|
Grex > Coop12 > #123: Proposal to modify selection of corporate officers | |
|
| Author |
Message |
| 25 new of 118 responses total. |
gull
|
|
response 44 of 118:
| 
Sep 3 02:15 UTC 2002 |
Why do you need the number, if the person's identity has already been
proven? Keeping it around seems like an unnecessary risk.
|
mdw
|
|
response 45 of 118:
|
Sep 3 02:22 UTC 2002 |
I see nothing inaccurate regarding memfaq.html#whoseesmyid . The reason
we keep the credit card number has nothing whatsoever to do with money;
it is in fact completely useless to us for that purpose.
I think we need to be very careful not to make Mark's job any harder
than it needs to be. We're already asking him to go to quite a bit of
trouble on grex's behalf; and he's not getting paid for any of this.
The treasuer's job is perhaps *the* most important job on grex; without
it being done, and done well, this system *will* fold. Mark has done an
excellent job for grex, and frankly he deserves a *lot* more praise,
appreciation, and credit, than any of us have shown him. People who
critique Mark are really displaying a marked ignorance of what he has
done for grex, and how indebted grex really is for his work.
Having said that, onto the "computers is dangerous" thread. There are
things we've asked Mark to do to keep things safer. We ask for instance
that he keep nothing "of value" on grex -- that means grex is never the
authoritative source of membership information, and no credit card
numbers here. We expect he keeps decent backups at home since hardware
failure is always a possibility. I'm not sure we need to be asking for
anything beyond that. Sure, it would be "nice" if he kept all
membership data on a totally secure dedicated machine always kept
offline in a vault and guarded by armed dogs 24 hours a day with orders
to shoot to kill. But I don't think we can realistically expect that of
him. The best we can hope is that he'll use "appropriate" technology to
keep accurate track of the information we ask, and unfortunately, for
better or worse, today that's highly unlikely to mean anything but
MicroSoft, regardless of what any of us computer geeks might think.
In the general scheme of things, I don't think that's necessarily all
that risky. Sure there are things that can reach in via a dialup
connection, infect a machine, and make it divulge all sorts of
embarassing supposedly "private" information. But reality is not a
Hollywood movie. Most of those things that can "reach in" are things
like viruses and worms. These things are usually "blind" in the sense
that they don't really know how to shift through random data on a user's
machine; if they were looking to steal data from the machine, it would
likely be passwords or financial information Mark would have given his
computer to pay bills online or some such. But most of these things are
bent on either replicating themselves, or stealing access on the
machine. Too, Mark has been involved with computers long enough that he
has every reason to understand about viruses and worms, and take
appropriate measures against them. So I don't really see him getting
infected with Klez and sending copies of random files off his hard disk
along with the virus to random strangers. Like it or not, people who
are out to harvest credit card numbers really are after *much* bigger
fish than grex; grex is simply not worth their while.
|
jp2
|
|
response 46 of 118:
|
Sep 3 02:45 UTC 2002 |
This response has been erased.
|
other
|
|
response 47 of 118:
|
Sep 3 03:05 UTC 2002 |
re "it now says that that information is, at least occasionally, on the
Internet": It does not say that at all, and the extent of the illogic of
that admittedly broad leap is puzzling at best.
|
gull
|
|
response 48 of 118:
|
Sep 3 12:48 UTC 2002 |
It's not intentionally posted. It *is* on a machine that's sometimes
exposed on the Internet. You may think that's a minor risk, but have
you looked at the number of security patches that have come out for
Internet Explorer and Outlook Express in the last year? Have you
installed every single one?
