with requests for nonpublic user information.

About the Wikimedia Foundation and the Wikimedia Projects

The Wikimedia Foundation (“WMF” or “We”) is the nonprofit organization that hosts the Wikimedia projects and encourages the development and distribution of freely-licensed, educational content on the Wikimedia projects. Wikimedia projects, such as Wikipedia, are open and collaborative wiki-based projects that may be accessed and contributed to by anyone in the world.

Our Values & What They Mean For Your Request

Freedom of speech and access to information are core Wikimedia values. User privacy, and sometimes anonymity,[1] is necessary to give life to these values and to protect those that have trusted us with their personal information. This means:

  • We expect requesting parties, like you, to meet our requirements below (including all legal requirements) when making a request for any of our users’ nonpublic information.
  • We will examine every request that we receive to ensure their compliance with our requirements below and United States ("US") law.
  • Absent a credible and imminent threat to life or limb (i.e. death or serious bodily injury), we will refuse to disclose nonpublic user information if we believe that we are not legally required to disclose the requested information.
  • When possible, we will notify our users of your request so that they have the opportunity to legally challenge it if they do not believe your request is legally valid.

Types of Nonpublic Information We May Have

User contributions
View History tab

Due to the inherent transparency of wikis, most information on the Wikimedia projects is public. For example, information relating to a particular user's edits on the Wikimedia projects[2] or information relating to the editing activity on a particular article or page[3] is publicly available. You do not need a Wikimedia project account to view this information.

The Wikimedia Foundation actually collects very little nonpublic information (if any) that could be used to identify its users offline and it retains that information for a limited amount of time. Some of the limited nonpublic information we store is collected automatically (such as the IP address of the user's device or their proxy server and user agent information), while other nonpublic information is optionally provided by the user (such as an email address). Regardless, nonpublic information that includes personally identifying information about any particular user is kept for a short amount of time. You can learn more about the types of information we collect and how long we retain that information in our Privacy Policy and Data Retention Guidelines.

Please note that users can use the Wikimedia projects anonymously. Even if a user has registered an account with us, he or she is not required to provide personally identifying information such as a real name, email address, physical address, date of birth, or phone number. And if they have provided any of this information, the information we have may not correspond to a real person as the user may have provided fake or pseudonymous information.

What We Require From You

The Wikimedia Foundation only discloses nonpublic user information in accordance with our Terms of Use, Privacy Policy, and applicable US law, including the Electronic Communications Privacy Act (18 U.S.C. §§2510-2522, 18 U.S.C. §§ 2701-2711, and 18 U.S.C. §§ 3121-3127).

If you choose to submit a request to us, it must meet the following requirements:

  • Reasonableness. It must be reasonable for us to locate and retrieve the information you request. We do not accept requests that would be unreasonably burdensome to execute.
  • Specificity. Your request must be specific as to what particular types of information you are requesting and where it may be located. It must also at least specify the username of the party you are seeking information about -- and please note that usernames are case-sensitive. We do not accept general inquiries, requests based solely on real names[4], or vague or overbroad requests. Please ensure that the requested information is not available through our public APIs.
  • Relevance. Your request must specify the relevance of the information you are requesting to the investigation or case your request pertains to.
  • Contact Information. You must include your name; your mailing address; your firm or agency’s name (unless you are representing only yourself); your direct phone number; your valid firm- or agency-issued email address (unless you are representing only yourself); and if you represent a law enforcement, governmental, or administrative agency, your badge or identification number.
  • Timeline. You must include a specific deadline by which we must respond to your request. With the exception of emergency requests (described below), please bear in mind that we generally need a 30 business day minimum waiting period, so that we can properly notify our users and ensure that they have a reasonable period of time to contest your request if they choose to do so.
  • Legal Validity & Enforceability Under United States Law. Your request must be legally valid and enforceable under US law and be in one of the following forms:
  • A court order directed to WMF, issued by a US court of competent jurisdiction;
  • A civil subpoena, which complies with Rule 45 of the Federal Rules of Civil Procedure or the California Discovery Act;
  • A federal or US state criminal subpoena (grand jury or trial), issued by a US court of competent jurisdiction in connection with an official criminal investigation;
  • An administrative subpoena authorized by a federal or state statute;
  • A warrant issued under the procedures of the Federal Rules of Criminal Procedure or equivalent state warrant procedures, based upon a showing of probable cause -- if you are a government or law enforcement agency and are requesting disclosure of the contents of any user communication, nonpublic user content information, or any other information where a warrant is required by law;[5] or
  • A request served by a US court of competent jurisdiction or enforcement agency under the procedures set forth in an applicable mutual legal assistance treaty or letters rogatory -- if you are making a request originating outside of the US.

Absent a credible and imminent threat to life or limb (i.e. death or serious bodily injury), we will refuse to disclose nonpublic user information if we believe that we are not legally required to disclose the requested information.

