response 109 of 184:

Sep 8 03:16 UTC 2002

Re #101:  That's already not only illegal, but against the restaurants'
          policies.

          I'm not saying the treasurer can't be trusted.  I'm saying that
          Grex shouldn't be collecting sensitive data about its users that
          it doesn't need to collect.  That's independent of how the 
          treasurer protects it, or whether the treasurer is a good person.

response 111 of 184:

Sep 8 05:50 UTC 2002

re 104:
        I can think of at least one other system where it's possible to telnet
in, create an account, and have access to run things on the Net.  However,
I'm not sure that sort of thing really matters so much at this point, what
with PPP dial-up accounts, ethernet access in dorms, internet cafes running
unsecured computers, lots of wide open wireless networks, and so forth.  Those
who want somewhat anonymous access to do bad things on the Internet can easily
find it.

I say somewhat anonymous, rather than really anonymous, though, since
sufficiently motivated law enforcement people with the proper court orders
can generally figure out who somebody is, or at least where somebody was. 
Grex, like most other systems, records the IP addresses connections come in
from.  If that doesn't trace directly back to the user's computer, it
generally at least traces back to a phone line, which traces to a location.
From there, law enforcement may be dependant on any witnesses who may have
seen the person using the computer at that time, but that's also as well as
they can do with non-computer related crimes a lot of the time.  This gets
trickier with wireless access, if the basestation has been set up to not
require authentication (which lots of them are).  At best, in that case, you
can probably guess which block the person was on, unless they were using a
directional antenna, in which case they could have been farther away.  If
they're still connected, I suppose there are tools that could figure out where
their signals were coming from.  If they were gone, it might be harder. 
Again, though, law enforcement runs up against that sort of problem frequently
with other sorts of crimes.

So please, let's stop the argument that Grex, if it dropped its ID
requirement, would be the only place in the world that gave anonymous access
to the Internet, because the access wouldn't really be anonymous, and because
Grex certainly wouldn't be the only place giving that kind of access.  There's
still a very legitimate question here, which is whether, given the current
state of the Internet, it still makes sense for Grex to require ID before
providing access to it.  My feeling is that it does, not to help law
enforcement (who can help themselves), but to help us.  If we've got somebody
using our resources to cause trouble elsewhere, it hurts us, and we should
be able to tell that person to go away.  Without knowing who the person is,
and how to recognize them if they come back, we don't have any good way to
cut them off.

If we are going to collect this ID, it seems quite reasonable to keep the
data.  It's not as if we're carding somebody in a bar, and once we find out
they have ID they're fine and we no longer care about them.  This ID is being
collected so that we'll know who the people are, and if we needed to know who
somebody was, having destroyed the records would make the records rather
non-useful.

response 113 of 184:

Sep 8 07:48 UTC 2002

I have to wonder what all these internet cafes et al plan to do when
people complain to them about vandals or spammers, or worse yet they get
sued.  Most of them haven't been in business long enough that what they
do necessarily represents best business practice.

Many libraries offer some form of network access, but I think there's a
trend there to restrict the basic services that are offered and/or to
require some form of identification/authorization.  The degree of
paranoia is likely to depend on the size of the institution and its
surrounding community, how long they've been providing such services,
the skill of any experts they can draw upon, and any problems they've
encountered - a small library in Paradise MI might be a lot less
paranoid than a big library in downtown Detroit.

Something else to keep in mind: the access an internet cafe or library
can offer is geographically limited.  The service grex offers is not.
If an internet cafe has problems with the local punk kids, they can
summon the police.  If grex has problems with punk kids anywhere on the
planet, the steps grex can take are quite limited, and not necessarily
effective.

response 115 of 184:

Sep 8 13:56 UTC 2002

Just found this item and read it in a sitting and a half (some
distraction by exploding children).

The danger of privacy violations is minimal.  We have *never* stored
identity information on Grex or on any machine on the cyberspace.org
network.  We do believe in keeping this information secure, and we do
not regard any portion of Grex as secure.  Given how much my social
security number, credit card numbers, checking account numbers, and
drivers license number generally circulate around, I don't think having
one of them in Mark's file adds noticably to my personal risk of
identity theft.