I won't even keep my *own* credit card numbers on my computer, much less
other people's. You may think it can't happen to you; that's what I
thought until a machine I was running got hacked.
|
other
|
|
response 49 of 118:
|
Sep 3 13:39 UTC 2002 |
Hmm. That's a good point, which I sometimes forget because I personally
do not use MS OS or browser software except very occasionally.
|
cross
|
|
response 50 of 118:
|
Sep 3 14:32 UTC 2002 |
Okay, here's a rhetorical question: What would you think of a store that
kept a copy of your credit card information indefinitely? Marcus, who
often champions security way beyond what's necessary for grex, makes the
dangerous and misinformed statement that Mark's machine isn't necessarily
a target. Specifically, I agree with him; being caught up in a broad
sweep (which happens all the time, incidentally) is another matter.
Lasty, what reason does grex have for storing people's credit information
electronically? Actually, at all? Is it necessary to retain copies of
ID's after they've been verified as being valid?
|
jp2
|
|
response 51 of 118:
|
Sep 3 14:42 UTC 2002 |
This response has been erased.
|
aruba
|
|
response 52 of 118:
|
Sep 3 20:20 UTC 2002 |
Re #43: Jamie, I wrote memfaq.html, drawing on my own practices, so if there
is a conflict, then the fault is mine and mine alone.
As I said before, I would welcome a discussion on how to assure that my
treasurer database is secure while I'm on the net. I do need to have access
to it frequently, though. So if anyone has any constructive suggestions,
please suggest them. (BTW I don't use either Internet Explorer or Outlook
Express.)
Re #46: Jamie, I have deleted all your personal info from my database, per
your request. Your statement about "this ... policy" is rather vague; you
might want to narrow down exactly what it is you object to.
Re #50: Well, most stores don't need to keep ID on people who buy things,
because once the sale is done, what the customer does is not their problem.
In our case it is. A lot of ISPs certainly hold onto credit card numbers,
for the same reason we collect ID (and to make it easier to charge their
customers once a month).
As Marcus said earlier, the reasons for storing credit card numbers were
the same as for storing IDs of any kind: 1) to insure that one person
can't have more than one vote, and 2) to be able to track down someone who
does something nefarious through Grex.
How about this. I will write those two remaining CC#s on a piece of paper
and then delete them from the database. As I said before, I never liked
having them around, so that will eliminate any chance that they can be
stolen off my hard disk. There, I've done it. No more CC#s in the
database.
|
gull
|
|
response 53 of 118:
|
Sep 3 21:32 UTC 2002 |
The CC # is used to verify that the person is who they say they are,
correct? At that point you have their name/address info, so why do you need
to keep the CC #?
|
aruba
|
|
response 54 of 118:
|
Sep 3 22:46 UTC 2002 |
Maybe Greg can speak to whether we used credit card numbers to verify
anything; he was treasurer then. Usual practice with IDs is just to record
them, not to call anyone up and try to verify anything.
|
mdw
|
|
response 55 of 118:
|
Sep 4 13:18 UTC 2002 |
Credit card numbers do not verify adress for us. What's important to us
is that some law enforcement dude or lawyer can take that number, get
the appropriate court order, and extract not just the address we might
have, but a possibly updated trail leading to the bad guy. Basically,
grex lacks the resources or ability to do the detective work to check
out a person's background, and later, vouch for that person's identity,
which is what people are asking for here. Instead, the goal for grex is
to acquire sufficient raw data for such an inquiry, and retain it
against the hopefully extremely unlikely possibility of such an
investigation, and to do so in a manner that is least painful for all
concerned. This is a subtle distinction, to be sure, but I hopeful
meaningful.
In fact, a credit card number would be totally useless for us for
identity purposes today; the only way it's useful is if we were able to
verify that we could apply a charge against it at least once and not
have it contested. That is not absolute proof of identity (*nothing*
is) - all it does is raise the financial bar to fraud, which is the main
thing we're trying to discourage.
|
aruba
|
|
response 56 of 118:
|
Sep 4 13:30 UTC 2002 |
Thank you, Marcus, your first paragraph is what I've been trying to say.
|
cross
|
|
response 57 of 118:
|
Sep 4 14:51 UTC 2002 |
I was meaning verification to take the form of, e.g., comparing the
address that someone told you against what's written on their driver's
license or similar. That said.... Are people who've given credit
card numbers *aware* that their credit cards are being used for
identification purposes, and not just financial purposes, as they
perhaps thought? Maybe a better policy is to disallow the use of
credit cards as ID, and require a photocopy of a picture ID with
address on it. Make a note of the address, and destroy the copy.
