Post Ident / Post Brief
As there are legal prohibitions in place which prevent german nationals (and possibly other countries) from photocopying their passports, would it be possible for the RIPE NCC to give an opinion on whether Post Ident would be acceptable as an alternative to photocopying passports / driving licenses / etc for PI address applications? Post Ident is considered to be suitable identity certification from the point of view of the german money laundering act. Nick
Yes, please. Unless you are a government organ which is allowed to establish identity (police etc) you must not require copies of id. Richard Sent by mobile; excuse my brevity.
On Sat, Feb 22, 2014 at 08:58:31PM +0000, Nick Hilliard wrote:
As there are legal prohibitions in place which prevent german nationals (and possibly other countries) from photocopying their passports, would it
it prevents third parties from requesting the copy. Same result, different story. -Peter
They can request, but not demand. I just read the internal legal analysis of a fortune 500 this Friday. Richard Sent by mobile; excuse my brevity. On Feb 22, 2014 11:18 PM, "Peter Koch" <pk@denic.de> wrote:
On Sat, Feb 22, 2014 at 08:58:31PM +0000, Nick Hilliard wrote:
As there are legal prohibitions in place which prevent german nationals (and possibly other countries) from photocopying their passports, would it
it prevents third parties from requesting the copy. Same result, different story.
-Peter
Dear Nick, all, The main goal of the RIPE NCC in this regard is to ensure that the RIPE NCC registration data is correct and up to date. For this reason, we perform due diligence checks on legal and natural persons the RIPE NCC registers Internet number resources for. For these checks, the RIPE NCC only accepts confirmation of identification that is issued by national authorities (such as the police, the notary, the municipality, etc). Postident is issued by Deutsche Post AG, a private company, so we are unable to accept it. If a natural person wants to register Internet number resources by signing a contract with either the RIPE NCC or a sponsoring LIR, the RIPE NCC accepts the following proof of identification: - National identification card or passport - Valid driving license with photo - Birth certificate issued by the relevant municipality, notary declaration proving the existence of the person, etc. These options are outlined in the RIPE NCC procedural document “Due Diligence for the Quality of the RIPE NCC Registration Data”, which is available at: http://www.ripe.net/ripe/docs/ripe-556 We believe these options cover situations where the natural persons do not want to provide their identification card or passport. The RIPE NCC is committed to protecting all personal information in accordance with its Privacy Statement: http://www.ripe.net/lir-services/ncc/legal/ripe-ncc-privacy-statement If you have any further questions, please contact me. Kind regards, Athina Fragkouli Legal Counsel RIPE NCC On 2/22/14 11:49 PM, Richard Hartmann wrote:
They can request, but not demand.
I just read the internal legal analysis of a fortune 500 this Friday.
Richard
Sent by mobile; excuse my brevity.
On Feb 22, 2014 11:18 PM, "Peter Koch" <pk@denic.de <mailto:pk@denic.de>> wrote:
On Sat, Feb 22, 2014 at 08:58:31PM +0000, Nick Hilliard wrote: > As there are legal prohibitions in place which prevent german nationals > (and possibly other countries) from photocopying their passports, would it
it prevents third parties from requesting the copy. Same result, different story.
-Peter
Hi, On Tue, Feb 25, 2014 at 04:03:40PM +0100, Athina Fragkouli wrote:
These options are outlined in the RIPE NCC procedural document ???Due Diligence for the Quality of the RIPE NCC Registration Data???, which is available at: http://www.ripe.net/ripe/docs/ripe-556
We believe these options cover situations where the natural persons do not want to provide their identification card or passport.
Well. Since this is procedures and not policy, we have no formal authority over this - OTOH, I think I'm not alone when I have the feeling that this exceeds the requirements of the policy by far. I can see the wish for such a strong requirements for end users that become direct access users (DAU) with the RIPE NCC, but that category was discontinued anyway. For normal end users, the policy requires "a contract with a sponsoring LIR", and I think it should be fully sufficient to leave questions of identity validation for natural persons to the LIR in question. Like "I know this person personally, I'm fine with doing business with him", that should be good enough for the NCC as well - after all, the whole idea of the "sponsoring LIR" construct is that the NCC has a trusted intermediate, and the end user does not have to deal with the NCC. Of course I can't decide anything what the NCC will do or not do, but what I *can* do is put this on the next meeting's APWG agenda, to discuss what requirements for ID validation the community mandates. The NCC should not gratiously exceed the bureaucracy demanded from it. Gert Doering -- APWG chair -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On Tue, Feb 25, 2014 at 7:55 PM, Gert Doering <gert@space.net> wrote:
I can see the wish for such a strong requirements for end users that become direct access users (DAU) with the RIPE NCC, but that category was discontinued anyway.
Even if there's a need for strong identification, we are left with one of three * a demand which is illegal under German law (IANAL) * a valid approach for anyone who has a driver's license * an extremely over-the-top approach which puts undue burden on people whereas even German banks are OK with Postident. Arguably, banks need a higher level of security than RIPE NCC. I fail to see why RIPE NCC is unable to survey commonly and legally accepted means of establishing identity among the member states and use those existing mechanisms. This would seem to the be the prudent approach to take.
The NCC should not gratiously exceed the bureaucracy demanded from it.
Agreed. Richard
Dear Athina, all - On 25.02.2014 20:36, Richard Hartmann wrote:
Even if there's a need for strong identification, we are left with one of three
* a demand which is illegal under German law (IANAL) * a valid approach for anyone who has a driver's license * an extremely over-the-top approach which puts undue burden on people
whereas even German banks are OK with Postident. Arguably, banks need a higher level of security than RIPE NCC.
I fail to see why RIPE NCC is unable to survey commonly and legally accepted means of establishing identity among the member states and use those existing mechanisms. This would seem to the be the prudent approach to take.
