|
Grex > Coop12 > #15: Grex's ID policy - email with account usgov |  |
|
| Author |
Message |
| 25 new of 133 responses total. |
aruba
|
|
response 19 of 133:
| 
Apr 14 03:22 UTC 2001 |
Thanks Carson and Sara, I appreciate the support.
|
aruba
|
|
response 20 of 133:
|
Apr 14 03:38 UTC 2001 |
Re #14: The check *had* an address on it, but the address was carefully
typed over with the letter "s" before the check was mailed. There was no
return address on the envelope.
|
robh
|
|
response 21 of 133:
|
Apr 14 03:42 UTC 2001 |
<robh notes that every job he's ever applied for has also asked for
a photocopy of his driver's license>
<and robh also commends aruba for his professional demeanor>
|
jiffer
|
|
response 22 of 133:
|
Apr 14 03:48 UTC 2001 |
I commend you Mark. You did the best you can.
|
eeyore
|
|
response 23 of 133:
|
Apr 14 04:30 UTC 2001 |
Absolutely. I think that at this point we mail them and tell them that these
laws are not laws that we can find anywhere, and that since nobody seems to
want to be responsible for this account, there is nothing that we can do.
Deffinately send the check back. And get the addy first, obviously. :)
|
krj
|
|
response 24 of 133:
|
Apr 14 04:46 UTC 2001 |
I'm really skeptical that an "honest internet user" would have taken
the login "usgov," especially when hiding behind a wall of anonymity.
Wish them well and speed them on their way.
|
rcurl
|
|
response 25 of 133:
|
Apr 14 05:58 UTC 2001 |
aurba asked me to read this item. carson, in #17, gives the URL for public
corporate information on PROPERTY EXCHANGE & SALES, INC. There is given
the name and address of the Resident Agent, who is the person (and
address) that is required to be registered with the state so that the
state can transmit legal communications. The corporation has been
"active and in good standing" since 1980, when they had failed to
file an annual report (not much of a sin...).
There is a Richard M. Jacobs, at 7730 Carondelet Avenue, Saint Louis,
MO 63105, (314) 721-2000, who may be the same RA. I suggest calling
him and ask what is the business of the company.
Personally, I see no reason why Grex should not accept this membership
if Richard Jacobs is at that address and phone number.
I will say I am surprised at the antagonistic tone of the person
with whom Mark has been communicating. This might be mentioned when
talking to Richard Jacobs. In fact, ask for the person's real
identify, and why they want an institutional account on Grex. Might
be interesting.
|
rcurl
|
|
response 26 of 133:
|
Apr 14 06:38 UTC 2001 |
I should have mentioned that Richard M. Jacobs is an attorney, and that
is his business address. (The business address may be coming up in
the world, with an address change from 7720 to 7730... :)). Also,
just to make it more interesting, there is a Richard Jacobs in St. Louis,
who is a big real-estate wheeler-dealer. Might be the same person.
|
remmers
|
|
response 27 of 133:
|
Apr 14 12:05 UTC 2001 |
Re #25: I don't see why Mark or anyone else associated with
Grex is obligated to go to any more time, trouble, and expense
concerning this matter than they already have. I agree with
the the general sentiment expressed in this item that Mark has
handled the matter diligently and professionally. The burden
is on the corporation representative at this point to make an
effort to conform to Grex's policies if they want the privileges
of Grex membership; the posted email exchange indicates that
they have no interest in doing so.
|
russ
|
|
response 28 of 133:
|
Apr 14 12:21 UTC 2001 |
(Getting in a bit late, because I forgot to post this Friday night)
If Michigan state law doesn't allow photocopying of driver's licenses,
lots of car dealerships and real-estate agents are in gross violation
because they take photocopies if you go out with one of their vehicles
or agents.
The line about the Social Security number is a red herring, at best.
Only *government agencies* have any restriction on their use of the
SSN; they can only use it for purposes consistent with the Privacy Act,
IIRC. You're free not to give your SSN to any private company you
like... and they're free not to do business with you.
I didn't see anyone asking PE&S for an SSN (does Missouri put them on
the driver's license? If so, the legislature is full of idiots). An
Employer Identification Number would be analagous, and who the heck
would bother impersonating a business?
