If I might interject, it seems that the sole purpose of the snail mail
described is to link a physical person to a login name in such a way
that there is some accountability for one's actions that is acceptable
to the organization. Is it really necessary to copy an identity
document? Could a document with a notary seal accomplish much the same
purpose without the need for a copy (and thus avoid possible legal
issues arising from making such a copy)?
We had similar identity concerns when CAcert <http://www.cacert.org/>
became intercontinental - originally one had to go through a somewhat
complicated process with two notarys, etc. to gain certain trust levels,
but as the project grew and the founders began to travel all over the
world it became possible to meet in person with an "Assurer" and present
one's identity documents (which were NOT copied) and thus gain points
towards becoming a trusted person to the certification authority (ie.
able to generate server keys chained to the CAcert organization's root
keys, etc.).
On 7/9/2011 4:45 AM, foundation-l-request(a)lists.wikimedia.org wrote:
I do think it is absolutely a problem when people on a
WMF-hosted wiki
are using an unofficial mechanism to demand copies of people's
passports.
Note that WMF does not allow local communities to do other things that
would violate the privacy policy, such as run Google Analytics, even
if the local community is all for it.
When passports are requested of people on the wiki, does the requester
stress that this is not WMF-official, not covered by the privacy
policy and there is no official oversight whatsoever of the mechanism?
It looks to me like Huib has alerted us to a potentially disastrous
privacy time bomb.