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks. Best, -C.
Hi everybody, I can’t agree. On 25 Feb 2014, at 23:07, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
in other words, what is good enough for transistrian/lebanese/BVI/iranian/somalian banks - should be good enough for the NCC? what data quality we are trying to achive? -- Sergey
On Tue, Feb 25, 2014 at 11:16:45PM +0100, Sergey Myasoedov wrote:
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
in other words, what is good enough for transistrian/lebanese/BVI/ iranian/somalian banks - should be good enough for the NCC? what data quality we are trying to achive?
As long as NCC has no way to verify wether the data on those "proof of identity" copies are actually authentic and current, there is no point in collecting all this sensitive personal data. The bad guys know how to photoshop AND make sure methods like noise distribution analysis etc. DON'T catch it. At least I try not to underestimate the blackhats. :) Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Dear Sergey, we were specifically debating the German PostIdent procedure - which is used by (almost?) all German direct/no branch offices/online banks. But AFAIK it is not restricted to German banks, non-German banks might be using it as well. As I am not sure about this - I do not have a non-German bank as an example at hand - I have put "German" in "()". Or shorter: security and trust lies with the process and provider of a service - and not with its users and/or customers. Best, -C. On 25.02.2014 23:16, Sergey Myasoedov wrote:
I can’t agree.
On 25 Feb 2014, at 23:07, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
in other words, what is good enough for transistrian/lebanese/BVI/iranian/somalian banks - should be good enough for the NCC? what data quality we are trying to achive?
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
in other words, what is good enough for transistrian/lebanese/BVI/iranian/somalian banks - should be good enough for the NCC? what data quality we are trying to achive?
I have to agree with Sergey. I have been through the hassle of getting married to a non-german. For a proof of authenticity of international documents they created the Apostille-agreement in the 1960s. It is enough for the Germans to accept e.g. a birth certificate from Mexico as valid. I could also e.g. request a registration confirmation (that shows my name, dob and home address) from the local authorities and then ask for an apostille to be glued on the document. It then shows that the document is legal and valid. But then, it is required to send by postal mail. And on top of that: not all countries joined the Apostille agreement and trust it mutually. Just because some German companies/banks have trust in PostIdent it does not mean the RIPE NCC should trust in all types of local stuff. Cheers! Sascha
On Tue, Feb 25, 2014 at 11:07:03PM +0100, Carsten Schiefner wrote:
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
German banks accept this even though they are required by money-laundering law to verify identity and have therefore a specific exemption from the no-copy law! rgds, Sascha Luck
On Tue, Feb 25, 2014 at 10:24:49PM +0000, Sascha Luck wrote:
money-laundering law to verify identity and have therefore a specific exemption from the no-copy law!
they don't, but that's a common misreading. At most they are allowed to copy the explicit data items they are obliged to collect - with the rest covered. </ot> My question is who is procedurally required to check the identity and to collect (and keep?) the data: the LIR or the NCC. The latter might not be immediately bound by the German law on identity cards. -Peter
On Wed, Feb 26, 2014 at 06:42:12AM +0100, Peter Koch wrote:
My question is who is procedurally required to check the identity and to collect (and keep?) the data: the LIR or the NCC. The latter might not be immediately bound by the German law on identity cards.
Doesn't matter. It's not the one asking for a copy who is in violation of PAuswG, but the one performing the scan/copy, so the resource holder. And again, the legal problem of copying personal ID in Germany is just a distraction from the actual problem, and this that is IMHO the missing trust of NCC in the sponsoring RIPE members to perform resource holder identity verification as well as storing sensitive data for questionable reasons. As far as I read the policy, the author intended the existence of the contract between the sponsoring LIR and the end user as sufficient to prove existence and continued existence of the end user. That should be enough for NCC, according to the policy. All further direct verification of end user identity by NCC is uncalled for, by this policy. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
A reality check and a question... I am wondering how German Citizens are dealing with the fact that *many* Hotels and other accomodation businesses *require* to take a copy of an official ID Document, in many cases due to local regulations to establish and track identity of travellers? Or is this law only applicable to German Citizens being physically present in Germany? Peter Koch wrote:
On Tue, Feb 25, 2014 at 10:24:49PM +0000, Sascha Luck wrote:
money-laundering law to verify identity and have therefore a specific exemption from the no-copy law!
they don't, but that's a common misreading. At most they are allowed to copy the explicit data items they are obliged to collect - with the rest covered. </ot>
My question is who is procedurally required to check the identity and to collect (and keep?) the data: the LIR or the NCC. The latter might not be immediately bound by the German law on identity cards.
I think we are mixing two things here: - the verification of identity (leading to a binary result) - keeping the stuff in a collection, instead of destroying the input data
-Peter
And lastly, just as an observation, the service area of the NCC is pretty much bigger than Germany, the EU, the EECR, or whatever formal tag to use. So, opening the door to a special mechanism in Germany[1], involving a (now) private entity, may not be a good idea to begin with; maybe not even in Germany ;-) Wilfried. [1] I presume the special recognition of Deutsche Post is a remnant of the fact that in the past it was wholly owned and controlled by the state. Is this correct?
* Wilfried Woeber <Woeber@CC.UniVie.ac.at> [2014-02-26 12:39]:
A reality check and a question...
I am wondering how German Citizens are dealing with the fact that *many* Hotels and other accomodation businesses *require* to take a copy of an official ID Document, in many cases due to local regulations to establish and track identity of travellers?
Or is this law only applicable to German Citizens being physically present in Germany?
At least in Germany you can tell them that that would be breaking the law and refuse to hand over the document. Worked for me most of the time. Outside of Germany... not so much. I suspect many people aren't even aware that they're breaking the law. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
On 02/26/2014 12:38 PM, Wilfried Woeber wrote:
A reality check and a question...
