On Wed, Feb 26, 2014 at 06:42:12AM +0100, Peter Koch wrote:
My question is who is procedurally required to check the identity and to collect (and keep?) the data: the LIR or the NCC. The latter might not be immediately bound by the German law on identity cards.
Doesn't matter. It's not the one asking for a copy who is in violation of PAuswG, but the one performing the scan/copy, so the resource holder. And again, the legal problem of copying personal ID in Germany is just a distraction from the actual problem, and this that is IMHO the missing trust of NCC in the sponsoring RIPE members to perform resource holder identity verification as well as storing sensitive data for questionable reasons. As far as I read the policy, the author intended the existence of the contract between the sponsoring LIR and the end user as sufficient to prove existence and continued existence of the end user. That should be enough for NCC, according to the policy. All further direct verification of end user identity by NCC is uncalled for, by this policy. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0