response 78 of 118:

Sep 5 23:13 UTC 2002

I think Grex does have a responsibility to maintain the information.

response 80 of 118:

Sep 6 02:29 UTC 2002

HIPAA?  Huh?

Re #78:  What are you basing that on, specifically?

response 82 of 118:

Sep 6 08:41 UTC 2002

I think in a sense both Scott & Joe are right.  I would agree with Joe
that there is no legal *requirement* that we keep any identification
records whatsoever.  I also agree with Scott, in that I think as a
matter of sound operating principle it's in our *interest* to keep such
material, and that we have the *right* to keep such material.  This is
all a matter of balancing various risks, including the risk somebody
might commit fraud against us; the risk someone else either private or
gov't might come after us due to fraud committed by the first person;
the risk keeping such materials might give us should such materials be
stolen; the risk people might not give us money should we require
sufficient id or retain proof; etc.

A lot of these risks are pretty hard or impossible to measure.  I don't
know how to measure the risk that some future treasurer might decide to
register his 6 deceased grandparents as members plus all his nieces and
nephews and swing the election in his favor.  I can say with certainty
that there *are* people who would like to gain unauthenticated full
access to the internet through grex, and that giving such people access
would not be in grex's best interest.  I can't say how much such people
would hurt grex, except to say that systems that give such access are
far less stable, and tend not to last as long as grex has.  We've never
had law enforcement actually ask for information on an authenticated
member, so we don't know if what we keep is either sufficient, or what
exactly would happen if we did not have such information.
Unfortunately, I don't think this disproves the value of such
information -- it's like wearing seatbelts; you don't want to ever need
them, and they're not a panacea, but things could get a lot worse in an
accident without them so they're still worth wearing.  We certainly do
lose members over our identification requirements.  I would not say it's
a huge % - most of the people who've reacted negatively here are people
who have already indicated their unwillingness to contribute $ for
assorted other reasons.  We have also had would-be members submit
fradulent identification data, and been able to detect it.

I think the current identification process evolved in 2 stages: there
was whatever was originally decided upon very early in grex's history,
when it was just a dial-up system.  I'm sure that received plenty of
public scrutiny as there was less distinction between users, members,
board & staff (all of these latter groups comprised a much larger % of
the former due to the much smaller total population pool and lack of
geographical dispersion.) The internet identification process happened
later, and was part of a 2 prog effort to deal with potential network
abuse; the other part was the network blocks we put into the kernel.
This was before the modern vandal community evolved, but I don't think
we did so bad a job of identifying the risks.  There was board and
membership debate about this as well; and our modern policy is I believe
a pretty direct implementation of what was then decided.  There were
elements of the decision that as I recall were deliberately left up to
staff discretion; I think that included the exact forms of ID the
treasurer could accept.  To this day, I can still hear Mary arguing for
that specific point, although I can't remember if she was at that time a
board member or just a member at large.  Mary has always been a
consistent advocate of not overcomplicating or micromanaging any
process, for which I think she deserves proper credit and praise.

All of this is not, BTW, something that should belong in the bylaws.
Bylaws define the decision making *process*, it is not a recording *of*
the decisions.  Our bylaws provide for 2 ways to make decisions (either
via the board, or via a membership vote), and those decisions could be
either short term (the board & staff will go out, buy a laptop for not
more than $2000, and configure it with *bsd or linux for the use of the
treasurer) or long-term (the treasurer will only store grex confidential
electronic data on grex provided computers, and will only transmit such
data via secure means whenever needed for lawful purposes.) Our bylaws
also permit the membership to elect board members or change the bylaws.
The board can't change the bylaws on their own, which I think is an
important and useful safegard in our bylaws.

response 84 of 118:

Sep 6 13:43 UTC 2002

Regarding #83; The issue is what data is provided, how it's handled, and
how long it's retained after a membership expires.  I was kind of surprised
to hear that Mark had credit card data for members who had long since left
grex.

response 86 of 118:

Sep 6 14:30 UTC 2002

What "data is provided" is totally up the the person sending the
identification.  We accept pretty much anything for a good reasons, first,
we want to make it easy for someone to comply and two, we're going to
trust people to do the right thing unless we find out otherwise.  So far
this philosophy has worked pretty well. 

