|
Grex > Coop11 > #254: Grex's ID policy - email with account usgov |  |
|
| Author |
Message |
| 25 new of 133 responses total. |
cmcgee
|
|
response 56 of 133:
| 
Apr 16 23:11 UTC 2001 |
Yep, all they need to do is comply with our policy.
|
mdw
|
|
response 57 of 133:
|
Apr 17 01:27 UTC 2001 |
Actually, we don't have any evidence this guy has access to his
company's corporate checkbook. We have evidence that an unknown person
has access to *some* checkbook which *seems* to be connected to some
company. It doesn't take much to establish a bank account with J-random
name on it, and it takes even less to get checks printed up. We don't
have an address, the name of a human, or any strong evidence that this
entity is in fact connected to the company he claims to represent.
Personally, I'm kind of amazed at the degree of variance expressed in
this item, although I also think that there is actually a fair amount of
consensus expressed here.
|
aruba
|
|
response 58 of 133:
|
Apr 17 03:42 UTC 2001 |
Re #55: Even if they hadn't typed over the address, they wouldn't be in
compliance with our policy, which requires ID from a contact person.
|
swa
|
|
response 59 of 133:
|
Apr 17 07:08 UTC 2001 |
I agree with those who've said that this whole encounter smells funny, and
with Carson's comments in resp:42 with regard to Grex bending over
backwards to please customers.
|
mdw
|
|
response 60 of 133:
|
Apr 17 09:06 UTC 2001 |
While we are a non-for-profit, that's not precisely the same as saying
we can abandon all business principles. It *is* important that we not
operate at a loss, and the difference between that and a commercial
for-profit business in a competitive market is in some ways not so big.
What a commercial business would call "customer satisfaction" is
important, because that determines whether we can keep the users we
have, attract new users, and convince at least some of the existing
users that we deserve their personal financial support.
However, customer satisfaction is *not* as simple as just giving the
customer whatever he/she asks. Customers aren't always able to ask for
what they really want, it's not necessarily fair to spend too much time
on too small a percentage of customers, and there are some customers
that can't be pleased. Running a successful business requires juggling
a multitude of conflicting goals, setting priorities, evaluating risks,
and performing "triage" - recognizing which situations will work
themselves out just as well without attention, which situations cannot
be improved with attention, and which sitautions can best benefit from
some attention. Deciding which customers to help is an important part
of this process. There is usually a small number of things to be done
that will please most customers, and a large # of things that will
please successively smaller numbers of customers. Deciding which
customers to help is part of "defining your market niche".
In this case, this particular person (or company) has expressed a strong
interest in "privacy". This is not a product we "sell" on grex - we
don't promise to render our users untraceable, and indeed on the
contrary we hope people will cede some of their privacy by participating
publically in the conferences. We don't know for sure what this person
hopes to get out of grex, because we haven't asked him, but it's
possible given our lack of mutual understanding that he has unrealistic
expectations in other areas as well. A lot of this seems to boil down
to trust -- does he trust us with his identity; do we trust him not to
abuse things here? The principles of "triage" would in any case seem
easy to apply to this.
|
gull
|
|
response 61 of 133:
|
Apr 17 12:54 UTC 2001 |
Re: people impersonating corporations...
VeriSign recently issued some crypto certificates to a person who
falsely claimed to be an employee of Microsoft. There are now two
certificates out there that say "Microsoft Corporation" that don't
actually belong to them. Unfortunately Verisign never thought to
provide a way to let software automatically check if a certificate has
been revoked...
Reference:
http://www.cert.org/advisories/CA-2001-04.html
|
aruba
|
|
response 62 of 133:
|
Apr 17 13:18 UTC 2001 |
This was in my mailbox this morning:
From usgov@cyberspace.org Tue Apr 17 09:10:09 2001
Date: Tue, 17 Apr 2001 01:07:17 -0400 (EDT)
From: ~~ <usgov@cyberspace.org>
To: aruba@grex.cyberspace.org
Subject: Re: Money Received
Mark, please add these additional comments to the BBS from us:
P.S.
1# As #38 pointed out, why have an ID. at all? It makes no sense and
serves no useful purpose; further, ID's can be faked--just ask any 18 year
old college student.
