The only way I can think of for verifying identities like this is a credit check. For example, this service offered by Experian:

http://www.experian.co.uk/qas/qas-authenticate.html

I'm not sure what that would cost or what data protection restrictions there are on its use. On Nov 19, 2012 4:32 PM, "Katherine Bavage" < katherine.bavage@wikimedia.org.uk> wrote:

Hey Harry,

I'm not sure if ii) *is* easier. Compare the work of verifying members before every AGM and EGM or merely at the point of joining.

We don't really have formal check on membership at the moment - no applicant is asked to prove their residency at their address of that they have provided their real name.

In terms of Wikimedia U.K. as a company it is required to keep an accurate list of members addresses and names ( http://www.companylawsolutions.co.uk/topics/statutory_registers.shtml#Ins) (apologies if you knew that already) I don't think it's *required* to check validity of address. While, the legal view (on whether in creating a false membership invalidates any voting rights) will be informative, I'm still not seeing how that is material unless we have a mechanism for ID'ing false applications.

Therefore, I still think the key question is one of 'How should we check those members' names and addresses are valid' in a way that isn't too invasive, expensive or time consuming. No suggestions yet...

Kat

On 19 November 2012 15:19, Harry Burt harryaburt@gmail.com wrote:

...

Aren't there really two points here: (i) Should we enforce more checks on prospective members? (ii) Should we enforce more checks on members before we let them vote at AGMs, whether in person or by proxy?

I think the legal question is a good one. Are charities required to do neither/either/both? Legal issues aside, surely (ii) but not (i) is the easiest by quite a margin.

Harry

-- Harry Burt (User:Jarry1250)

On Mon, Nov 19, 2012 at 10:54 AM, Katherine Bavage < katherine.bavage@wikimedia.org.uk> wrote:

...

Hi All,

At the board meeting on Saturday a valid point was made that currently the verification process for membership applications doesn't really prove a barrier to fraudulent or duplicate applications.

I'd like to look at ways of improving this, so as we aim to expand our membership numbers we're also making sure fairness is enshrined in a checking process that means people can only have one vote.

If people pay their membership fee with Paypal, this isn't so much of a problem, as having a verified paypal account has already required this person to link their identity to their postal address - but we want to be as open as possible and so there will be people who give us 'a form and a fiver'.

What checking processes do we think would be acceptable without being invasive/onerous? At a basic level, we should be confirming that the applicant is the named person at the address given.

Please flag up concerns, suggestions for services or resources we can use, and so on. It may be that we can't completely eliminate the risk of fraudulent applications, but we can make it more difficult and provide a measure or reassurance that no individual has more power than any other by being able to vote twice etc .

Thanks!

-- *Katherine Bavage * *Fundraising Manager * *Wikimedia UK* +44 20 7065 0949

Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).

*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

-- *Katherine Bavage * *Fundraising Manager * *Wikimedia UK* +44 20 7065 0949

Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).

*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

Morning -

All members are voting members...unless I've missed something?

Yes, the credit checking thing occurred to me but seemed a little excessive - plus it would complicate our obligations in terms of possible data protection (if it was part managed by staff) or I suspect would be really expensive.

I suppose what we need to demonstrate is that, say 'Joe Bloggs' is a) Is who he says he is (proof of photo ID) and b) Lives at the address he says he does (utility bill? Electoral roll?). If people pay from a verified paypal account the need to check is superseded, because Paypal requires all this information.

Finally, not sure whether we are strictly legally obliged or not is the point - even if we aren't, 'should we put some safeguard against entryism/vote fraud in place' is the premise on which I've been asked to raise the issue.

Kat

On 19 November 2012 17:15, Harry Burt harryaburt@gmail.com wrote:

On Mon, Nov 19, 2012 at 4:32 PM, Katherine Bavage < katherine.bavage@wikimedia.org.uk> wrote:

...

Hey Harry,

I'm not sure if ii) *is* easier. Compare the work of verifying members before every AGM and EGM or merely at the point of joining.

We don't really have formal check on membership at the moment - no applicant is asked to prove their residency at their address of that they have provided their real name.

It depends, I suppose, on what kind of check you have in mind. I was imagining "show us proof of identity" (with a large burden on the information supplier) rather than a cheap automated check. By "cheap" I also mean monetarily: it's probably not a good use of WMUK money verifying the addresses of non-voting members if WMUK is not legally obliged to.

Harry (User:Jarry1250)

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

On 20/11/2012 11:30, Gordon Joly wrote:

On 20/11/12 10:37, Katherine Bavage wrote:

...

All members are voting members...unless I've missed something?

Indeed. Even Trustees get a vote!

Members' voting rights are enshrined into the (proforma) constitutions of bodies such as Industrial and Provident Societies (mutual societies).

http://www.legislation.gov.uk/ukpga/1965/12/contents

Or we could just look at our own constitution.

http://uk.wikimedia.org/wiki/Articles_of_Association#Votes_of_Members

KTC

Are you sure PayPal require that?? I have a verified PayPal account and it only involved confirming my bank account via a £1 payment... No Id needed :-)

Tom Morton

On 20 Nov 2012, at 10:37, Katherine Bavage < katherine.bavage@wikimedia.org.uk> wrote:

Morning -

All members are voting members...unless I've missed something?

Yes, the credit checking thing occurred to me but seemed a little excessive - plus it would complicate our obligations in terms of possible data protection (if it was part managed by staff) or I suspect would be really expensive.