It sounds very much like PE&S wants to run software on Grex that uses
more than e-mail and Lynx. I suspect that they want to run spamming
software that hits open mail relays. We should not allow that.
On the other hand, we have a check. Mark, I suggest that you deposit
it and inform PE&S that they have themselves a tax deduction. If they
want access to telnet etc. they can meet our ID requirements, and if they
want their money back they can give you their mailing address. ;-)
I suggest that we change the policy on business/corporate users to
eliminate their access to telnet etc. and allow them to sponsor a
conference for the duration of their membership if they so desire.
Keep the voting restriction as-is. This way we have no need for ID.
|
cmcgee
|
|
response 29 of 133:
|
Apr 14 15:41 UTC 2001 |
On thinking this over, I want to suggest that this corporation/person has
already shown that they are difficult to deal with, litigous, and certainly
unwilling to conform with the Grex community's explicit practices.
Rane has already spent far more time tracking down this person's
identification than we usually spend on any member. Why are we wasting
time on it?
One of the reasons we ask for ID is to be certain that we have a human
being to work with in case a userid proves to be a problem with the rest of
the internet. It does not sound to me as if this corporation or its
representatives would be easy to work with, thus taking up more staff time
than we already spend on Internet vandals.
I suggest we not deposit the check because this person could probably cost
us more in legal fees by filing frivilous lawsuits than we could possibly
afford. Cashing the check and then taunting him with the "donation"
concept is probably just what he needs.
Hold the check, ask for an address to return it to, and don't spend a
minute more trying to reason with him.
|
remmers
|
|
response 30 of 133:
|
Apr 14 16:00 UTC 2001 |
Yes.
|
rcurl
|
|
response 31 of 133:
|
Apr 14 17:08 UTC 2001 |
I think, on the contrary, that this has only gotten exaggerated because
more time has been spent on it than necessary. I agree that that was
caused by the behavior of the person that contacted Grex, who preferred to
argue than just refer us to their Resident Agent. The RA is fully
"identified" - by the State of Missouri, and if any problems arise, we can
complain to the Corporate Division of the State (who would contact the
Resident Agent). Of course, we can also just pull the plug at any time.
One reason for accepting the membership is, of course, $60. Also, I don't
think Grex should get so "personal" about the matter. I know Grex is just
a tiny club, but it can act in a business-like manner. Most businesses
have to deal with "difficult customers", and doing so graciously reflects
well on the organization.
My suggestion now, is to ask usgov to *confirm* that Richard Jacobs is the
corp's Registered Agent, and that the address and telephone number are
correct. Ask also for the corporations EIN. If he does that, the
organization is certainly sufficiently "identified".
(I am arguing, in part, for accepting this institutional membership
so we can "read the next chapter". 8^} )
|
drew
|
|
response 32 of 133:
|
Apr 14 17:52 UTC 2001 |
I don't quite understand why member access to the net would be required to
send out spam. Certainly it's possible to do a
foreach N in `cat maillist`
mail -s "GET RICH QUICK" $N < spamfile
end
with just normal access to mail. Isn't it?
|
carson
|
|
response 33 of 133:
|
Apr 14 18:21 UTC 2001 |
resp:31
(not to nick pits, but you mention a specific dollar amount wrt
accepting a membership. I wasn't aware that any specific dollar
amount, wrt to this specific question, had been mentioned, certainly
not in any authoritative sense. while the donation very well could be
for a full year [or ten months], I certainly wouldn't assume so. at
most, because of the mention of voting, I might assume that the initial
intended amount of donation would be eighteen dollars or greater.
however, given the active misinterpretation and noninterpretation of
current Grex policy by the potential donor in question, there's no
reason to believe the check was for any amount greater than $6.)
(would your suggestion dovetail with current I.D. requirements, or
would it also necessitate that said Resident Agent agree to accept
responsiblity for outgoing use of the account in question?)
