|
Grex > Coop11 > #245: ID requirements for institutional members | |
|
| Author |
Message |
aruba
|
|
ID requirements for institutional members
| 
Mar 14 03:04 UTC 2001 |
I got a check today which causes me to pose the following question:
What are the ID requirements for an institutional member? I don't think
we ever spelled that out. In the past, institutional members have paid
with corporate checks with their names and addresses pre-printed on them,
and we've accepted that. Some possible alternative forms of ID:
1. A driver's license, passport, or personal check from a representative
of the company.
2. A letter on company letterhead. (Pretty easy to fake these days.)
3. A letter signed by one or more company officers.
4. Some kind of official document verifying the existence of the company.
Which of these should be acceptable? Can anyone think of anything to add to
the list?
|
| 35 responses total. |
ashke
|
|
response 1 of 35:
|
Mar 14 04:44 UTC 2001 |
forgive my ignorance, but what is an Institutional Member?
|
carson
|
|
response 2 of 35:
|
Mar 14 05:39 UTC 2001 |
(sometimes we have memberships that are taken out in the name of an
organization. I don't remember the details for which types of
organizations qualify, but I seem to remember it has something to do with
fellow non-profits. Rane was a champion of htis, AIR.)
|
scg
|
|
response 3 of 35:
|
Mar 14 08:05 UTC 2001 |
In deciding on ID requirements, it's probably worth first considering what
we need the ID for. I believe the original rationalle several years ago was
that the Internet was a closed academic network, and that we needed to be very
careful about being good neighbors if we were going to let members of the
public onto it. I don't think anybody thinks of the Internet that way
anymore, and organizations that care tend to invest large amounts of resources
into securing their Internet connections, rather than trusting the rest of
the Internet to be good neighbors. It may still be important, to make our
own lives easier, to be able to ensure that somebody we cut off for misusing
Internet access doesn't come back again and again, but we already have that
problem and deal with it for misuse of our own system.
The other reason for requesting ID, that's been given occasionally, is that
we need a list of names and addresses of members, to give to the state if they
ask. That means we need to ask our members for their names and addresses,
and means our members should give us accurate information. It certainly means
we shouldn't knowingly falsify the list. However, asking for proof of the
information our members give us is probably going a bit far. That certainly
isn't anything any other non-profit I've ever joined has asked for.
|
eeyore
|
|
response 4 of 35:
|
Mar 14 14:02 UTC 2001 |
On the other hand, it would make sense t ome to ask for it in this case, since
they seem to be going out of their way to hide a multitude of information from
us.
|
aruba
|
|
response 5 of 35:
|
Mar 14 14:31 UTC 2001 |
Re #4: I'd rather not get stuck on the particular check that inspired this
item. If we could come up with a general policy on ID for institutional
members, then future treasurers and I won't have to fret over this every
time it comes up.
Re #1&2: When Grex was founded, it was assumed that all members would be
people. Later the bylaws were amended to allow institutions to become
members. They read in part:
a. Any individual or institution supporting the goals and objectives of
this organization as enumerated in the Preamble, and who agrees to
abide by these bylaws and pay dues, is eligible for membership.
The bylaws go on to say that institutional members have the same status as
individual members, except that they may not vote in elections or serve on
the Board of Directors.
Re #3: Here is the standard message I send to people when they ask me why
they need to send ID to become members:
There are two reasons Grex requires ID from its members:
1. While we are very comfortable allowing anonymous users access to Grex,
we are not comfortable unleashing them on the rest of the Internet. It
would be irresponsible of the Grex administration to allow people we
can't identify to telnet through Grex to other systems, so we require ID
from everyone we allow to do that.
2. Cyberspace Communications is required by the state of Michigan to
maintain an up-to-date list of members. Implied in this requirement is
that we make sure no two memberships are held by the same person. So we
require ID to connect accounts with real people and make sure no one has
the ability to vote twice in Grex elections.
