|
Grex > Coop12 > #16: Should we change Grex's ID policy? |  |
|
| Author |
Message |
| 25 new of 140 responses total. |
jp2
|
|
response 55 of 140:
| 
Oct 25 13:31 UTC 2001 |
This response has been erased.
|
janc
|
|
response 56 of 140:
|
Oct 25 15:15 UTC 2001 |
My guess is that this falls short of really requiring validation of the
list. I don't think "one man, one vote" is actually enshrined in the
law. Possibly "one share, one vote" is. We could allow people to buy
more than one membership, thus having a larger number of "shares" in
Cyberspace Communications. They could vote each share they own.
If we did this, it wouldn't matter if our member list included "members"
like "Mickey Mouse". If we a membership payment for login "mickmous"
and someone who knew the "mickmous" password cast a vote,then we can
ressonably assume that that "share" has been properly voted, even though
we can't identify the actual person who voted it. It is possible that
this would be sufficient to satisfy the law Mark quoted. Though I still
think it possible that if someone requested a list of members, they'd
make a stink if they got something like:
George Washington wash@grex.org
Mickey Mouse mickmous@grex.org
Clark Kent superman@grex.org
Pogo Possum pogo@grex.org
I'm not entirely convinced that this would be legally good enough.
However, Grex really does want "one man, one vote". Our bylaws require
it. So I think it is proper for us to make a reasonable attempt to
verify the identity of members.
|
aruba
|
|
response 57 of 140:
|
Oct 25 15:44 UTC 2001 |
I'll send mail to Rane and ask him to look in on this item.
|
rcurl
|
|
response 58 of 140:
|
Oct 25 17:58 UTC 2001 |
See
http://www.michiganlegislature.org/law/GetObject.asp?objName=450-2108&query
id=
1939349&highlight=Member
|
jp2
|
|
response 59 of 140:
|
Oct 25 18:02 UTC 2001 |
This response has been erased.
|
janc
|
|
response 60 of 140:
|
Oct 26 02:32 UTC 2001 |
It says the requirements for being a member are whatever the articles of
incorporation say they are.
http://www.michiganlegislature.org/law/GetObject.asp?objName=450-2304
paragraph (3) says one-member one-vote is the law.
|
aruba
|
|
response 61 of 140:
|
Oct 26 03:43 UTC 2001 |
So, to put it all together:
- The section Rane quoted says that a member must be a person or corporation
(which is different from just saying a membership is "held" by a person,
because it makes it clear that one person can't have two memberships).
- The section Jan quoted says that each member is entitled to only one vote.
- The section I quoted says that the corporation is responsible for
certifying a list of eligible voters before any meeting where voting
takes place (which, when extrapolated to Grex's voting procedures, means
we have to have an up-to-date list whenever we take a member vote).
So I conclude that it's Grex's responsibility to ceritify, before any
vote, that no one person has the ability to vote more than once. Since
the mechanics of the voting procedure tie voting ability to particular
logins, it follows that it's Grex's legal responsibility to make sure no
two of those accounts represent the same person.
So, I still like the thing I've been telling people for years, and which
appears in the membership FAQ:
There are two reasons Grex requires ID from its members:
1. While we are very comfortable allowing anonymous users access to Grex,
we are not comfortable unleashing them on the rest of the Internet. It
would be irresponsible of the Grex administration to allow people we can't
identify to telnet through Grex to other systems, so we require ID from
everyone we allow to do that.
2. Cyberspace Communications is required by the state of Michigan to
maintain an up-to-date list of members. Implied in this requirement is
that we make sure no two memberships are held by the same person. So we
require ID to connect accounts with real people and make sure no one has
the ability to vote twice in Grex elections.
|
jp2
|
|
response 62 of 140:
|
Oct 26 04:00 UTC 2001 |
This response has been erased.
|
aruba
|
|
response 63 of 140:
|
Oct 26 04:09 UTC 2001 |
Note that corporate members are not allowed to vote, per the bylaws. So
only the first reason above applies to why we require ID from them.
From the March, 2001 board meeting minutes:
6. Institutional Membership Requirements: Much discussion, the following
conclusion:
Motion by other: In addition to those applicable requirements for individual
memberships, the requirements for institutional Grex memberships shall be:
1) A designated contact person who shall be responsible for all use of the
member account.
2) Verifiable personal identification for the designated contact person
(subject to the same ID requirements as individual memberships)
3) Renewal of institutional memberships requires an update of the contact ID.
Seconded by aruba.