I am wondering how German Citizens are dealing with the fact that *many* Hotels and other accomodation businesses *require* to take a copy of an official ID Document, in many cases due to local regulations to establish and track identity of travellers?
If a hotel wants to copy my ID I demand them to destroy it and to only check their form against the data in my ID. On more and more occasions I have a BDSG §5 compliant copy with me they can keep. Which is a photocopy but with data blacked out they don't need. -dominik
On Wed, Feb 26, 2014 at 12:38:01PM +0100, Wilfried Woeber wrote:
I am wondering how German Citizens are dealing with the fact that *many* Hotels and other accomodation businesses *require* to take a copy of an official ID Document, in many cases due to local regulations to establish and track identity of travellers?
Most Germans probably don't know that they violate the law when copying personal ID cards (not do most really care about data protection). I refuse to let people take copies of my ID card. I wasn't sent away yet in any hotel. Revenue trumps convenience (I never heard of any legislation requiring to take COPIES of ID cards... but some hotel receptions try to speed up filling out forms by just copying the ID card).
Or is this law only applicable to German Citizens being physically present in Germany?
I'm not aware of any such constraints, that would make no sense. And again: as personal ID copy is not the ONLY means NCC is "offering", it's a non-issue. Please please don't focus on this aspect, it's a non-problem. The real problem is the lack of alternatives that are compliant to data protection principles and not unduely burdensome. As some folks put it: we're not dealing with nuclear launch codes here. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
-----Original Message-----
I refuse to let people take copies of my ID card. I wasn't sent away yet in any hotel.
Just FYI, I have been. In Brussels.
On Fri, Feb 28, 2014 at 05:27:30PM +0000, Milton L Mueller wrote:
I refuse to let people take copies of my ID card. I wasn't sent away yet in any hotel.
Just FYI, I have been. In Brussels.
Let us know with whom not to make business with, thanks. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
* Wilfried Woeber wrote:
I am wondering how German Citizens are dealing with the fact that *many* Hotels and other accomodation businesses *require* to take a copy of an official ID Document, in many cases due to local regulations to establish and track identity of travellers?
I do clearly state that they are allowed to check the id card, but not to copy it or store it away. Even in USA I did not have any problems with it (despite immigration services at LAX). Oh, there is one exeption. I asked the German Bundestag (which take your ID card away if you enter the buildings) how they fullfil this (new) law, because I was invited to a working group there. It took a week for a formal response claiming that the German Bundestag is not covered by the audience of this law. Brilliant!
Or is this law only applicable to German Citizens being physically present in Germany?
No.
On 25 Feb 2014, at 22:07, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
The problem with that Carsten is it doesn't scale. What's good enough to open a bank account in Germany might not be good enough to open one elsewhere. Or vice versa. It will be verging on the impossible for the NCC to keep track of all that across the NCC's service region and navigate a path through that maze which is compatible with national law across every jurisdiction. Assuming that "whatever's good enough for a bank account" is or should be the criteria to apply here seems disproportionate and unreasonable too. I'm not sure there's a justifiable case for the NCC to hold copies of passports and what have you AT ALL. Or verifying the bona fides of those documents either. It seems to me that it should be good enough for the NCC to know that some chunk of number resources were allocated to an individual called Mickey Mouse of Eurodisney and not a Donald Duck (say) at the same postal address. In other words, the NCC has a very strong certainty of knowing which resources were allocated to whom but it doesn't need to have the same degree of certainty that the resource holder is who they claim to be. IMO all that matters should be the NCC can establish which M. Mouse really is the resource holder, regardless of what names and numbers are on the official identity documents for whoever claims to be that M. Mouse, assuming such documents exist and are genuine. That would appear to be just a variation on the problem of dealing with number resources that were allocated to long-dead LIRs or others that no longer have timely, accurate database entries. PS: Apologies for using a meaningful Subject: header.
Hi Jim, On 25.02.2014 23:49, Jim Reid wrote:
On 25 Feb 2014, at 22:07, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
The problem with that Carsten is it doesn't scale. What's good enough to open a bank account in Germany might not be good enough to open one elsewhere. Or vice versa. It will be verging on the impossible for the NCC to keep track of all that across the NCC's service region and navigate a path through that maze which is compatible with national law across every jurisdiction.
Assuming that "whatever's good enough for a bank account" is or should be the criteria to apply here seems disproportionate and unreasonable too.
fair point. I am not advocating PostIdent as *THE* means of identification - just saying that it is even used by German banks. So it appears to be fair to assume that it meets some certain requirements. Whether it also would help serving the NCC's objectives is another question.
I'm not sure there's a justifiable case for the NCC to hold copies of passports and what have you AT ALL. Or verifying the bona fides of those documents either.
It seems to me that it should be good enough for the NCC to know that some chunk of number resources were allocated to an individual called Mickey Mouse of Eurodisney and not a Donald Duck (say) at the same postal address. [...]
I have a certain feeling that this echos a bit the discussion we are currently having in the gTLD world when it comes to validation and verification duties of ICANN accredited registrars according to the RAA 2013.
PS: Apologies for using a meaningful Subject: header.
You are forgiven! ;-b Best, -C.
Dear address-policy-wg, Jim, On 02/25/2014 11:49 PM, Jim Reid wrote:
On 25 Feb 2014, at 22:07, Carsten Schiefner <ripe-wgs.cs@schiefner.de> wrote:
what Richard said: what is good enough for (German) banks to e.g. open an account, should be sufficient for the NCC as well, me thinks.