Still, the point that we should be minimalist about this is taken.  I
think records should be deleted a few months after a membership is
turned off.  This requires minimal extra effort, and the data discarded
is plainly of very little interest to Grex.

What I consider much more interesting is the suggestion by scg and
others that we don't need the identity information at all.  We'd just
record the user's name and address taking their word for it.  This would
make becoming a member of Grex substantially easier, and would reduce
the treasurer's workload.  Sounds great.  I'm inclined to agree that as
far as restricting net access goes, we no longer need to collect ID.

My one doubt about this relates to voting.  I would like to be confident
that each member is a different person.  I don't want to make it
excessively easy for people to buy several dozen votes for $18 a peice
just by giving a different imaginary name and address for each one.

Most membership organizations don't have the same problem because they
frequently meet face to face.  Possibly we have to require the ID only
for voting, and we don't have to retain it at all.

response 117 of 184:

Sep 8 19:34 UTC 2002

Arguably, we HAVE had the ID requirement prevent untoward use of Grex.
There was the company down south which wanted the membership to get
outbound Internet services, and balked when the staff asked for the ID
of the designated "responsible party" for our requirements.

Speculation was that the company wanted to use Grex for spamming purposes.
We wound up returning their money.

Then there are the people who drop into party and ask why they can't
telnet out, and we tell them that's for members only and ask them why
they just can't telnet direct to their destination since they're telnetting
in, and we never hear from them again.  They are probably vandals.

So no, the policy is not broken.  It prevents Grex from being black-holed.
Without a membership, it's impossible to hijack a mail relay or any of the
other things which are required to do real bulk spamming.  We can only
speculate how many would-be spammers and other vandals have been prevented
from using Grex for their purposes by our policy, but the only answer I
can think of is "pretty much all of them".

response 119 of 184:

Sep 8 21:10 UTC 2002

Hahah.ahahahah.ahaah.ahaa  
BAN LIBRARIES!

response 121 of 184:

Sep 8 22:27 UTC 2002

He's probably assuming that Tritium would have sufficed.

response 127 of 184:

Sep 9 14:46 UTC 2002

Um, yes, there is.  Please reread #115 and then let us know which part of it
you were referring to in your #116.  :)

response 129 of 184:

Sep 9 16:17 UTC 2002

Re #127:  #126 is a response to Russ' #117.  I forgot, though, that Russ
          never replies live -- he probably hasn't seen Jan's post yet.

response 131 of 184:

Sep 9 19:12 UTC 2002

I do not see anything wrong with keeping this information while an 
individual is a member.  Once the membership expires the information 
should be destroyed, even if the member in question intends to renew and 
misses the deadline.  Sure, it means they'll have to provide it all over 
again, but it shouldn't be the treasurer's job to worry about that.  
That's what happens when a membership or an account is allowed to 
expire: you have to provide you info all over again.

I don't know if such a change in practice really requires and amendment 
change and vote, simply a change in style of record keeping.

Second, I'd like to take the opportunity to thank Mark for all his hard 
work.  He didn't have to take on this challenge, and his efforts should 
be better appreciated by all of you.  Constructive criticism is all well 
and good, but give him credit where it is due, and separate him from the 
policy when you dismantle it piece by piece.

response 133 of 184:

Sep 9 20:49 UTC 2002

One solution to the conflict would be to move towards winding up 
outbound telnet access.   With the replacement of Gopher by the Web,
there's not much publically available stuff out there for people 
to telnet to any more.  I can think of the telnet server 
at Weather Underground (rainmaker.wunderground.com) and maybe the 
UM/MSU/Wayne State catalogs are still telnettable.  
 
As another example of telnet fading away:
If I recall correctly, Michigan State intends to discontinue 
telnet access for the campus e-mail system at the end of this school
year.

The current users of outbound telnet could be grandfathered in, 
or something, if you are worried about inconveniencing anyone.
 
This would be somewhat in accordance with Grexian principles, in 
that it would remove a distinction in system privileges between
members and non-members.