#2 Whoever did research in Missouri on criminal law did not do a very good
job. It is a crime to make a copy of a Missouri driver's license; we can't
say what the law is in Missouri. For $100, we'll be happy to have it
researched for you and to give you a legal citation.
#3 The U.S. Privacy Act of 1974 prohibits the use of ID. for
"identification purposes." Just because someone may ask, does not mean you
have to give it to them. The opinion of our corporation is that if someone
does not know what their rights are, that is THEIR problem. Just because
they will not waive their rights, is nothing to consider suspicious. If a
lamb jumps over a cliff, should everyone follow? Next time a supermarket
asks you for your SS#, just say "no." Permit them to SEE your driver's
license, but do not permit them to make a copy. Under the U.S. Privacy
Act, service/benefits cannot be denied because one refuses to waive his or
her legal rights!
#4 Of course, you need to provide a SS# to a business who is hiring you.
They NEED that information for the exception to the U.S. Privacy Act,
reporting your wages to the I.R.S. Of course, they may want INFORMATION
from your driver's license if you are going to be driving a company car or
create liability on errands for the company. Your driving record is
reasonable under these circumstances. But what reasonable nexus exists
for GREX having such information? One does not need a "license" in order
to use the Internet. Grex does not report one's income to the I.R.S.
Further, Grex becomes legally liable if somehow, in some way, they
negligently permit, or some malevolent person obtains, this private
information that Grex should never have even possessed in the first place.
Does Grex want to take on THAT kind of protential liability?
#5 Mark mentions our address was "carefully" marked out on our check. We
are guilty! We moved from the old address on the check and rather than
have new checks printed with our new address, figured we would save money
in this economic times and just cross out our old address until the old
checks were used up. Did anyone think about this reasonable explanation or
was everyone, including Mark, reading too many mystery novels. We wanted
our check held by Mark until this matter were resolved. If he is going to
return it as a result of a "no vote," then he can mail it to us. If we
receive a "yes" vote, then he should cash it.
#6 Remember -- there are two sides to almost anything. Don't jump the gun
and assume things just because you have heard only one side.
#7 As one of the comments set forth, there are lots of free Internet
Service Providers, why would anyone in their right mind, whether
corporation or anyone else, go to all of this trouble unless we honestly
thought Grex was a worthwhile organization meritorious of support? Is
that too hard to understand?
Requiring ID's make no sense, they can be faked and easily obtained. They
signify nothing, One could get a fake driver's license (any college
student knows someone who can make them up or where to get them) and use
someone else's SS or make up a fake SS card. Would anyone at Grex even
know the difference?
If one has a valid checking account, that is acceptable to A.O.L. and to
any other business. Let the banks be in the verification business, not
Grex. If a bank is willing to permit an account (and one could write
checks, bounce them easily, and then skip town), then Grex should accept
a valid check. PERIOD.
Certainly it is reasonable to have a contact person and an address:
corporate if a corporation, individual if the membership is individual.
Nothing further, however is reasonably necessary and there is no
reasonable nexus to anything else. THAT should be Grex's 2001 policy on
new memberships, whether from Corporations or Individuals. If someone does
something illegal, i.e. denial of service, etc. let the FBI worry about
it. Grex cannot be the protector of the world from any possible thing
that could occur by any unscrupulous user; it should not even imply that
it can, will, or should.
Again, not a single corporation member made any commments. Perhaps there
are no corporations who even want to consider supporting Grex! That's a
shame.
We encourage a dramatic change in Grex's requirements for everyone--not
just corporations. We encourage the membership to vote in favor of our
membership and to "get real." We appreciate Mark's giving us an
opportunity to read your comments and to make our views known. We
apologize if our initial E-mail response sounded sarcastic or rude, that
was not our intention; however, we really found the existing policy to be
quite antiquated and non-sensical to the point of being absurd and
ridiculous.
|
pfv
|
|
response 63 of 133:
|
Apr 17 13:23 UTC 2001 |
Every employer I've had for years xeroxs my SSC and DL as part of
the inane laws around employement.
All noise aside, I agree that grex should stick to their guns..
a Firm is not a Person; a Firm MIGHT be "responsible", but a
Person doesn't have much choice.
|
aruba
|
|
response 64 of 133:
|
Apr 17 13:31 UTC 2001 |
Steve Gibbard asked up there somewhere why people were suspicious that this
account might be used for nefarious purposes, and had trouble accepting that
this is just a case of paranoia. The reason is the account name, usgov.