The problem with that Carsten is it doesn't scale. What's good enough to open a bank account in Germany might not be good enough to open one elsewhere. Or vice versa. It will be verging on the impossible for the NCC to keep track of all that across the NCC's service region and navigate a path through that maze which is compatible with national law across every jurisdiction.
Assuming that "whatever's good enough for a bank account" is or should be the criteria to apply here seems disproportionate and unreasonable too.
I'm not sure there's a justifiable case for the NCC to hold copies of passports and what have you AT ALL. Or verifying the bona fides of those documents either.
It seems to me that it should be good enough for the NCC to know that some chunk of number resources were allocated to an individual called Mickey Mouse of Eurodisney and not a Donald Duck (say) at the same postal address. In other words, the NCC has a very strong certainty of knowing which resources were allocated to whom but it doesn't need to have the same degree of certainty that the resource holder is who they claim to be. IMO all that matters should be the NCC can establish which M. Mouse really is the resource holder, regardless of what names and numbers are on the official identity documents for whoever claims to be that M. Mouse, assuming such documents exist and are genuine. That would appear to be just a variation on the problem of dealing with number resources that were allocated to long-dead LIRs or others that no longer have timely, accurate database entries.
PS: Apologies for using a meaningful Subject: header.
There was a time when the last 'R' in 'RIR' stood for 'Registry', and as such the function of RIPE NCC was not profoundly different from the function of a wedding gift registry - convenient means to reduce the embarrassment of a household opening two packages containing two identical toasters when unwrapping gifts. Today, the last 'R' in 'RIR' is silent, and appears in the minds of some to have been replaced with 'A' for 'Authority'. This is an unfortunate, and I believe, largely unintended development. It appears to me from Nick's last e-mail that there is an idea circulating out there that the current operational practice is the consequence of attempting to fulfill a set of criteria which is necessary to give some legal weight to the process of resource certification, as an obvious and logical extension of the RPKI efforts. I don't see any benefit to the RIPE NCC drowning in an escalating bureaucratic horror conjured out of externally placed requirements (whether they are borrowed from the EU e-Commerce directive, or elsewhere), performing mysterious document authentication rituals for the purpose of issuing a certificate of dubious worth, but which in turn is fully compliant with some external set of legal requirements. Wearing my professional hat for a moment, I certainly am not paying LIR fees to subsidize the transition of the RIPE NCC into the next VeriSign or Thawte as a general purpose certificate authority, subject to all the environmental pressures such authorities find themselves exposed to. To me, RPKI, if done at all (and that is a big "if"), is a technical solution; The "strength" of the input, in terms of identity verification (and the operational procedures which are acceptable to that end) are to be determined ad-hoc by the community through the policy process, and strengthened or loosened as needed to meet policy goals. We need to stop and consider if RPKI, by necessity, indeed requires a transition from Internet "Registries" to Internet "Authorities", with all that entails - and if this is something we are willing to embrace. This isn't an introduction of a new service into a RIR's catalog, this is a paradigm shift. One which we need to concretely address in order to be able to hold a meaningful discussion as to which operational practices are or aren't necessary, and toward what goal.
David Monosov wrote: [...] First of all, I appreciate your thoughtful comments, as they touch on a couple of issues I'm having with RPKI (and some others)! A few comments from my end in-line.
There was a time when the last 'R' in 'RIR' stood for 'Registry', and as such the function of RIPE NCC was not profoundly different from the function of a wedding gift registry - convenient means to reduce the embarrassment of a household opening two packages containing two identical toasters when unwrapping gifts.
Today, the last 'R' in 'RIR' is silent, and appears in the minds of some to have been replaced with 'A' for 'Authority'. This is an unfortunate, and I believe, largely unintended development.
Well, at some point in time the AA community started to flock together, to point fingers at the NCC, for doing *too little* checking, and so on.
It appears to me from Nick's last e-mail that there is an idea circulating out there that the current operational practice is the consequence of attempting to fulfill a set of criteria which is necessary to give some legal weight to the process of resource certification, as an obvious and logical extension of the RPKI efforts.
Well, yes, and in some countries (I don't know about the NL, though!) there is law which requires any organisation issuing digital certificates, or using digital sigantures for business porposes, to adhere to (rather strict) boundary conditions.
I don't see any benefit to the RIPE NCC drowning in an escalating bureaucratic horror conjured out of externally placed requirements (whether they are borrowed from the EU e-Commerce directive, or elsewhere), performing mysterious document authentication rituals for the purpose of issuing a certificate of dubious worth, but which in turn is fully compliant with some external set of legal requirements.
Unfortunately, the times where "we" could play while ignoring the legal environment has pretty much gone by :-(
Wearing my professional hat for a moment, I certainly am not paying LIR fees to subsidize the transition of the RIPE NCC into the next VeriSign or Thawte as a general purpose certificate authority, subject to all the environmental pressures such authorities find themselves exposed to.
This is an aspect I'd like to factor out into the separate discussion on the function (and including the credibility) of a Sponsoring LIR. IMHO there's room for improvement here.
To me, RPKI, if done at all (and that is a big "if"), is a technical solution; The "strength" of the input, in terms of identity verification (and the operational procedures which are acceptable to that end) are to be determined ad-hoc by the community through the policy process, and strengthened or loosened as needed to meet policy goals.
We need to stop and consider if RPKI, by necessity, indeed requires a transition from Internet "Registries" to Internet "Authorities", with all that entails -
I think thre's a good reason why the "A" in CA and RA stands for "Authority". If we "just" want a CR adn a RR, then I guess we alreday do have that in place?
and if this is something we are willing to embrace. This isn't an introduction of a new service into a RIR's catalog, this is a paradigm shift. One which we need to concretely address in order to be able to hold a meaningful discussion as to which operational practices are or aren't necessary, and toward what goal.
Wilfried.
