Username change without changing history

[RichardTaylor]

There are circumstances where we might want to change a username (effective from a particular point in time) and have the system use the original name for correspondence threads before that date.

eg. Someone changes their name on marriage

eg. Someone changes their name for any other reason

[RichardTaylor]

There has since been another case of a user changing their name where this feature could have been used.

[RichardTaylor]

There's been a case on WhatDoTheyKnow where a user signed up with their first name; and now wants their full name as their user name.

As the user has got a history of requests with correspondence from public bodies asking for their full name when requests were made without it we shouldn't really "change history" by changing the username.

This is just an update to note this is still a feature which would, on a rare occasion, be desirable.

[hsenag]

Doesn't the actual correspondence show how the request was signed at the time, even if the user changes their name later?

[RichardTaylor]

The displayed user-name name is the most prominent name associated with the request; and this can be different from the name actually used to sign off the request.

I think changing the username on past requests would be confusing.

If we allow a user-name to be changed we could end up with requests where the authority has replied to a name no-longer present in the request. ie. they've replied to the username (which the authority sees the request as being "from") rather than who it is signed off by.

We could change the name but add an alert explaining we had done so; but I think it would be best not to change history.

If we did allow a username change without changing history perhaps where a change had occured we'd want a note on old and new requests saying the name has changed.

[hsenag]

OK, so the confusing thing would be that there would be correspondence addressed to and signed off from the old name, but the new name would appear in things like the "From:" bit of outgoing messages?

[RichardTaylor]

My understanding is if we change a username then we change the name displayed at the top right of every outgoing message as well as the name shown at the top of the request thread.

The only place the old name might appear is in the sign-off within the body of outgoing messages.

My top concern about "changing history" in this way is in some cases we might be making it look as if public bodies had made up names to address their responses to.

It's also just bad in my view to silently change history; what if someone had referenced the request in a news article, or other publication and referred to it as a request by "user name" only for us to have changed that name.

Also where there has been correspondence relating to the validity of a name as with the example given above, or names declared obvious pseudonyms etc. I think it would be wrong, and confusing, to "change history".

[RichardTaylor]

A new case where this feature would have been useful has come up today. A councillor who has ceased to be a councillor wants "Cllr" dropped from his username.

[RichardTaylor]

Just a note to say we've had another couple of cases where this might have been useful.

I note we'll need to be careful using it as depending on the reason for a name change people might want a clean break from their old identity so we'll need to make sure we have clear instructions from the user as to if they really want a name change or a new account.

[hsenag]

I'm not too sure about the complexity of this one - at least, no really simple solution jumps out at me. What happens to correspondence threads in progress at the time of the request?

[RichardTaylor]

Just a quick note to say we've had another case on WhatDoTheyKnow where this feature would have been useful.

[henare]

We just had someone ask how they can change their name. They signed up using only their first name for privacy reasons but after making a request were no longer concerned about that so wanted to add their last name.

In this case they probably would have been fine just updating their display name and not the URL name.

[RichardTaylor]

A user of WhatDoTheyKnow just got married and this feature would have been useful to deal with their subsequent request to change their name on WhatDoTheyKnow. We've changed their username for them but this leaves the history a little inconsistent with the new name where the username is shown but the old name in the body of the requests.

[RichardTaylor]

There has been another case on WhatDoTheyKnow today where this feature would have been useful.

[RichardTaylor]

Another case arose today - where someone who has made hundreds of requests on WhatDoTheyKnow under using a single word name, and had many rejected on the grounds of not providing a full name, wanted a second word added to their name. Given the history of rejections just adding the second word to the user name could have made the presentation of existing correspondence misleading / hard to understand. The option to change the name from a point in time would have made the decision on what to do easier.

[RichardTaylor]

Another +1 from today. A user making requests under the name of an "organisation" wanted to change that organisation's name.

We want to encourage organisations to use WhatDoTheyKnow to make requests and from time organisations do change their names so handling such events nicely would be good.

The situation isn't terrible at the moment as the name used at the time of the request will probably still be in the text of the correspondence even if a user name is changed.

[RichardTaylor]

Another +1 for this following a WhatDoTheyKnow user changing their name.