Why would grex need to do anything more than that?
|
aruba
|
|
response 58 of 118:
|
Sep 4 15:34 UTC 2002 |
Our ID requirements were created to try to minimize the number of hoops
people have to jump through to become members. So we accept different kinds
of IDs, some of which don't have addresses on them, such as passports and
library cards. This also allows people who are concerned about sending a
copy of their drivers' license to send something else instead.
I will ask the two people whose credit card numbers we've retained if they
would rathr provide other ID instead.
|
mdw
|
|
response 59 of 118:
|
Sep 5 10:56 UTC 2002 |
I'm afraid even if we made a copy of the address we would still need to
retain other information on the ID that was presented to us - like what
sort of ID it was, if it had any serial number on it etc. That's
because that ID is valuable not merely as direct proof of identity, but
because it in itself may have a paper trail that is additionally
valuable to someone (not us) doing detective work. The serial number
shows we actually have a legitimate key into that person's database and
eliminates a lot of confusion over names and addresses, both of which
changed, and the history of which is not necessarily retained. If the
ID was forged, then none of this information is valuable, but the
forgery in itself may have other evidence of its origin. Unfortunately
we don't necessarily have the ability or resources to detect such a
forgery, but the more information we can record regarding such a forgery
the better. If nothing else, having "proof" such a forgery existed
shows that we weren't ourselves being irresponsible, but exercised due
reasonable diligence. Even if it wasn't a forgery, it still becomes
much easier for an evil-doer to claim "oh, that wasn't me at all".
An address we ourselves jot down retains none of this value. It
becomes, in the most literal sense possible, our word against theirs;
and I think this puts us in a terrible spot should any such such a
situation ever arise.
|
jmsaul
|
|
response 60 of 118:
|
Sep 5 13:22 UTC 2002 |
Why, exactly, do you feel it's your responsibility to retain this information
on people?
|
other
|
|
response 61 of 118:
|
Sep 5 15:11 UTC 2002 |
Because we're providing them the means to do mischief on the internet,
and by retaining proof of our reasonable attempts to validate them, we
display due diligence which serves to shield us from liability for the
actions of people who use our system. Sure, as an attorney, you can
understand that. The law typically protects those who practice due
diligence and not those who don't. (At least somewhat.)
|
tod
|
|
response 62 of 118:
|
Sep 5 16:25 UTC 2002 |
I think tasks are being confused here.
Grex should be authenticating members which includes: identifying,
authenticating(verifying identity), and finally authorizing.
Due diligence is a waste of time when not coupled with due care(doing
everything possible to originally prevent said mischief).
I think it is very important to understand the separation of those purposes.
Is identification being obtained for the authentication process, or for the
liability purpose?
|
cross
|
|
response 63 of 118:
|
Sep 5 16:36 UTC 2002 |
Sometimes I think that grex takes itself a little too seriously; CD's
that come in the mail advertising ``50 free hours on AOL'' provide a
much larger window of opportunity for those who wish to do ``mischief''
on the Internet (Re #61; in the context of the global network, Internet
should be capitalized. ``internet'' is a general networking term.
Yeah, that's a quibble). But that's one reason I like grex: it's very
professional, and commited to what it does; something ultimately to
be admired. However, that's neither here nor there.
I don't understand what Marcus means when he says, ``it's their word
against ours.'' What, that they became a member? That it was really them
who became a member? How does knowing someone's driver's license number
improve the quality of the data you have on a potentially nefarious user,
over just having an address? Don't the authorities that you might turn
such data over to already have the means to correlate a name, address,
and time with a person?