On Tue, Feb 25, 2014 at 10:49:51PM +0000, Jim Reid wrote:
It will be verging on the impossible for the NCC to keep track of all that across the NCC's service region and navigate a path through that maze which is compatible with national law across every jurisdiction.
Hey, they even manage to verify the authenticity of personal ID, passport or driving license copies submitted to them, together with the personal data and photo on them! Given the amount of service area states this is quite an achievement. I have no clue how they do it (curious mind wants to know), but it seems you're underestimating NCC. :-) BTW, NCC already does "special hacks" for certainly countries, IIRC it had to do with LIR membership in some eastern service area states. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Hi,
I'm not sure there's a justifiable case for the NCC to hold copies of passports and what have you AT ALL. Or verifying the bona fides of those documents either.
Before we get lost in possible ways of determining the identity of a person let's go back to the policy text. The following text is from RIPE-452: "The intention of this policy document is to ensure that the RIPE NCC, as the intermediate manager of provider independent resource assignments to End Users, can confirm that the End User exists, continues to exist and that they continue to fulfil their obligations to comply with the original assignment conditions. This position can be ensured by the presence of either an indirect or a direct contractual link between the End User and the RIPE NCC." and "The preferred model of the RIPE community is for End Users to have contractual relationship with a sponsoring LIR instead of directly with the RIPE NCC." My personal interpretation of RIPE-452 is that an End User having a contract with a sponsoring LIR satisfies the policy. The NCC verifying that the contract is in place by asking a copy of the contract from the Sponsoring LIR seems reasonable, but the NCC requiring a copy of identification papers seems to go beyond what the policy text says. As several people have already stated the NCC cannot verify the accuracy of that copy anyway. I could make a photocopy of my sister's passport and request resources in her name, and the NCC cannot know that I don't look like the picture on the passport. Even more interesting, this example on the website of the Dutch Ministry of Internal Affairs still seems valid if you don't look too closely at the social security number :-) https://www.bprbzk.nl/Reisdocumenten/Echtheidskenmerken/Model_2011/Nederland.... Or maybe this one: http://glmb1949.webs.com/Dibujo.JPG. Google knows a lot of passports :) Looking at "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data": that directive states that personal data must be "adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed". I think the example given above already violates the first word: 'adequate'. The NCC has no way of verifying that the copy of the ID belongs to the person requesting the resources, so the personal data is not adequate for the purpose. Only the LIR can be in the position to verify the identity of the person requesting the resources, so the NCC has no choice but to rely on the LIR to do a proper job. If the NCC cannot rely on this then maybe that part of the chain should get fixed/strengthened. The NCC having a copy of some ID only seems to provide a fake level of certainty as far as I can see... So, now, a question to the working group: as this is the address policy working group, is the current policy what we want? Should it indeed be interpreted as 'the Sponsoring LIR verifies the identity of the End User, not the NCC' or is my interpretation of the English language a bit off here? If it turns out that we do want the NCC to play an active role in verifying the identities of End Users, then we can look at how to adjust the policy to clearly state that and work together with the NCC to look for viable solutions to that problem. But I think we should first determine if there is a problem to be solved. Thanks, Sander
Dear address-policy-wg, Gert, On 02/25/2014 07:55 PM, Gert Doering wrote:
Hi,
On Tue, Feb 25, 2014 at 04:03:40PM +0100, Athina Fragkouli wrote:
These options are outlined in the RIPE NCC procedural document ???Due Diligence for the Quality of the RIPE NCC Registration Data???, which is available at: http://www.ripe.net/ripe/docs/ripe-556
We believe these options cover situations where the natural persons do not want to provide their identification card or passport.
Of course I can't decide anything what the NCC will do or not do, but what I *can* do is put this on the next meeting's APWG agenda, to discuss what requirements for ID validation the community mandates. The NCC should not gratiously exceed the bureaucracy demanded from it.
Please do so. A specific policy may be required to address and define the exact scope of these efforts, since current operational efforts don't seem to be aligned with the community's vision on this matter. This is an issue I've heard many battle stories about, and came across multiple times myself. There is an issue with both the excessive burden placed on individuals, as well as a related issue with pseudo-arbitrary interpretation of certain forms of business registration in some jurisdictions. Several colleagues have encountered some inconsistency in the context of d/b/a (doing business as) registration equivalents and sole proprietorships which in some instances resulted in the resources becoming successfully registered on the d/b/a trade name, while in others the NCC insisted on registering resources on the sole proprietor's own name, or a combination of both. It's outstanding that the RIPE NCC has taken it upon itself to fulfill the community's wishes as set forth in 2007-01 with utmost care and competence, but I have sincere doubts that the people who championed 2007-01 envisioned it as means of turning the NCC into a databank of personal identity documents. -- Respectfully yours, David Monosov
On 25/02/2014 21:34, David Monosov wrote:
It's outstanding that the RIPE NCC has taken it upon itself to fulfill the community's wishes as set forth in 2007-01 with utmost care and competence, but I have sincere doubts that the people who championed 2007-01 envisioned it as means of turning the NCC into a databank of personal identity documents.
there are two separate issues to consider, firstly that the ripe ncc has a duty to authenticate PI holders to some degree of due diligence, and secondly how this is intertwined with the much more stringent legal requirements of resource certification. I don't see any particular reason not to accept post ident (and similar authentication schemes with legal recognition in their own countries) for the purposes of assignment of resources. OTOH I could see how the ripe ncc would have trouble making a claim of certification without unambiguous formal legal authentication via e.g. photocopies of ID documents, notarised endorsements, etc. Nick
there are two separate issues to consider, firstly that the ripe ncc has a duty to authenticate PI holders to some degree of due diligence, and secondly how this is intertwined with the much more stringent legal requirements of resource certification.