Motion carries, 5,0,0
FAQ should reflect that this is not a fee-for-services arrangement and that
institutions are responsible for informing us in a timely manner if contact
persons for institutional accounts change.
|
jp2
|
|
response 64 of 140:
|
Oct 26 04:12 UTC 2001 |
This response has been erased.
|
jp2
|
|
response 65 of 140:
|
Oct 26 04:17 UTC 2001 |
This response has been erased.
|
rcurl
|
|
response 66 of 140:
|
Oct 26 04:33 UTC 2001 |
Grex's membership rules. Institutional members must provide certain
information.
The only requirement for producing a membership list, by the way, is
for voting. That is, members are entitled to inspect the membership
list *at a meeting* at the time of an election.
http://www.michiganlegislature.org/law/GetObject.asp?objName=450-2413&query
id=
1941652&highlight=list
|
aruba
|
|
response 67 of 140:
|
Oct 26 04:44 UTC 2001 |
Re #65: There is nothing to prevent you from purchasing a membership for
IBM, and designating yourself as the contact person, as long as you provide
ID.
|
jp2
|
|
response 68 of 140:
|
Oct 26 04:49 UTC 2001 |
This response has been erased.
|
other
|
|
response 69 of 140:
|
Oct 26 05:48 UTC 2001 |
It doesn't matter in whose name you open the account, but if you wish to
become a member, individual or organizational, you must provide proof of
identity because you as an individual are responsible for how the account
is used, or abused.
You could send in someone else's ID regardless of the logic of our
policy, even for an individual membership, and as long as we don't know,
it wouldn't make a difference. The assumption is that you won't have
access to enough different ID's to materially impact our governance in an
improper fashion, and if you break the law and bring on the attention of
the law enforcement establishment, we can be shown to have taken the
reasonable and appropriate steps to validate the users to whom we grant
access to the internet, and the weight of the law will fall on you if
they catch you, or not if they don't.
|
mdw
|
|
response 70 of 140:
|
Oct 26 06:09 UTC 2001 |
If you claim to act on behalf of some organization, and *weren't* given
the authority to do so by that corporation, it's possible that you might
be guilty of fraud, and that corporation might in addition be able to
claim civil damages from you. If you in fact worked for that
corporation, the corporation might be able to fire you "for cause" or
impose a lesser punishment. Since an institutional membership doesn't
really mean much, it's unlikely most corportions would really care much,
except for the use of their trademark, for which some corporations will go
to an extreme to protect.
|
aruba
|
|
response 71 of 140:
|
Oct 26 07:16 UTC 2001 |
Re #68: Eric said it pretty well. We decided that since we grant
institutional members the same internet privileges as human members, that we
need to have a contact person at each institution which is a member, so that
we can hold someone accountable if the provoleges are abused.
|
mooncat
|
|
response 72 of 140:
|
Oct 26 14:35 UTC 2001 |
I don't have time to fully explain now, but I do have more info on
this... Will get back to this item as soon as I can.
|
jp2
|
|
response 73 of 140:
|
Oct 26 14:43 UTC 2001 |
This response has been erased.
|
keesan
|
|
response 74 of 140:
|
Oct 26 16:04 UTC 2001 |
Why would anyone want an institutional membership rather than a personal one?
|
other
|
|
response 75 of 140:
|
Oct 26 18:48 UTC 2001 |
1. To have a way to send out email notices to members from a secure,
established email address recognized as belonging to the organization.
2. To create a low-cost informational website.
IM's also provide a way for organizational users of Grex to show their
appreciation of Grex's services, but simultaneously keep our governance
within the limits of the one individual-one vote restriction.
|
keesan
|
|
response 76 of 140:
|
Oct 26 20:57 UTC 2001 |
So why not have one member of the organization join as a grex member? OR
simply donate to grex if you don't want to vote, and you can still send out
email and have a website. What do you gain by being a paid institutional
member other than incoming ftp and outgoing telnet?
|
aruba
|
|
response 77 of 140:
|
Oct 27 15:09 UTC 2001 |
Sindi: One of the secrets of fundraising is to give people as many different
options as possible. We added the idea of institutional memberships because
there was a demand for them. Any institution is of course free to choose
the route you suggest, but institutional memberships give them another
option.
|
jp2
|
|
response 78 of 140:
|
Oct 27 17:18 UTC 2001 |
This response has been erased.
|
jp2
|
|
response 79 of 140:
|
Oct 27 18:12 UTC 2001 |
This response has been erased.
|