Emergency Requests

In accordance with 18 U.S.C. § 2702(b)(8), if you believe there is a credible and imminent threat to life or limb (i.e. death or serious bodily injury) to any person, and that we may have information necessary to prevent the threat from being fulfilled, you may request an emergency disclosure.

In addition to the requirements set forth above, emergency requests should also include (to the extent you are legally permitted to disclose) the following:

  • A subject line including the phrase “EMERGENCY DISCLOSURE REQUEST”;
  • The specific information you are requesting and how it is necessary to prevent the threat from being carried out;
  • The identity of the individual(s) or group(s) of individuals under threat;
  • The nature of emergency;
  • Why you believe it is imminent;
  • Links to specific content containing relevant information (if any);
  • Any other information you believe will aid in our evaluation of your request; and
  • A declaration, under the penalty of perjury, that to the best of your knowledge, the information you have submitted is true and accurate.

The decision to grant a request for emergency disclosure lies solely with the Wikimedia Foundation. After evaluation of your request for emergency disclosure, if we have a good faith belief that there is a credible and imminent threat to life or limb, we may provide the information necessary to prevent such harm (if we have and can recover it).

If you have an emergency request, please email your request to legal[at] and CC emergency[at] to ensure speedy processing.

Child Safety

We report any discovered instances we believe to be child pornography to the National Center for Missing and Exploited Children (NCMEC), including information brought to our attention through your requests for nonpublic user information. If your request has already been reported to NCMEC or relates to a case being handled by NCMEC, please include the case or report information in your request.

How to Contact Us

You may send your request to us:

Via Email -


Please provide a clear and concise subject line, such as “DISCLOSURE REQUEST - [CASE NAME] - DEADLINE: [DATE]".

If you are sending an emergency request (as defined above), please email legal[at] and CC emergency[at] to ensure speedy processing.

Via Post -

The Wikimedia Foundation

℅ CT Corporation System

818 West Seventh Street

Los Angeles, CA 90017

While we agree to accept service of requests by these methods for convenience, neither the Wikimedia Foundation nor its users waive any legal rights or defenses based on this accommodation. Please note that if you are seeking testimony from the Wikimedia Foundation or its staff, officers, contractors, or board members, you must serve such a request on our registered agent for service or process as we do not accept those kinds of requests by post or email.

Notifying Our Users of Your Request

We believe in transparency about when requests are made for our users’ nonpublic information. This means that we will notify the user(s) affected by your request of your request and that we will report the receipt and resolution of your request in our transparency report.

When we receive your request, we will notify and provide a copy of your request to the affected user(s) at least 10 calendar days before we disclose the requested information, provided that (1) we have contact information for the affected user(s); (2) disclosing your request will not create or increase a credible threat to life or limb; and (3) we are not otherwise prohibited by law or an order from a US court of competent jurisdiction, such as an order issued pursuant to 18 U.S.C. § 2705(b), from doing so. If we are unable to provide information about your request to affected users because disclosing it would create a credible threat to life or limb; or we are prohibited by law, we will provide information about your request to affected users that we have contact information for within a reasonable period after the threat or legal restriction has terminated.

If you are requesting disclosure of nonpublic user information that you believe requires confidentiality, please provide a legally valid and enforceable protective, sealing, or "gag" order from a US court of competent jurisdiction. Please note that we must receive notice of such protective, sealing, or gag order prior to the date the Wikimedia Foundation notifies the user for confidentiality to be considered.

Upon notification to the affected user(s), the user(s) will generally be provided at least 10 calendar days before we will disclose the requested information (assuming we find your request to be otherwise valid), during which time the affected user(s) may attempt to quash or otherwise legally challenge the request. If, prior to the disclosure, we receive notice from the affected user(s) that he or she intends to challenge your request, no information will be delivered until that legal challenge is resolved.

Our Right to Challenge Your Request

We may, and reserve the right to, challenge the scope or validity of your request, on behalf of any affected user, whether or not the affected user chooses to pursue his or her own legal challenge.

Cost Reimbursement

We reserve the right to seek reasonable reimbursement costs for responding to your request.


  1. The Supreme Court of the United States once stated: "Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society." McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995). To read more about the importance of anonymity, see
  2. By clicking “User contributions” under “Toolbox” on a particular user’s userpage, you can view the history of that user’s edits.
  3. By clicking "View history”, you can view a timeline of the contributions and edits made on that particular article or page.
  4. Users are not requested or required to provide a real name when they use our sites. They are only required to provide a username of their choosing and a password to create an account. If they choose not to create an account, they can still view, edit, and contribute to Wikimedia sites without an account. Therefore, it's impossible for us to search for records based on a person's real name.
  5. For the avoidance of doubt, we believe a warrant is required by the 4th Amendment to the United States Constitution, which prohibits unreasonable search and seizure and overrides conflicting provisions in ECPA. We believe that the ECPA needs to be updated so that equivalent protections are granted to electronic communications and documents that have already been granted to the physical documents one keeps at home or in their office. To that end, we are a member of the Digital Due Process Coalition to help in that effort.