Why are those requirements much more stringent? Alex
Hi, the bigger issue I see with this change is, that there is no RIPE-area-wide common post-ident. For the German Post-Ident it is the requestor of identification who is in charge to initiate the post-ident process and who is in charge to match the token returned to the right customer. Even the name of the identified person is not necessarily given on the confirmation receipt. As I think there are at least a dozen of different identification services, each of them in the individual country "well accepted", I think that the implementation of such service would lead to a big workload for the RIPE-staff. BR Jens On 25. Februar 2014 22:54:00 MEZ, Nick Hilliard <nick@inex.ie> wrote: On 25/02/2014 21:34, David Monosov wrote: It's outstanding that the RIPE NCC has taken it upon itself to fulfill the community's wishes as set forth in 2007-01 with utmost care and competence, but I have sincere doubts that the people who championed 2007-01 envisioned it as means of turning the NCC into a databank of personal identity documents. there are two separate issues to consider, firstly that the ripe ncc has a duty to authenticate PI holders to some degree of due diligence, and secondly how this is intertwined with the much more stringent legal requirements of resource certification. I don't see any particular reason not to accept post ident (and similar authentication schemes with legal recognition in their own countries) for the purposes of assignment of resources. OTOH I could see how the ripe ncc would have trouble making a claim of certification without unambiguous formal legal authentication via e.g. photocopies of ID documents, notarised endorsements, etc. Nick !DSPAM:637,530d1132149033975113532! -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. -- Opteamax GmbH - RIPE-Team Jens Ott Opteamax GmbH Simrockstr. 4b 53619 Rheinbreitbach Tel.: +49 2224 969500 Fax: +49 2224 97691059 Email: jo@opteamax.de HRB: 23144, Amtsgericht Montabaur Umsatzsteuer-ID.: DE264133989
On Tue, Feb 25, 2014 at 07:55:58PM +0100, Gert Doering wrote:
Well. Since this is procedures and not policy, we have no formal authority over this - OTOH, I think I'm not alone when I have the feeling that this exceeds the requirements of the policy by far.
+1
For normal end users, the policy requires "a contract with a sponsoring LIR", and I think it should be fully sufficient to leave questions of identity validation for natural persons to the LIR in question. Like "I know this person personally, I'm fine with doing business with him", that should be good enough for the NCC as well - after all, the whole idea of the "sponsoring LIR" construct is that the NCC has a trusted intermediate, and the end user does not have to deal with the NCC.
Strong ACK. Unfortunately, as far as I can see, NCC doesn't trust the RIPE membership to vouch for their customer's identities. And as far as I'm being told, there are a good number of examples that actually fuel NCC's distrust. Nevertheless, I think the current Due Dilligence process is far overreaching. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
* Daniel Roesen <dr@cluenet.de> [2014-02-25 23:39]:
For normal end users, the policy requires "a contract with a sponsoring LIR", and I think it should be fully sufficient to leave questions of identity validation for natural persons to the LIR in question. Like "I know this person personally, I'm fine with doing business with him", that should be good enough for the NCC as well - after all, the whole idea of the "sponsoring LIR" construct is that the NCC has a trusted intermediate, and the end user does not have to deal with the NCC.
Strong ACK. Unfortunately, as far as I can see, NCC doesn't trust the RIPE membership to vouch for their customer's identities. And as far as I'm being told, there are a good number of examples that actually fuel NCC's distrust. Nevertheless, I think the current Due Dilligence process is far overreaching.
I agree with the NCC in regards of "not trusting an LIR". Becoming an LIR is easy (money wise and procedure wise) and does not imply a high value of trust for the LIR. We don't have this problem at the moment as all of our customers are companies and there is no problem with sending the company registration papers. I'm not sure if there is a good solution for all the countrys the NCC is providing service for. Still at least for Germany the NCC should find another way instead of requiring people to break the law. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
I agree with the NCC in regards of "not trusting an LIR". Becoming an LIR is easy (money wise and procedure wise) and does not imply a high value of trust for the LIR.
I'm really conflicted over this, why *don't* we trust the LIRs, after all, they are our agents, our hands and eyes in the registry. I understand there are low barriers to entry, but perhaps this is an opportunity to direct vetting efforts toward the LIR and not the End User. Dave.
Hi all, On 26.02.2014 12:40, Sebastian Wiesinger wrote:
I agree with the NCC in regards of "not trusting an LIR". Becoming an LIR is easy (money wise and procedure wise) and does not imply a high value of trust for the LIR.
But then we should preferably think about how to make LIRs more trustable ... IMHO the hierarchy of internet-number-assignment is intended to make the processes more handleable ... if the RIR does not trust his LIRs, what is the RIR for? Then we'd only need one world-wide registry (so probably ICANN) and they have to validate stuff... or we think about trusting the LIR (and maybe even make a withdrawal of resources extremely expensive for the LIR if he did not fullfill his obligations) and make it easy and possible to fullfill all regional (in this case countrywise) requirements all over the RIPE region. Correct me if I'm wrong, but I understand this as the reason for having LOCAL internet registries! BR Jens -- Opteamax GmbH - RIPE-Team Jens Ott Opteamax GmbH Simrockstr. 4b 53619 Rheinbreitbach Tel.: +49 2224 969500 Fax: +49 2224 97691059 Email: jo@opteamax.de HRB: 23144, Amtsgericht Montabaur Umsatzsteuer-ID.: DE264133989
On Wed, 26 Feb 2014, Opteamax GmbH wrote:
Hi all,
On 26.02.2014 12:40, Sebastian Wiesinger wrote:
I agree with the NCC in regards of "not trusting an LIR". Becoming an LIR is easy (money wise and procedure wise) and does not imply a high value of trust for the LIR.