---
(an aside: how long does Missouri allow a company to file an annual
report before revoking their status? the website I referenced in
resp:17 clearly states that the information it provides is not
authorative. this is an aside because the status of the company with
the State of Missouri has little-to-no relevance to our [Grex's] I.D.
policy.)
|
aruba
|
|
response 34 of 133:
|
Apr 14 23:19 UTC 2001 |
Re #28: Russ - the check has some text on it indicating that it is for a
Grex membership. Valerie and Steve Gibbard convinced me that that might
mean that by depositing the check, we would be agreeing to give them a
membership.
Re #31: Rane - We have a policy in place that says what kind of
identification institutional members must provide us, and it doesn't include
using resident agent information from the state government. So if we were
to accept that as ID in this case, we would be making an exception to our
policy for this member.
|
aruba
|
|
response 35 of 133:
|
Apr 14 23:26 UTC 2001 |
Re #32: I've been wondering about that too, Drew.
|
other
|
|
response 36 of 133:
|
Apr 15 03:49 UTC 2001 |
I'm tired of this, and the $60 is not worth the effort that has been put
into this. If a potential customer/donor is looking for trouble, we have
no business trying to find ways to let them make it.
Inform user usgov that since they are not interested in complying with
our policies, we are not interesting pursuing this further, and that we
will return their check uncashed as soon as they provide an address to
which to send it. If they choose not to provide an address and express
the preference, we will simply destroy the check.
|
carson
|
|
response 37 of 133:
|
Apr 15 04:21 UTC 2001 |
<sigh>
(so is it a $60 check that's at issue? [not that the actual amount
matters...])
|
scg
|
|
response 38 of 133:
|
Apr 15 05:03 UTC 2001 |
It's been said or implied several times, both here and in staff mail, that
it's this company that wants something from Grex, rather than Grex wanting
something from them, and that as such it should be them trying to make Grex
happy, rather than Grex trying to make them happy. That sounds to me as
backwards (at least for an organization not based in California ;) ). A Grex
membership is not something of value, but rather a thank you for a certain
size of donation. Judging by the number of requests for money Mark sent me
last time my Grex membership expired, and what I know from having been active
in the running of Grex for several years, membership donations have certainly
seemed in the past to be something of great value to Grex. If I've been
mistaken about this, and Grex doesn't need membership donations and has only
been asking me for them becasue people are under the impression that a Grex
membership is something that I desperately need, I suppose I could find
something else to spend the money on.
It appears to me that under current Grex policies, Grex is not able to offer
a membership under terms acceptable to this company. That's unfortunate, but
may not be something that can be gotten around at this time. It does raise
the question of whether Grex's current membership and ID policies are
reasonable. It seems that in this case, we do know the identity of this
potential member at least as well as any form of ID would establish, as
Missouri turns out to make it very easy to find out that information about
corporations. Our problem is that that isn't a method of validating members
approved by our policy, and adding it is unlikely to help in other cases,
since none of my not very random sampling of other state government websites
had that information available. The required policy change could be something
as simple as adding "or other easily verified identification information" to
the list of acceptable ID.
The larger question, though, seems to me to be why Grex has these ID
requirements at all. Initially it was to protect the insular Internet from
our public users, but that's a very different issue in 2001 than it was in
1993 or 94. The corporate membership list requirements are a red herring,
since no other non-profit organization I've ever been a member of has wanted
anything more than my word as to what my address was. The misunderstanding
there seems to be that Grex has approached corporate fundraising law from the
perspective of computer security people, and that's not the perspective
anybody else approaches it from.
In any case, speculation about what abusive uses this company might use their
account for is completely inappropriate. If that were the purpose, they could
be up and running doing whatever they wanted to do much more effectively from
any of the free ISPs. I'm not sure why people find it so hard to believe
that this isn't just some somewhat paranoid person wanting a membership, a
case we've certainly had and dealt with plenty of times before.
|
gelinas
|
|
response 39 of 133:
|
Apr 15 05:06 UTC 2001 |
Interestingly, the second of the cases cited in #12 involves PESI providing
false information about its officers and address: Richard Jacobs had his
housekeeper file the application for a post office box, saying she was a
vice-president of the PESI, using her home address as the address of PESI.
The Post Office determined that information to be false.
I guess Rick does value his privacy. And I can almost see why.
|
gelinas
|
|
response 40 of 133:
|
Apr 15 05:13 UTC 2001 |
Steve slipped in. I agree, this is just some paranoid wanting a membership.
