Grex Coop12 Conference Item 127

It seems to be a matter of compulsive data retention, which is a common
problem for a lot of businesses.  Any personal information that has
fulfilled its purpose should be deleted, *especially* things like credit
card numbers.  I'd be pretty annoyed if I bought something at a store and
discovered they still were keeping my CC # on file six months later.  That's
just asking for trouble, and it's completely unnecessary.  Once Grex has
gotten payment and used the number to verify the person is who they say they
are, there's no reason to keep it after that.

carson

response 2 of 184:

Sep 3 16:11 UTC 2002

(what's jp2 ranting about now?  #0 looks like a lot of colorful rhetoric
peppered with invective, but sorely lacking in facts and examples.)

mynxcat

response 3 of 184:

Sep 3 16:14 UTC 2002

I think its a spin-off of item 123.

jp2

response 4 of 184:

Sep 3 16:14 UTC 2002

This response has been erased.

gull

response 5 of 184:

Sep 3 16:49 UTC 2002

Does Grex have any guidelines for what data the treasurer is to keep and for
how long?

scott

response 6 of 184:

Sep 3 17:17 UTC 2002

Is the Grex treasurer in fact currently keeping such data, or is Jamie just
looking to stir things up again?

gull

response 7 of 184:

Sep 3 17:17 UTC 2002

Apparently the treasurer is, or that's the impression I got in item #123.

jp2

response 8 of 184:

Sep 3 17:25 UTC 2002

This response has been erased.

cross

response 9 of 184:

Sep 3 17:50 UTC 2002

Well, I think that jp2 is ascribing to Grex some Machiavellian
intentions that it doesn't have, but the issue of grex maintaining
personal financial information for some members is a real problem, and
does exist.  Mark has said that he's doing this in order to ease the
burdern for lapsed members who re-join, and I believe him, but I still
think it's a bad idea, and should change.  Marcus brought up the issue
of not adding to Mark's burden, which I also agree with.  Allow me,
a non-member, to humbly propose the following as a point of policy:

Grex should collect ID from it's membership, but once that ID has
been verified, it should be destroyed.  Current members who let their
memberships lapse beyond the grace period, and who later rejoin, take
it upon themselves to provide ID to grex again at the time they renew
their membership.

I think this would lessen the burden on the treasurer, as s/he doesn't
have to keep anything at all.  This still upholds the spirit of grex's
bylaws as membership is still authenticated (albeit crudely), but enhances
the current situation because privacy is maintained.

other

response 10 of 184:

Sep 3 17:57 UTC 2002

#9 slipped in

I'd like Mark to weigh in on this, but in principle, I think Jamie is
expressing an appropriate concern.

Mark said that he retains information in order to expedite re-validation 
of former members.  Other than that, the only purpose seems to be so that 
we can find the individual people behind member accounts in case of 
abuse.  

I am dead set against any action which will result in the inability of 
Grex sysadmins to find individuals who have member privileges on our 
machine in the event of net abuses being traced to Grex.  Beyond that, I 
think an opt-in approach is reasonable, implemented in whatever way the 
treasurer wishes, in order to maximise the convenience and security with 
which the treasurer can perform the duties of the position.

tod

response 11 of 184:

Sep 3 19:08 UTC 2002

What does a sysadmin intend to do by "finding" an individual being accused
of "net abuse"?
I think disabling a member's account is sufficient enough in such an event.
That in mind, destroying an ID after validation of said individual to the
account should be adequate.  Otherwise, Grex is expected to disseminate a
privacy statement to each member annually, amongst other hassles the treasurer
is sure to not appreciate.  I also think that a re-validation of ID is not
too much to ask of expired members, considering information may change from
time to time.  That may also bring into question if a records retention
schedule should be implemented which requires a renewal for existing
members..maybe on a 5 year cycle? 2 years? etc..

scott

response 12 of 184:

Sep 3 20:03 UTC 2002

Part of why we need ID is in case there is a legal problem with a user.  If
the cops come after somebody Grex gave (say) outgoing telnet to, we would
rather be able to identify the user instead of bearing the liability
ourselves.

cross

response 13 of 184:

Sep 3 20:05 UTC 2002

Regarding #10; well, grex can certainly retain a record of the individual;
for instance, keep a copy of his or her name and address, maybe a phone
number.  Keeping a copy of their actual ID is gratuitous.  Think for the
former as contact information, the latter as verification (again, crude)
of that information.

aruba

response 14 of 184:

Sep 3 20:50 UTC 2002

I will, of course, handle the situation however the board or the membership
direct me to.