I'd like to ask, Rick, what you plan on using account usgov for? I ask this
as a Grex user, not in any official capacity.
|
aruba
|
|
response 65 of 133:
|
Apr 17 13:50 UTC 2001 |
Oops - I messed up - this message was in my mailbox too, and it was supposed
to be posted before the previous one. My apologies.
From usgov@cyberspace.org Tue Apr 17 09:47:43 2001
Date: Tue, 17 Apr 2001 00:16:21 -0400 (EDT)
From: ~~ <usgov@cyberspace.org>
To: aruba@grex.cyberspace.org
Subject: Our side of the matter.
Thanks for letting us view the comments. First, we were unable to comment
directly since when we logged in "254" the message was that it "does not
exist." Could you please do whatever you have to so that we may reply
directly to the BBS.
In the meantime, please provide a copy of this E-mail to the BBS. Thanks.
#1 - We are more than happy and have provided the name of a contact
person. What we will not do is provide personal information about a
contact person who is an employee of the corporation since the
corporation is a legally recognized entity within our state as well as
within the U.S.
#2 - A rose is a rose, no matter what the name. What is the difference if
we use "usgov" as a login name or "CIA" or "General Watchamagoo" or
whatever. There is nothing inherently sinister in the name selected as a
login. How could anyone with any common sense attribute anything to the
login name selected and consider it "suspicious?"
#3 - We have provided our corporate mailing address, of course. That is
certainly reasonable!
#4 - If someone had a sinister motive, why bother to go through all of
this trouble to belong to an organization. A hacker would just try to
hack in and use the service for nefarious purposes without contributing,
paying, or providing ANYTHING to Grex. Why would a hacker,
for example, form a corporation, maintain it in good standing for 20
years, and then apply to Grex for some sinister purpose? Let's get real,
fellows!
#5 - We are listed in the phone directory and with directory assistance;
(but even if we were not, what difference would it make?) We have had a
bank account at the same bank for 20 years. We are also listed with the
secretary of state of Missouri for 20 years. We are a legal entity and
recognized as such by the I.R.S., a government agency. The privacy of our
employees is important to us and we must respect that privacy,
particularly when there is absolutely no reason that such privacy should
be invaded by furnishing a home address, home telephone number, date of
birth, or social security number for that EMPLOYEE. The legal address of
the corporation and the name of a contact person is more than enough. It
is enough to get HUNDREDS OF THOUSANDS OF DOLLARS in credit from other
corporations, it should be enough for Grex which is not even a business.
#6 - Just because some people are stupid enough to furnish social security
numbers and to waive their rights to privacy and furnish information that
the law prohibits (for I.D.) or which, if compromised, could lead to
threats of I.D. does not mean everyone is just as stupid and will follow
along like lambs to slaughter. Just because there are people who care
little about their privacy that they will copy driver's licenses and
passports does not make it right for anyone. It is illegal in Missouri to
copy a driver's license for ANY purpose. It is also illegal to copy a
passport. If people do it, that is THEIR PROBLEM, not ours!
#7 - What exactly are you afraid of by having corporations as members of
Grex? Why do you discriminate against corporations?
#8 - Frankly, we have never run into such 20th century thinking; we don't
intend to be rude or sound callous, but Aruba's comments just struck us
as being very much behind the times. Grex needs to get into the 21st
century!
#9 - It seems like some of the Grex members treat Grex as a secret
organization. They went through a process, why shouldn't everyone else.
Apparently there is nobody who is a member who even has any legal training
or background--this is sad!
#10 - We would like to see some input from CORPORATE members of Grex, not
individual members. How about it? Do you have any corporations that are
members of Grex? If not, why not? If so, why has not a single comment
been from a CORPORATE MEMBER OF GREX?
#11 - And, how can anyone decide anything based on different views from
different perspectives. Is someone who doesn't like our login name, voting
no, and is someone who feels that all people should furnish copies of
driver's licenses, voting no. How do you make any decisions.
#12 Since we are a corporation, only those members who are corporations
should be allowed to vote on this matter. Only a legal corporate entity
knows the facts surrounding their existence in whatever state they exist.
Grex individual members should not be entitled to vote on a matter such as
this.