[garethrees]

Maybe name should be added on a per-request basis (InfoRequest#signature?), with User#name being the pre-filled value. That would allow us (or users themselves) to more easily redact the signature, allow user account name changes with less disruption on history, and also allow pro users to use pseudonyms.

Haven't though too much about this, so just noting for when we get to it.

[RichardTaylor]

Adding another +1 for this in light of another request from a WhatDoTheyKnow.com user.

I suspect there's a strong equalities case for this, the lack of this feature is likely to impact women more than men given women tend to change their names on marriage far more than men do. The lack of this feature will also impact those changing their gender more than it will the general population.

[RichardTaylor]

Maybe name should be added on a per-request basis (InfoRequest#signature?), with User#name being the pre-filled value. That would allow us (or users themselves) to more easily redact the signature, allow user account name changes with less disruption on history, and also allow pro users to use pseudonyms.

I can see the benefits of holding the name in the signature of an outgoing message in a separate field, that would help when we want to redact users' names.

I don't though think that either we, or users', should ever change the names which were used to sign correspondence in the past. I think removing names should be an option, but changing them damages the integrity of our archive, and would create a record of something which never happened.

[RichardTaylor]

Just adding a +1 as we've had another case where this feature would have been useful.

[RichardTaylor]

+2 for more cases where users apparently wanted this feature; one of them vaguely cited Gender Recognition Act and Equality Act when requesting the change.

[RichardTaylor]

+1

A WhatDoTheyKnow user writes:

Hello, is there any way to change my name on an account (following marriage) or do I just need to register a new one? Thanks.

[RichardTaylor]

Name change requests may amount to individuals exercising a "right to rectification" under GDPR.

https://gdpr-info.eu/art-16-gdpr/

I don't know if, and to what extent, this is the case. I note that on WhatDoTheyKnow some requests are considered in this context. Addressing this issue could prevent GDPR rights based requests which can be time consuming to deal with.

[RichardTaylor]

+1 This would help in cases where users want to change their username from "Firstname" to "Firstname Surname". Currently in such cases we annotate requests made under "Firstname" (as otherwise it would appear public bodies' requests for full/real names would appear inappropriate).

Ideally we'd prevent this issue - perhaps with a warning when people sign up with single word names, or pushing for a change in the law, its interpretation, and/or policies of public bodies.

[RichardTaylor]

+1 another support request where this feature would have been useful

[RichardTaylor]

+1 Another WhatDoTheyKnow user has requested a name change. Current proposal in the specific case is to make the change but annotate some number of requests made to-date to explain to readers what has happened.

[garethrees]

Maybe name should be added on a per-request basis (InfoRequest#signature?), with User#name being the pre-filled value.

Something along the lines of this suggestion could help do something clearer to fix https://github.com/mysociety/alaveteli/issues/6154.

[mdeuk]

Name change requests may amount to individuals exercising a "right to rectification" under GDPR.

https://gdpr-info.eu/art-16-gdpr/

I don't know if, and to what extent, this is the case. I note that on WhatDoTheyKnow some requests are considered in this context. Addressing this issue could prevent GDPR rights based requests which can be time consuming to deal with.

Just to note - some very quick stats* - we've dealt with 34 RoR and 446 RtE requests since we started tracking.

Having functionality like this would doubtless make a difference - it also makes good common sense, name changes happen for a variety of reasons - we should have the capability to change things at request.

There will inevitably be some cases where a manual attempt is required - e.g. in cases where specific sensitivity is required, but if we can automate this for the most part then it'd be an incredibly useful tool to have.

* figures have not been specifically validated, they are based on the data we hold in readily accessible form.

[mdeuk]

Intriguingly timed - CNN's Reliable Sources has flagged up this article which gives another angle for username changes - instances where it may be ethically problematic to say "no".

It's worth a read. 🏳️‍🌈

[Miquette1]

Hi, I would like to leave you a legacy in my Will, but since first registering with yourselves over a decade ago, I have reverted to my maiden name ... My bank did it in 3 days after me producing 2 (or was it 3) pieces of evidence ... No problem at all, same with Dept of Works and pensions .... All my legal documents have been converted, Land registry and more. So why impossible with you? It may be legitimate to say 'no' in some instances, that's up to yourselves. But I certainly don't want my 'history' from your right to disappear with my old name. After all, I lived with it for 44 years, longer than I have lived with my maiden name.