I'm a little puzzled by people saying that "after an ID is verified, the
copy should be destroyed."  When someone sends a copy of their driver's
license, I don't call up the relevant state and ask them if the ID is valid;
I just copy down the driver's license number.  So there isn't a
"verification" step - we just save the information so that we can retrieve
it if we need to.  If we didn't save it, we wouldn't have a way to track
people down if the police came to us and said that a member had done
something illegal.  So I don't understand how we could destroy the ID and
still be able to find someone.  I guess I could just save addresses and
phone numbers, but some kinds of IDs (like passports) don't include
addresses.

Let me restate what data I save, for people who may not have read the other
item.  When someone becomes a member of Grex, they are required to submit
some form of ID, for two reasons: 1) so we can make sure no one person has
more than one vote, and 2) so that we have a way to find people who abuse
their internet privileges.  Such ID can be a checking account number (from
a check), a driver's license, a passport, a library card, or something like
that.  I reduce the info to one line and store it in my database.

For a while in 2000 we were using credit card numbers as ID.  We have
stopped doing that, and I eliminated all credit card numbers from the
database.  We still have one member whose only ID is a credit card number,
and another who just expired recently; I saved those numbers on a piece of
paper.

tod

response 15 of 184:

Sep 3 21:13 UTC 2002

Maintaining the information on IDs to "track people down" is in fact putting
Grex in the position of liability.  A double edged sword is being produced
when you state that IDs are kept for "finding" people.  Rather than declaring
a statement of limited liability on behalf of Grex, a statement of liability
is being endorsed simply by practice.
Does that make sense what I'm saying?
If I'm a third party, and someone originating from the Grex domain appears
to be doing damage to my network, then I might be able to hold Grex liable
with the expectation that Grex would seek to prosecute the someone in
question.  On the other hand, if Grex has a standard of not requiring ID from
the member base, it can be safely assumed Grex will not be able to produce
sufficient data on that someone.

Then, on an even slipperier slope is the question of privacy and security.
At which point will you be expected to follow the Computer Fraud and Abuse
Act, Electronic Communications Privacy Act, Computer Security Act, National
Infrastructure Protection Act, Privacy Act, etc etc once you have opened the
pandora's box of admitting any level of monitoring or auditing on a membership
basis?  At that point, whom in the Cyberspace heirarchy will be the ultimate
responsible party to answer for any shortfalls a law enforcement request might
produce?

gull

response 16 of 184:

Sep 3 21:34 UTC 2002

If we have any European members, we may run afoul of some of the very strict
European privacy laws, too.

aruba

response 17 of 184:

Sep 3 22:59 UTC 2002

If you guys have some specific laws in mind, you probably ought to quote
them instead of just giving their names, which doesn't tell me much.

Grex has always had a policy of requiring ID from its members, for the two
reasons I mentioned.

scg

response 18 of 184:

Sep 4 00:36 UTC 2002

It would be illegal under US law for Grex to hand identifying information
about specific users over to authorities without a court order.  If I
understand things correctly, handing identifying information over to private
citizens or companies is less legally complicated, but they still can't compel
Grex to hand over inforation without a court order.  I don't see anything
wrong with maintaining the database, as long as the information isn't given
out to thsoe it shouldn't be given out to.

Grex has no physical presence in the European Union, and isn't doing business
there.  I don't think European privacy laws apply.

other

response 19 of 184:

Sep 4 01:05 UTC 2002

If you don't like our practices, I suggest you do one of two things:    

        * Become a member and propose a specific change, or

        * Don't become a member, in which case they don't apply to you.

Since there is a blatant attempt underway to confuse issues regarding our 
membership and recordkeeping practices, I strongly suggest that we take 
with a grain of salt any suggestions or implied threats by anyone not 
directly affected.

aruba

response 20 of 184:

Sep 4 02:55 UTC 2002

Re #18: Right, Grex has always had a policy of not giving identifying
information to anyone without a court order.  So far that's never happened.

jp2

response 21 of 184:

Sep 4 02:58 UTC 2002

This response has been erased.

jp2

response 22 of 184:

Sep 4 02:59 UTC 2002

This response has been erased.

other

response 23 of 184:

Sep 4 03:03 UTC 2002

Handy with the hyperbole, aren't we?

jp2

response 24 of 184:

Sep 4 03:07 UTC 2002

This response has been erased.

0-24

25-49

50-74

75-99

100-124

125-149

150-174

175-184

Response Not Possible: You are Not Logged In