But then we should preferably think about how to make LIRs more trustable ... IMHO the hierarchy of internet-number-assignment is intended to make the processes more handleable ... if the RIR does not trust his LIRs, what is the RIR for? Then we'd only need one world-wide registry (so probably ICANN) and they have to validate stuff... or we think about trusting the LIR (and maybe even make a withdrawal of resources extremely expensive for the LIR if he did not fullfill his obligations) and make it easy and possible to fullfill all regional (in this case countrywise) requirements all over the RIPE region.
Correct me if I'm wrong, but I understand this as the reason for having LOCAL internet registries!
Absolutely. And RIPE still has about 10000 members so the NCC probably has some work to do just keeping track of the membership. I am in favour of this trust chain model. If the trust is misused, then the trust as well as resources may be revoked. Best Regards, Daniel Stolpe _________________________________________________________________________________ Daniel Stolpe Tel: 08 - 688 11 81 stolpe@resilans.se Resilans AB Fax: 08 - 55 00 21 63 http://www.resilans.se/ Box 45 094 556741-1193 104 30 Stockholm
* Sebastian Wiesinger
* Daniel Roesen <dr@cluenet.de> [2014-02-25 23:39]:
Strong ACK. Unfortunately, as far as I can see, NCC doesn't trust the RIPE membership to vouch for their customer's identities. And as far as I'm being told, there are a good number of examples that actually fuel NCC's distrust. Nevertheless, I think the current Due Dilligence process is far overreaching.
I agree with the NCC in regards of "not trusting an LIR".
Several NCC folks have told me that one of the things that you learn in the "welcome as an NCC employee" introduction is that the RIPE NCC is indeed an organisation based on trust in its membership and the community it serves. Which is a Good Thing; if it did not I do not quite see how it could justify its very existence. That said, I believe that if you truly do prefer to be a member of an RIR that doesn't trust you, more suitable alternatives than the NCC exist. Tore (without any informed opinion regarding German privacy laws)
On Wed, Feb 26, 2014 at 12:40:10PM +0100, Sebastian Wiesinger wrote:
Still at least for Germany the NCC should find another way instead of requiring people to break the law.
NCC doesn't REQUIRE people to break the law. But the alternatives still violate data protection principles and/or place (IMHO) undue burden on resource holders. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Dear Athina, On Tue, 25 Feb 2014 16:03:40 +0100 Athina Fragkouli <athina.fragkouli@ripe.net> wrote:
police, the notary, the municipality, etc). Postident is issued by Deutsche Post AG, a private company, so we are unable to accept it.
It is not a means of identification that is issued, such as an id card, but a standardized and widely used verification process. This process is designed to accommodate national legal restrictions as concerns the copying of identification documents. The process is invoked by the entity that wishes a confirmation of identity. Upon such a request a token is provided by Deutsche Post AG to the person whose identity shall be validated. Said person hands the token and their ID to an employee of Deutsche Post AG or one of their subsidiaries in order to have the ID checked. If the ID is indeed valid and matches the credentials stated in the validation token a statement of confirmation is issued by Deutsche Post AG which sent back to the invoking entity.
If a natural person wants to register Internet number resources by signing a contract with either the RIPE NCC or a sponsoring LIR, the RIPE NCC accepts the following proof of identification: - National identification card or passport
...of which you can't - by German laws - demand a copy.
- Valid driving license with photo
Not every natural person is necessarily holding a drivers license.
- Birth certificate issued by the relevant municipality, notary declaration proving the existence of the person, etc.
That might work, however I fail to see the difference between a notary declaration of the existence and validity of a document and the postident-process. Granted... the German postal service (luckily?) has no notarial authority but postident is the next best thing and it is widely available.
We believe these options cover situations where the natural persons do not want to provide their identification card or passport.
It is not about not _wanting_ to provide a copy... You are simply in violation of the law if you demand a copy of an official id. The only exemption from this law is §1 of the Geldwäschegesetz as laid out here: http://www.gesetze-im-internet.de/gwg_2008/__1.html Unless the NCC engages in banking activities (for which I fail to see even the chance of a consensus) copies of nationally issued id cards are off limits.
The RIPE NCC is committed to protecting all personal information in accordance with its Privacy Statement:
To the best of your abilities. Which is ok but does not matter here. It is not about people being concerned that their data might become unintendedly available to a wider audience due to negligence on the RIPE NCC's side, but compliance with local laws.
If you have any further questions, please contact me.
dito. I hope this clarifies the nature of the issue. There are also detailed WP:de articles about this topic for further reading: http://de.wikipedia.org/wiki/Identit%C3%A4tsfeststellung http://de.wikipedia.org/wiki/Legitimationspr%C3%BCfung http://de.wikipedia.org/wiki/Postident-Verfahren TL;DR: Unless you implement verification processes such as PostIdent or demand notarized declarations of the validity of identities instead of demanding copies of IDs you are in violation of German law. Please keep us updated about changes in your verification procedures for German citizens and the status of compliance with German laws. As Gert pointed out, the process just applys to DAUs, which is a category that's going to disappear. I hope this matter will resolve itself thusly anyway. Kind regards, Michael p.s. just looked up the exact legal norms for your convenience: §14 and § 20 paragraph 1 Personalausweisgesetz http://www.gesetze-im-internet.de/pauswg/BJNR134610009.html original precedent at the Verwaltungsgericht Hannover, 10. Kammer, Urteil vom 28.11.2013, 10 A 5342/11: http://www.rechtsprechung.niedersachsen.de/jportal/portal/page/bsndprod.psml?doc.id=JURE140002005&st=null&showdoccase=1 summary of the case 10 A 5342/11: http://www.verwaltungsgericht-hannover.niedersachsen.de/portal/live.php?navigation_id=19421&article_id=120077&_psmand=126Legal
On Tue, Feb 25, 2014 at 08:50:42PM +0100, Michael Horn wrote:
- Birth certificate issued by the relevant municipality, notary declaration proving the existence of the person, etc.