And maybe we should revisit our membership ID requirements. HOWEVER, I have
to disagree that much has changed since 1991 on "protecting the insular
Internet from our public users." If anything, it is becoming _more_ important
to identify such users, not less. Even if the Michigan law requiring ISPs
to identify the people they let out on the Internet fails.
|
scg
|
|
response 41 of 133:
|
Apr 15 08:15 UTC 2001 |
How so? The original reason for Grex's policy was that the Internet was a
network mostly of universities and research organizations, putting their
computers on the expectation that anybody connecting to them would most likely
also be from such an institution, would be reasonably trustworthy, and would
be easy to track down if they did anything they shouldn't. Whether things
actually were that way I don't know, but that's how it was explained on Grex.
In addition, law enforcement, with its accompanying powers, didn't have much
interest in the Internet at that point, so cutting off problem users was left
soley up to whoever was giving them Net access, with the understanding that
if their original provider cut them off they probably wouldn't have an easy
time finding alternate access.
Now, getting Internet access is about as easy as getting access to a phone.
Nobody expects it to be a trusted network to connect sensitive systems to,
and anybody with sensitive information that has to be net connected has
probably invested quite a bit of money in firewalls (whether or not they work
as intended), rather than relying on being able to ask a remote administrator
to put a stop to abuse. In cases of serious abuse, law enforcement gets
called in, and at that point just knowing what phone line they called into
at what time is enough information to track them as well as anybody using a
phone could be tracked. True, most non-free ISPs do ask for their users'
addressses, and either bill via a credit card number they know or bill by
mailing a bill to the address, but my understanding is that most of the free
ISPs don't have a way to verify that information and therefore don't. Perhaps
we're still being good Net citizens by knowing who our users are, but it's
certainly not the obligation it was seen as originially.
Anyhow, though, changing the ID policy probably belongs in a different item.
|
carson
|
|
response 42 of 133:
|
Apr 15 16:23 UTC 2001 |
(I disagree fairly strongly with most of Steve's comments in resp:38
and in resp:41.)
(firstly, Steve [as well as Rane] seem to take the position that
Grex is a business. that's incorrect: Cyberspace Communications,
last I checked, was recognized as a *not-for*-profit. this is a
key distinction, because business lives and dies by the whim of the
consumer. business *needs* customers, and wants repeat business.
that's why, for business, "the customer is always right." I, for
one, would rather NOT see Grex run like a business all the way to
the logical extreme, which is to change its services and policies
to meet the needs of its customers, because that's not IMO where
I want to see Grex go. speaking of which, I pribly never should
have used the word "customer" in any of my previous responses, even
though the distinction was clear in my mind.)
(secondly, Mark, IMO, was as accomodating as he could be, given
what he had to work with. all he requested was a way to verify
that someone at the company would take responsibility for the use
of the account. while Steve's suggestions for potentially
modifying the ID policy certainly bear a look, they're not relevant
in this instance. the point isn't to verify the existence of the
company, or even to verify the identity of the user. the point of
the ID policy is to identify someone who will take responsibility
for the use of the account by providing a reasonable means for
contacting said person. it doesn't matter where the company is
located, who the officers are, what their status as a legitimate
business is, or why they want the account. again, the ID policy
only requests that *someone* take responsibility for the account.
there's zero reason, despite Steve's [and Rane's] implications to
the contrary, that the Resident Agent identified as responsible for
the business in Missouri would also want to take responsibility for
a shell account created on a Michigan computer. I would pose this
question to Steve [and Rane]: if I were to create an account and
send in a check to create a corporate membership for, say, AOL-Time
Warner, would it be OK if I simply pointed Grex's treasurer to the
Resident Agent as the person responsible for the account? I see
a "yes" answer as creating a Pandora's Box.)
(I agree that changing the ID policy probably belongs in a
different item. suffice to say, I disagree with Steve's take on
why [and whether] Grex needs to ask for I.D. for outgoing access,
and would be happy to expound on those points separately.)
|
ryan
|
|
response 43 of 133:
|
Apr 15 17:26 UTC 2001 |
This response has been erased.
|