[itsaphel]

Maybe name should be added on a per-request basis (InfoRequest#signature?), with User#name being the pre-filled value. That would allow us (or users themselves) to more easily redact the signature, allow user account name changes with less disruption on history, and also allow pro users to use pseudonyms.

Are there any cases where site admins change someone's username with the intention of changing the name on all previous requests as well? In other words, are there any cases where it would be problematic to add a signature functionality and make it so that renaming only changes the username on future requests? (I presume they could still be dealt with using censor rules, but just wondering.)

[RichardTaylor]

WhatDoTheyKnow support correspondence from a user:

Your policy does discriminate rather against people like me, of my generation who automatically, (back in the day), changed our names to our husband’s ….

By "policy" here I believe our user is referring to the lack of this feature within the system software.

[RichardTaylor]

Are there any cases where site admins change someone's username with the intention of changing the name on all previous requests as well?

Currently any username change does change the username shown on all previous requests. I think this question is asking if this is ever the intended effect. I suppose it might be in cases such as where a user made a typo in their name, or inappropriately capitalised it.

Generally if we do make a substantive username change which impacts the display of previous requests we add an annotation explaining, saying eg. "This request was initially made under the username of [name]". I see a Google search for

site:whatdotheyknow.com "This request was initially made under"

has some hits. I suspect there may be other phrasing used too.

@itsaphel If you want to discuss joining our volunteer team so you can see the support mail, and take part in our discussions on policy changes do get in touch.. If you have previously been in touch then we've not connected your GitHub username to any previous correspondence we've had with you!

[Miquette1]

For cases like mine … so obvious it’s not for nefarious purposes, I certainly wouldn’t want to loose all my previous FOI requests. All of the previous names could be labelled to read ’Catherine H..., formally known as Catherine M………’ Easy-peasy.

[Miquette1]

Thank you for taking a great interest in this Richard ... It's a small point in the great schemes of things ... especially now.

[RichardTaylor]

All of the previous names could be labelled to read ’Catherine H..., formally known as Catherine M………’ Easy-peasy.

I suspect this would suit some users seeking name changes.

A statement like this could appear on a profile page where a user's name has changed from a point in time.

For users who don't want their old and new names to be connected this proposed feature isn't of use anyway, for them they'd need to separate their accounts I think, though ideally there might be a way to have one account and two sets of requests under different names.

Perhaps the concept of an organisational account with powers/access over individual user accounts could be used when one user needs accounts under different names and wants a single login? One could envisage journalists / whistleblowers who make requests under a range of pseudonyms using such an account too.

[itsaphel]

Currently any username change does change the username shown on all previous requests. I think this question is asking if this is ever the intended effect. I suppose it might be in cases such as where a user made a typo in their name, or inappropriately capitalised it.

Pretty much, yeah, that's what I was wondering.

I ask because a signature field (if I understand the idea right) would be like caching user_name for each InfoRequest. I'm thinking that, following that change, some kind of functionality to do a rename on past info requests (technically changing the signature) might be necessary. If requests where such a rename would be intended are infrequent then I suppose using censor rules might suffice?

@itsaphel If you want to discuss joining our volunteer team so you can see the support mail, and take part in our discussions on policy changes do get in touch.. If you have previously been in touch then we've not connected your GitHub username to any previous correspondence we've had with you!

Will do!

[garethrees]

I ask because a signature field (if I understand the idea right) would be like caching user_name for each InfoRequest

That was indeed what I was thinking – maybe it would be on OutgoingMessage though, since that's what actually gets sent.

The alternative here is to add versioning to User like we do with PublicBody, where we search historic url_names.

Without digging in to it more I don't have a good feel for the tradeoffs of each approach.

[itsaphel]

I only looked quickly but I'm assuming only the InfoRequest author can send OutgoingMessages? (https://github.com/mysociety/alaveteli/blob/develop/app/views/request/_outgoing_correspondence.html.erb#L11)

I suppose with the first approach you might need to run some kind of one-time job to populate the cache for all previous requests / outgoing messages. Or have a fallback to the user's name when there's no cached username, and go back and populate the cache in older requests with the then-current username only during a username change. This way, for most users the fallback would be used, unless they've had a name change.