That might work, however I fail to see the difference between a notary declaration of the existence and validity of a document and the postident-process. Granted... the German postal service (luckily?) has no notarial authority but postident is the next best thing and it is widely available.
Moreover, the security of a birth cert is questionable, to say the least. Birt certs are public information in many jurisdictions, for example I should be able to get a copy of anyone's birth certificate here, with little effort. My point here is that the End User is applying for IP addresses or ASNs, not a large mortgage or the nuclear launch codes. The bureaucratic effort neccessary should be *proportional* to the goal. The NCC has the authority to de-register resources anyway, should an identity prove to be fraudulent after the fact. rgds, Sascha Luck
On Tue, Feb 25, 2014 at 08:50:42PM +0100, Michael Horn wrote:
We believe these options cover situations where the natural persons do not want to provide their identification card or passport.
It is not about not _wanting_ to provide a copy... You are simply in violation of the law if you demand a copy of an official id.
NCC doesn't care about German law, otherwise it would also have to abide to german data protection laws. But a German copying his/her personal ID is certainly violating the law. BTW, this is only true for personal ID card (Personalausweis) and possibly passport, but not for e.g. driving license as far as I'm aware.
It is not about people being concerned that their data might become unintendedly available to a wider audience due to negligence on the RIPE NCC's side,
Wrong. At least for me, it's PRIMARILY about not spreading personal sensitive data to foreign organisations and companies without a factual need for that. Given that NCC cannot authenticate the personal data anyway, there is no point in collecting it for authentication reasons in the first place. This is a fundamental data protection principle in german law (which again, NCC doesn't have to abide to as far as I understand - IANAL): <german> Datenschutz beginnt mit Datenvermeidung </german> (data protection starts with preventing collection of data) To illustrate my point: Just today I phoned the service desk of one of my banks to enquire about some credit card stuff. The only authentication requested from me was my account number (not really private data), my home address (public data, it's even in the RIPE DB) and my BIRTHDATE. And this is the second bank actually pulling off this stunt of using the birthdate as basically only means of caller identification. So, I really consider twice (and more) whom I give my birthdate, let alone other sensitive information. And certainly no photocopies of official ID papers. The fun thing is, NCC asks to TRUST THEM to keep sensitive personal data secure, but TRUSTS NOONE, even if multiple respected, well known members of the RIPE community in perfect standing, as well as the sponsoring LIR tell them they know the resource holder in person as well as having verified original personal ID. BTW, US companies also promise to keep your data secure and private. And then comes PATRIOT and FISA. Can't happen in NL? I wouldn't bet on that.
but compliance with local laws.
That's just one aspect of it, which can be circumvented as NCC correctly pointed out. But the alternatives offered won't fulfil data protection principles or place significant (and IMHO undue) burden on the resource holder (notary declaration will btw. also include sensitive personal data like birth date I fear, I'm about to inform myself about the details now). Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
On 26.02.2014 00:03, Daniel Roesen wrote:
The fun thing is, NCC asks to TRUST THEM to keep sensitive personal data secure, but TRUSTS NOONE, even if multiple respected, well known members of the RIPE community in perfect standing, as well as the sponsoring LIR tell them they know the resource holder in person as well as having verified original personal ID.
Exactly THAT is the point. What do we have LIRs for? And why are sponsoring LIRs needed for PI if they are not trusted by RIPE-NCC? IMHO it is LIR-Task to validate the identity, and that can be done personally and without copying. BR Jens Ott -- Opteamax GmbH - RIPE-Team Jens Ott Opteamax GmbH Simrockstr. 4b 53619 Rheinbreitbach Tel.: +49 2224 969500 Fax: +49 2224 97691059 Email: jo@opteamax.de HRB: 23144, Amtsgericht Montabaur Umsatzsteuer-ID.: DE264133989
* Daniel Roesen wrote:
But a German copying his/her personal ID is certainly violating the law.
Ack.
BTW, this is only true for personal ID card (Personalausweis) and possibly passport, but not for e.g. driving license as far as I'm aware.
You are right.
in the first place. This is a fundamental data protection principle in german law (which again, NCC doesn't have to abide to as far as I understand - IANAL):
<german> Datenschutz beginnt mit Datenvermeidung </german> (data protection starts with preventing collection of data)
It's also the common baseground for international data protection regulations. OTOH the Law Enforcement Agencies and Intellectual Property Lobbyists (at least at ICANN) are very very keen about collecting as accurate information as possible about everybody. The LEAs do know, that they do not have a chance against organized crime with this procedure. Organized crime does found and operate LIRs as well as registrars themself. So when dealing with such counterparts you are lost anyway. To summarize the point: I do understand the pressure RIPE NCC has to deal with. But they (and we all) have to fight those interests. There is not benefit in trading privacy for sercurity.
participants (24)
-
Alex Le Heux
-
Athina Fragkouli
-
Carsten Schiefner
-
Daniel Roesen
-
Daniel Stolpe
-
David Freedman
-
David Monosov
-
Dominik Bay
-
Gert Doering
-
Jim Reid
-
Lutz Donnerhacke
-
Michael Horn
-
Milton L Mueller
-
Nick Hilliard
-
Opteamax GmbH
-
Peter Koch
-
Richard Hartmann
-
Sander Steffann
-
Sascha E. Pollok
-
Sascha Luck
-
Sebastian Wiesinger
-
Sergey Myasoedov
-
Tore Anderson
-
Wilfried Woeber