The arguments of due diligence are flawed. Are you demonstrating due
diligence in protecting the privacy of that data? I think that Mark
certainly is; he promptly deleted all the credit card data he had from
his system, but the larger issue does come up. There's more than one
issue here, yet it's easy to become sidetracked and see only one.
|
tod
|
|
response 64 of 118:
|
Sep 5 16:51 UTC 2002 |
I think the interject of "due diligence" implies that "due care" has first
taken place. I have yet to see anything clearly defined on how Grex is
protecting itself only by maintaining copies of various identification.
|
other
|
|
response 65 of 118:
|
Sep 5 18:10 UTC 2002 |
Grex's entire networking software base has been developed and modified
with significantly more than usual "due care" to prevent when possible
and track when not any abuses originating from our machine. Unless you
are truly ignorant of this (and I grant that you may be), any suggestion
that this obligation has been unattended is entirely specious.
|
tod
|
|
response 66 of 118:
|
Sep 5 18:48 UTC 2002 |
Is that why I'm not receiving a clear answer on how Grex intends to utilize
its resources(copies of ID)? Because Grex is practicing "due care"?
The only ignorance I'm detecting is your understanding that "due care" does
not have the limitation of PicoSpan, rather, we should include resources and
the responsibilities taken for all corporate activities.
I'm certainly not questioning the obvious ability of the system administrators
to "lock down" Grex. Try to understand that I'm offering some direction and
insight "outside of the box".
|
other
|
|
response 67 of 118:
|
Sep 5 19:28 UTC 2002 |
We have a simple system, with voluntary participation. We do our best to
keep it secure and to keep the tools we offer from being abused. In
order to both discourage abuse of our democratic management system and to
responsibly provide Internet services, we keep minimal information
(voluntarily provided in exchange for use of those services) on the
people to whom we provide access. That information is kept by the
treasurer, and is not provided to anyone else except as needed for the
purposes listed above. It is only given to anyone not functioning in an
administrative capacity on Grex's machines under court order. Period.
Very simple. A complete non-issue.
Try to understand that the questions you are asking may be valid, but
that our system wasn't spawned overnight by thoughtless or malicious
individuals and that it functions very well as is, and poses no
significant threat to the privacy or security of anyone who does not
abuse the resources we provide. I do not know what your intent is in
raising these concerns, and it may very well be legitimate concern, but
given the stated purpose of certain individuals to go to whatever lengths
they will to undermine and confuse Grex for their own entertainment, try
to understand that persistent, public, microscopic review of our
carefully implemented practices may be viewed with some annoyance and
skepticism. And, try to understand that Grex management has nothing to
hide in our policies and practices, and that such skepticism and
annoyance under these circumstances is both entirely justified and
completely unreflective of any wrongdoing or malintent on the part of
Grex or its board or staff.
|
tod
|
|
response 68 of 118:
|
Sep 5 19:49 UTC 2002 |
Entertainment, skepticism, annoyance, etc
I dont understand your statements: That information is kept by the
treasurer, and is not provided to anyone else except as needed for the
purposes listed above. It is only given to anyone not functioning in an
administrative capacity on Grex's machines under court order. Period.
Very simple. A complete non-issue.
The purposes listed above state that ID will be given to "find" someone if
the police ask for it. Then, another purpose listed states "only under court
order".
I'm asking for clarification stating specifically in what situation will the
ID data be rendered to "other than" the treasurer. I'm also asking
specifically, is the ID intended to be used for identifying a member OR is
the ID intended to "find" a member?
Would a passport serve the same purpose as a driver's license?
I think my questions are valid concerns that can be addressed in this item.
If you are still unsure of my intent for raising these concerns, rest assured
my intent nears nowhere near malicious entertainment value. The fact that
you have read my prior responses and still question my intent has the stench
of prejudgice only because of my M-Net affiliation.
|