How this identification has been handled was to keep it so secure only one
person has access to the data, the elected treasurer.  Someone has raised
concern that maybe the computer the treasurer uses should never be
connected to a modem because there is a very slim chance something could
get hacked.  As slim as this chance is a number of staff and board are now
looking into making sure this can't happen. 

The reason indentifying information will be kept for a long time, or at
least longer than a person might be a member, is because the window for
needing that information for identification doesn't end when someone
leaves Grex.  What that person has done on the Internet isn't undone when
they leave Grex. 

response 88 of 118:

Sep 6 14:57 UTC 2002

I received an alternate ID from the one member whose credit card we still
were using.  I decided that the one who had just expired is probably gone
for good, so I destroyed the piece of paper on which I had written their
numbers.  So now we're not saving any credit card numbers at all.

response 90 of 118:

Sep 6 17:15 UTC 2002

re #85 see #87
(Yes, I was referencing data retention responsibilities.  As a non-profit,
there is very little to worry about in that regards to retention schedules
other than for IRS and preferential financials that might be used down the
road for venture capital, etc)

I think its great there aren't any credit card numbers in storage.
What about the option to accept paypal as a validation method?  If a
membership includes a manual(3 month), isn't it possible to require the
address for shipping if a paypal for "goods" is accepted?

response 92 of 118:

Sep 6 18:34 UTC 2002

Paypal validates some users and not others.  When I get a payment, it either
says "this user's address has been verified" or "this user's address is
unverified".

response 94 of 118:

Sep 6 20:04 UTC 2002

That puts the responsibility on PayPal to keep the information
for as long as we need it.  I'd say no, that if we need the info,
then we should collect it and be responsible for safeguarding it.

Again, nobody has to give us any information they are uncomfortable
having us hold.  It's that easy.

response 96 of 118:

Sep 6 20:20 UTC 2002

Regarding the idea that grex needs to maintain information after a user
has let his or her membership expire; why?  They're gone; what they did on
grex is history, and if you haven't heard about it by the time they leave,
you're probably never going to hear about it.  What right does Cyberspace
Communications, Inc. have to retain that data beyond a reasonable grace
period, say 6 months?  We were talking about people who's data was still
around after a couple of years, if I understood Mark correctly.

The issue here is identity theft, more than anything.  Some folks are
trying to raise questions about grex's propriety, but I think that's a
non-issue.  It's clear that grex isn't interested in ``tracking'' people
so much as being able to tell a cop or fed, ``Joe Smith is a member;
here's a copy of his driver's license that he sent us.''  However, it's
a fact of probability theory that the longer grex retains that data, the
greater the chance that someone might be able to steal it.  It's another
fact that grex might be retaining more data than it needs; I don't see how
you need anything other than a name, address, and maybe a phone number.
A sufficient argument that more is required hasn't been made, either.

Unfortunately, identity theft is real, and a serious problem.  Ask anyone
who's ever had their social security card stolen.

I don't think that anyone is arguing gthat grex doesn't need to know
who its users *are*, but what's in question is the manner in which grex
finds that out, and then what they do with it, and when they get rid
of it.  Six months I can see.  But two years?  Come on.

ps- it's been stated that only one person has access to the ID data: the
treasurer.  However, that position turns over periodically, presumably
the data migrates along with the position, so it's not strictly true
that only one person can see it.  Rather, only one position within the
corporation is authorized to see it.

response 98 of 118:

Sep 6 21:18 UTC 2002

I agree, Mark's job should be simple and painless with little effort as
possible.  It's also the reason I'm posing questions..not to make any red
herrings, but just to see where the buck stops. ;)