#13 One can buy phony driver's licenses and software for making them at
hundreds of places on the Internet. Would you prefer a copy of a phony
license made up by someone using a mail drop as an address who has done so
just to join Grex or a solid corporation with a long history, no complaints
with the B.B.B., and who furnishes Grex with multiple verifiable
references? Again, let's get real fellows! Some of you just simply don't
use common sense. It is not we who are paranoid, but some of you seem to
be by your comments.
#14 It is up to you, fellows. Think about it. If you arbitrarily deny us
membership because we respect the privacy of our employees, abide by the
law, and will not waive certain other rights, then it is Grex that loses.
Once again, let's hear from ANY corporation members you have who belong to
Grex. What do those corporations think?
|
aruba
|
|
response 66 of 133:
|
Apr 17 14:02 UTC 2001 |
As far as comments from corporate members of Grex: we currently have 3
institutional members, all (I believe) Michigan nonprofits. None of them
have ever posted responses in coop, to my knowledge.
We don't discriminate against corporations in terms of ID - they are
required to submit the same type of ID as individual members. We do prevent
institutional members from voting in Grex elections. That was to prevent
any one person from potentially having more than one vote.
About stolen ID: None of the ID information which Grex collects from members
is stored on the Internet. It's on my computer and in Grex's file cabinet.
Of course that doesn't eliminate all the ways it could be lost, but most of
them. I think it would be reasonable to implement an encryption scheme for
what's on my computer.
And PESI has not provided Grex with an address of any kind.
I'll see what I can do to help make it possible for usgov to participate
directly in this item and the next one.
|
jp2
|
|
response 67 of 133:
|
Apr 17 14:03 UTC 2001 |
This response has been erased.
|
cmcgee
|
|
response 68 of 133:
|
Apr 17 14:30 UTC 2001 |
Let's quit wasting time on this. If the person wants to become a member,
he/she/it can comply with our policies. If they don't want to comply, they
don't have to join.
Mark is doing far more than any treasurer needs to to help this person join.
I'm making a motion:
I move that we reaffirm our current Grex policy on corporate memberships.
No amendments, no changes, nothing. Leave it the way it is now.
|
pfv
|
|
response 69 of 133:
|
Apr 17 14:43 UTC 2001 |
I agree 200% with cmcgee: there has been too MUCH of an effort made by aruba
and "methinks thou protest too much, 'usgov'".
If they want to tell aruba where to return the check, fine: otherwise, I'd
destroy it in 30 days.
The grex "member" rules are not that complex, and I'm tired of the bullshit:
there is NOTHING grex offers a business user "member" that they can't get
via their ISP - in particular, telnet/email/web-access.
So far, the twit only wants to decry grex: I ain't heard YET why it wants to
be a non-voting member with anonymity and free net-access.. Nothing about
why it WANTS membership at all.
|
jp2
|
|
response 70 of 133:
|
Apr 17 14:48 UTC 2001 |
This response has been erased.
|
aruba
|
|
response 71 of 133:
|
Apr 17 14:57 UTC 2001 |
Er,
The lady doth protest too much, methinks.
- Hamlet, Act 3, Scene 2, line 222
|
robh
|
|
response 72 of 133:
|
Apr 17 15:01 UTC 2001 |
And being a pagan, I'm far more offended by #70's use of the
word "pagan" than by our refusal to change our membership policy
for corporations.
(Just trying to keep it on-topic!)
|
jp2
|
|
response 73 of 133:
|
Apr 17 15:08 UTC 2001 |
This response has been erased.
|
eeyore
|
|
response 74 of 133:
|
Apr 17 15:57 UTC 2001 |
Anyway.....
I think we ought to point out that we have never asked for a Social Security
number.
At this point, I think that we shoud just get the addy, and send this moron
back the check. He's fighting too hard to make sure that we don't get the
information, wheras anybody else would have provided it without a problem,
in a very short amount of time. I don't see why we should go changing a bunch
of rules because somebody is is being a dick. I'm firmly in support of
keeping Grex's Corporate membership exactly the way it is. If there are so
many places that will let anybody onto the internet with no id, why are they
bothering with us?
An address and a contact person isn't quite enough to get thousands of dollars
worth of credit...there are a few other things necessary. However, we didn't
even get an address and a contact person, since this person seems bound and
determined not to give it to us.