Compared to the versioning idea I suppose it also takes up a fair bit of database space, but probably not significant in relative terms. It does seem easier to implement, though.

[gbp]

So there are two issues here:

1. Preserving historical User#url_name

In the past I have used the friendly_id gem configured with its History module to record pass slugs. See Avoiding 404's When Slugs Change. This works by adding a migration to create a new database table which the gem uses to record generated slugs. To refresh my memory of the gem I have take a look at implementing this and without too much work it seems to be working to a degree.

Would need to consider GDPR/RtE deletion of old slugs.

2. Displaying historical user names on request pages

While we could version the User record as we do with PublicBody, a pick out the correct version's name. I'm not very keen on this as it seems it would be more complex to implement. Also the gem we use hasn't been updated for a long time - we should need to address that by switching to a different gem.

To me it seems better to record the sender somewhere, this could be:

• on the OutgoingMessage records (maybe as OutgoingMessage#from_name to match IncomingMessage#from_name)
• in the params (as from_name) of the outgoing (send/ resend & followup) InfoRequestEvent events for the request.

We should fall back to the User#name if these aren't set.

A rake task to populate the outgoing from_name would be necessary otherwise future name changes wouldn't be obvious for past requests.

When resending an outgoing message, I believe we use the previous stored name and not current user name as this could cause confusion at the authority if both messages were received.

If we record an InfoRequestEvent for on each request when a requester has a name change this will allow us to render a notice explain what has happen inline within the requests correspondence messages.

We also store the User#url_name in some InfoRequestEvent#params_yaml, this will soon be removed with https://github.com/mysociety/alaveteli/pull/7173/commits/bf3c2b0d04dc6ff94967026f5f05b5de4c357320

[RichardTaylor]

We've had a case today on WhatDoTheyKnow where a user wanted to change their name while having requests in-progress.

This shouldn't cause public bodies a problem, as in life people do change their names, sometimes mid-"conversation", but I can imagine some public bodies might get confused, or raise concerns about the validity of a request if the name change was not explained - given the requirement in FOI law for a request to be associated with the name of the requester for it to be valid.

We could perhaps just advise users about to continue a thread with a name other than the one they previously used that they might want to reference the change in the body of their correspondence.

[garethrees]

Pasting some notes from our in-person shaping session on this.

Overview

We spoke about this in person so won't cover too much of the ground here. The gist is that we want the info request record to be a snapshot in time, so that a rename doesn't affect the request history. We can link to the user's current profile page and make it obvious that since the request was made a rename has happened, and preserve old slugs so that referencing links still work.

OutgoingMessage

• Cache User#name as OutgoingMessage#from_name on message creation.
• Update OutgoingMessage#from to use the cached from_name value.
• Make OutgoingMessage#from_name editable in the admin UI.
• Make OutgoingMessage#from_name redactable[^1].
• Make OutgoingMailer resends use the exact contents of the message to be resent, rather than regenerating them.
• Show a warning/notice to remind a user/admin that the name has changed since the last message when following up or resending correspondence.
• Could also include an extra line in the template if following up on an existing thread, but only if we can do it without introducing too much confusion/complexity.
• Make sure the signoff used is correct

InfoRequest

• Add InfoRequest#from_name which delegates to the first OutgoingMessage#from_name.
• Use InfoRequest#from_name rather than @user.name in the request subtitle. This means we’ll always show the name used at the time of requesting, even if we’re linking to an updated user record. We might end up caching the name here later in order to achieve https://github.com/mysociety/alaveteli/issues/7414, but for now a method call is fine.
• Make InfoRequest#from_name redactable[^1].

User

• Allow users to edit their own name attribute through the UI
• Add a “Previously known as” section which plucks cached names from correspondence sent by the user
• Record previous url_name records
• Show previous url_name records in the admin UI
• Allow PII from previous url_name records to be erased

Misc

• Make sure we’re using the correct name in the UI (https://github.com/mysociety/alaveteli/pull/7600)
• Add From: to the followup form (if it isn’t already)

[^1]: i.e. Any applicable censor rules apply to it.

[garethrees]

Don't think this was intended to be closed by just #7702.