Since institutional members may not vote, #2 is not as relevant as #1 to
them. Some staff member please correct me if I'm wrong, but I think
people trying to telnet through Grex is still a problem that we are
concerned about, and constitutes a valid reason for requiring ID from
members.
|
aruba
|
|
response 6 of 35:
|
Mar 14 14:40 UTC 2001 |
I hope we don't get too hung up on philisophical underpinnings of
requiring ID - that's really a different topic. At the moment we do have
a policy requiring ID from members, and that includes institutional
members. So we ought to be able to list what forms of ID are permissible.
I think the rules need to be lax enough that we don't discourage many
potential donors, and stringent enough that someone can track down a
member given the information we collect. (Or, even better, stringent
enough that we discourage people who plan to do illegal and unsavory
things from becoming members at all.)
|
aruba
|
|
response 7 of 35:
|
Mar 14 14:51 UTC 2001 |
Here's the current ID policy, from the 9/27/1995 board minutes. It was
intended for verification of both members nonmembers for internet access,
but we have yet to get around to applying it to nonmembers. Note that it
was adopted before we allowed institutional members. Points (2) and (5)
are the relevant ones.
T. Verification Policy - John Remmers passed around a verification policy
which he had formulated. A few words were modified, but there was a long
discussion about whether it should be possible for trusted people, such
as staff, to relay information to the verifier. Ultimately, the wording
in this respect was left intact.
Here is the final wording of the motion:
MOTION: (remmers, steve)
(1) Anyone requesting access to Grex services for which verification
is required shall present proof of his or her identity. Members and
non-members will be held to the same verification criteria. In order
to be considered verified, a person shall submit a photocopy of an
item of acceptable identification and a signed letter requesting the
access.
(2) The acceptable items of identification are government-issued ID,
school-issued ID, library-issued ID, or a personal check written to
Cyberspace Communications Inc. by the person requesting access. To be
accepted, the item must be currently valid (i.e. not expired), must
identify the person by name, and must include additional identifying
information other than a photograph (such as home address,
passport number, or name of school).
(3) There shall be one individual, referred to hereafter as "verifier",
who is responsible for accepting verification requests and ID,
notifying the appropriate staff member(s) so that access may be
granted if the criteria of (1) and (2) are met, and notifying the
requester if the ID is not acceptable.
(4) The board shall solicit volunteers and appoint the verifier. The
term of office is one year and is renewable. Any verified user is
eligible for the post of verifier. If a volunteer for the post is not
currently verified, then for the purpose of gaining eligibility he or
she may present identification to the board that meets the criteria
enumerated in (2).
(5) In the case of personal checks submitted to the treasurer of
Cyberspace Communications Inc., the treasurer may also verify a user,
provided the check meets the criteria of (2) and is accompanied by a
signed letter as required in (1).
(6) An individual whose request for verification is denied may
appeal the decision to the board. The board's ruling on appeals
is final.
PASSED: 7-0
|
aruba
|
|
response 8 of 35:
|
Mar 14 15:01 UTC 2001 |
I regret to say that I have never enforced the "signed letter" criterion; I
only found out about it a couple of years ago. With the board's consent,
I've allowed people to email scans of their ids as well as send photocopies,
and more recently have allowed people to fax copies. And as I said before,
both Greg and I have accepted corporate checks as ID for institutional
members.
None of the forms of ID enumerated in (2) apply to institutions - they don't
have government-issued ID (unless you count articles of incorporation - I
suppose someone could send that), school-issued ID, or library-issued ID,
and they can't write a personal check. It's a good question whether, if an
individual writes a check for a corporation's membership, that check counts
as ID for the corporation.
So, basically, the question posed in #0 is up in the air, and we need
suggestions to answer it.
|
cmcgee
|
|
response 9 of 35:
|
Mar 14 18:36 UTC 2001 |
Why don't we do the same thing the bank does: require that a corporation has
to supply us with two real people to represent the corporation or institution.
Perhaps the treasurer and president of the instituion's board. That way we
can use the same "people" policies on these folks, and still have the
institution as the member.
|
pfv
|
|
response 10 of 35:
|
Mar 14 18:48 UTC 2001 |
What would that do to a state or federal request, let alone an
external systems complaint on "user XXX"?
You still need a PERSON related to a body (state or federal
database).
|