They x'd out the addy on the check because they moved, and decided to save
a few dollars? That's a bunch of bullshit. Talk about being completely our
of the loop. If they are going to scream about us being unprofessional, I
think that the check with no addy is a redflag. I cannot think of a single
business that would have the gall to do that...and if I were a business that
was offered that check, I wouldn't take it. I have issues taking checks like
that as a retailer.
It might be worth asking our other 2 or 3 corporate members if they think that
our policy is outdated, but I would rather think that the answer would be no,
or else they wouldn't be here. The cry of "Grex individual members should
not be allowed to vote on this" is pretty much against everything that we
stand for. If that is "20th Centuary", and so behind the times, oh well.
I guess I'm happier being a couple of years behind, then.
If we are a secrety club like this guy says, then how did he find us? Not
too much of a secret, eh?
And if all of this information is easy to find, then why haven't we found all
that much? And, more to the point, why the hell should we have to go
searching for it at all?
Okay, so somebody is going to fix it so this looser can find this item easily.
He can't find the directons to make it BBS, and the Coop conf? Why should
we have to link him directly to it? Sorry, but I really believe that we have
spent too much time on this already. Send the damn check back, and if he
wants to scream and whine and cry, let him. I'm done with it.
And quite frankly, who gives a ratsass at this point what the login is? I
agree that i don't like it, but I figure that at this point, thats the least
of our concerns.
|
remmers
|
|
response 75 of 133:
|
Apr 17 16:00 UTC 2001 |
I agree with #68 and the similar sentiments that others have
expressed. I also think that since usgov is perfectly capable
of joining this conference and posting responses directly,
it's an imposition on his part to continually expect Mark to
do this for him. If the guy wants to defend his position, he
can come here and talk to us.
|
remmers
|
|
response 76 of 133:
|
Apr 17 16:00 UTC 2001 |
(Meg's #74 slipped in.)
|
jp2
|
|
response 77 of 133:
|
Apr 17 16:01 UTC 2001 |
This response has been erased.
|
rcurl
|
|
response 78 of 133:
|
Apr 17 17:28 UTC 2001 |
I also don't like the way this "usgov" has been arguing the issue, but
primarily because it is beside the point. If a corporation wishes an
institutional membership, there are perfectly straightforward ways of
proceeding, and they don't involve hiding names, addresses, or EINs. But
it is also unnecessary to argue with the person about what are personal
IDs, which are not relevant to corporations, which exist as "corporate"
persons.
I suggest that what should be asked of corporations are their legal names,
addresses, phone numbers, and the same for at least the *resident agent*
of the corporation. The latter must be filed with the state in any case.
Grex also accepts as institutional members unincorporated clubs. In those
cases the requirement of positive ID for an individual representing the
club makes sense.
eeyore suggests in #74 asking "our other 2 or 3 corporate members if they
think that our policy is outdated". If there are really only 2 or 3, they
must be me, as I have created 4 institutional memberships on Grex, each
having paid annual dues. They are _Michigan Interlakes Grotto_ (now moved
elsewhere), _Michigan Karst Conservancy_ (now moving elsewhere), _ARROW
Amateur Radio Club_, and _Michigan Natural Areas Council_. These have been
used for hosting websites and board e-mail communications. None of these,
by the way, use the internet except for e-mail and a website, which do not
require membership. Their memberships have been a way for them to say
"thanks" for providing this service for them.
So, what do I think of the ID requirement? There wasn't any. The
corporations were not asked for ID and nor was I. It was done on a
personal basis as I was known to Grex. However if Grex wanted to establish
an ID requirement for corporations, I would suggest making the requirement
a written request from an officer of the corporation, identifying the
corporation with at least its resident agent by name, address, phone
number, and corporate EIN. If Grex is really paranoid, these could be
checked with the corporate division of the State.
|
robh
|
|
response 79 of 133:
|
Apr 17 17:37 UTC 2001 |
Re 77 - "Heathen" means much the same thing as pagan, so I would
object to that. But "heretic" is fine with me.
|
aruba
|
|
response 80 of 133:
|
Apr 17 17:39 UTC 2001 |
Rane: we have clarified the ID requirements for institutional memberships
since the time when those institutions became members. We require ID from
a contact person. I put you down as the contact person for mkc and mnac.
Those two and one other are our only 3 current institutional members.
|