response 6 of 118:

Aug 27 17:22 UTC 2002

Re #5: Why?  It seems to me it's a position that demands technical skill,
which doesn't have much to do with political popularity.  (I'm reminded of
when one county in Washington elected a coroner that used his post as a way
to push his conservative values, by declaring that people whose lifestyles
he disagreed with had died of embarassing things.  They don't elect their
coroner anymore, that position is now appointed.)

response 8 of 118:

Aug 27 20:37 UTC 2002

(Why *do people use that term, "no offense, but . . ."?  All one does 
by using that term is annoy people with what is said next whether or 
not it's offensive anyway.)

response 12 of 118:

Aug 28 00:50 UTC 2002

I definitely think it's a good thing the term limits force grex to train
more than one person to be treasurer.

response 14 of 118:

Aug 28 01:42 UTC 2002

(Grex doesn't have a one-person staff.  only Chinet does.)

response 16 of 118:

Aug 28 02:15 UTC 2002

The best reason I know of that the treasurer's current duties are 
consolidated in one position is the protection of private information of 
Grex members.

Consolidation means that information doesn't have to be shared to get the 
job done, which means it can remain entirely off of public networks.

response 20 of 118:

Aug 28 02:35 UTC 2002

(resp:17 slipped.  staff usually sticks around until they get fed up
or drift away.  why was that a good point?)

response 24 of 118:

Aug 28 03:49 UTC 2002

Wrong again.  The law only disallows anonymous *voting* memberships.

Technically, I suppose, a non-voting membership would not qualify under 
law as a membership in the same sense that voting memberships do, so it 
is really a matter of semantics.  But for our purposes, they are legal, 
anonymous, non-voting memberships.

As for credit card numbers, we have records from credit processing 
services other than Paypal, before we began using their services.  You'd 
have to ask aruba for specifics about credit card numbers, if any are 
even among our current records.

23 slipped in.  The purpose of anonymous memberships is because some 
individuals wish to support Grex anonymously, and some wish to have 
access to our outgoing internet services, but do not want their 
validation information made public.  We do our best to respect that wish.

response 26 of 118:

Aug 28 07:50 UTC 2002

Jamie, are you a lawyer or a journalist by training?

Grex has 2 reasons to acquire identification information: voting rights,
and internet access liability.  The former is defined by a combination
of Michigan State law, and the bylaws - we have to be able to show "due
diligence" in enforcing "one person, one vote", and we have to keep a
membership list that is available for inspection (by whom and under what
circumstance has been a matter of some controversy.) Full legal names &
address information would probably be part of that list; the raw
materials we used to verify that list would not be.

Internet access liability is a much more shadowy and less well defined
issue.  It's also evolving rapidly; there are more laws & court cases
today than there were when grex first got on the internet.  The
technology is also changing as well.  The fundamental issue remains the
same however, and that is we don't want grex to act as a legal shield
between a vandal and some victim out there on the internet.  Hence, if
somebody comes to grex upset about some vandal, we want to be able to do
one of 2 things: either (a) it's a service they publish or provide to
the public, and it's their business to secure that service (ie, smtp,
http), or (b) it's a private service, so only somebody known to us could
have gotten to it.  Ie, they're a member, and we have sufficient "stuff"
at our end to enable the person to be tracked down and held accountable
for what they did.

Now, somebody up to no good is not likely to willingly provide us with
their real name or address.  So, we need "something more", and something
that will latch into other people's resources.  If we merely wanted some
form of unique identification, a "tongue" print would likely suffice.
As far as I know, these are as characteristic as finger prints.
However, nobody else records these, so they're not useful for tracking
people down.  What we do instead is, if the person paid with some
financial instrument that leaves a paper trail, we keep a copy of that
financial instrument.  If we're paid with an anonymous instrument, such
as cash, we instead ask for some other form of ID, such as a driver's
license, and we keep a copy of the information on that.  Presumably, if
a member ever were to commit some sort of indiscretion, law enforcement
or a court could use the paper trail left by the money to track it back
to the actual person responsible, or at the very least would be able to
show that the person concerned also committed fraud against us (thus at
least giving us a good reason to shut that person's account down.)

In actual fact, requiring identification for internet access dissuades
vandals in quite a different way: few are willing to provide real money
or identification information in the first place.  So we've never had to
test the effectiveness of the information we collect.  So basically this
turns into an interesting shell game; we collect and store all this
data, so that we never have to use it.

I don't believe we have very much credit card information.  Paypal is
the only system we've ever used that worked, and since it doesn't give
such information to us, I believe we've treated it like any other
anonymous form of money; we require additional identification
information.  Most of the information we have is probably of the form of
photocopies of either driver's licenses, school IDs of various sorts, or
personal checks.  Clearly this is all "private" data; we treat it all as
confidential, and the only reason we'd turn it over to anyone else would
be in case of a court order.

I have never heard anybody suggest that it's illegal for a business
(even a non-profit) to keep such information--many businesses collect
and keep a lot more than we do.  The closest anyone has come before is
to suggest that it might be illegal in some states to photocopy a
driver's license.  This is far from proven; apparently even in states
where this is allegedly the case, it's still common to photocopy them.
The actual interpretation of the law seems to be that it's illegal to
*forge* a DL; since photocopies are generally obviously not forgeries;
nobody seems to care.  Besides, grex isn't in one of those states, and
we're not the ones making the photocopies; so it's not at all clear this
is our problem.

In the final analysis, of course, it's completely within Jamie's rights
to refuse to provide any identification information to grex, just as
it's completely within grex's rights to refuse to "make him a member".
Essentially, Jamie is saying "I don't trust you with my private data",
and "I refuse to be accountable for any actions I might take".  If Jamie
were applying for credit at at credit union, or attempting to purchase a
plane ticket, he'd be laughed out the door.  Our identification
requirements are awfully modest in comparison.