I suppose what we need to demonstrate is that, say 'Joe Bloggs' is a) Is who he says he is (proof of photo ID) and b) Lives at the address he says he does (utility bill? Electoral roll?). If people pay from a verified paypal account the need to check is superseded, because Paypal requires all this information.

Finally, not sure whether we are strictly legally obliged or not is the point - even if we aren't, 'should we put some safeguard against entryism/vote fraud in place' is the premise on which I've been asked to raise the issue.

Kat

On 19 November 2012 17:15, Harry Burt harryaburt@gmail.com wrote:

On Mon, Nov 19, 2012 at 4:32 PM, Katherine Bavage < katherine.bavage@wikimedia.org.uk> wrote:

...

Hey Harry,

I'm not sure if ii) *is* easier. Compare the work of verifying members before every AGM and EGM or merely at the point of joining.

We don't really have formal check on membership at the moment - no applicant is asked to prove their residency at their address of that they have provided their real name.

It depends, I suppose, on what kind of check you have in mind. I was imagining "show us proof of identity" (with a large burden on the information supplier) rather than a cheap automated check. By "cheap" I also mean monetarily: it's probably not a good use of WMUK money verifying the addresses of non-voting members if WMUK is not legally obliged to.

Harry (User:Jarry1250)

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

On 20 November 2012 12:30, Gordon Joly gordon.joly@pobox.com wrote:

This is all a bit exclusive. Widening membership should not be down PayPal or electoral roll or having a bank account (since this would exclude people aged 17 years old and under).

You can have a bank account when under 18. I think my bank let me get my own account (rather than my mum having an account in my name) when I was 13. Obviously, you can't get any kind of credit facility (which includes standard debit cards), but that's not an issue for us.

On Nov 20, 2012 12:58 PM, "Damokos Bence" damokos.bence@wikimedia.hu wrote:

Sorry to chime in from outside, but why is checking the address so

important?

How many people in the UK do not have some form of government ID

(passport, drivers licence, etc., I know the UK is not big on ID cards)?

That's an impressive understatement!

On 20 November 2012 13:05, Gordon Joly gordon.joly@pobox.com wrote:

Aha. Seems there are accounts for the 11 to 15 age range (Barclays, Santander, etc)

But I think membership should be open to all..... id checks will exclude some.

As long as it is only a small number of members that can't be checked by whatever standard system we come up with, then they can be dealt with as special cases.

On Tue, Nov 20, 2012 at 12:33 PM, Thomas Dalton thomas.dalton@gmail.comwrote:

On 20 November 2012 10:37, Katherine Bavage katherine.bavage@wikimedia.org.uk wrote:

...

Morning -

All members are voting members...unless I've missed something?

I think Harry might have been distinguishing between members that do vote and members that don't, rather than members than *can* vote. Just like insurance companies only check your details when you try to make a claim, we could just check when people try to vote.

Indeed, although I'm not sure exactly what percentage of members choose to vote, and hence the scale of the efficiency.

Harry

-- Harry Burt (User:Jarry1250)

Bottom line for me is what is not working at the moment that we need to change? Our hope is to greatly grow our membership. Obviously there are risks but are they really huge? The more members we have the less the risk of cabals taking over.

On 20 November 2012 13:34, David Gerard dgerard@gmail.com wrote:

We can easily come up with all sorts of ways to make membership a massive pain in the arse. But what was the threat model again? And what's accepted practice - how do other UK charities deal with said threat model?

• d.

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

Katharine has already explained the threat: somebody registers multiply under different identities, or "banned" people register under false identities, and then uses votes to push a motion at and AGM or EGM or to push candidates onto the board of trustees.

We want people to become active members while keeping personal details private, and admit membership applications from people who are young, not on the electoral register etc.. We also want to run elections and votes in a way that are protected against this sort of threat, and to comply with the company law Katharine has cited. This is contradictory, so Wikimedia UK needs to decide what's more important, and if there are ways around like giving people a meaningful "membership" which isn't a membership in the terms of company law and so isn't subject to those regulations.

On 20 November 2012 13:34, David Gerard dgerard@gmail.com wrote:

We can easily come up with all sorts of ways to make membership a massive pain in the arse. But what was the threat model again? And what's accepted practice - how do other UK charities deal with said threat model?

• d.

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

Just in case anyone's wondering - the Board didn't discuss this issue at much length at the weekend, but the issue is certainly one to think about, and we asked Katherine to look into the subject.

I haven't yet mentioned my personal views based on my own experience. so here they are;

Personally I think the most sensible safeguards against 'entryism' is having a large and well-involved membership.

Another step some organisations take is to say that someone has to be a member for a certain length of time before conferring voting rights on them, though the only time I've seen this is enacted is when there have been serious problems with people joining to push particular agendas. (Also worth nothing that this in our case would need an amendment to the Articles.)

I'd also note that I've worked for several membership organisations and am a member of many more - none that I know of take any steps to verify memberships, even where someone is formally required to approve each member before admitting them. (And under what circumstances would we refuse membership? Not being on the electoral role doesn't mean someone doesn't exist...)

If we did do anything like this we would have to carefully consider whether the benefit in terms of preventing a potential, if somewhat hypothetical, democratic problem was actually bigger than any likely cost in terms of making it more difficult to join.

On 20/11/12 20:12, Chris Keating wrote:

Another step some organisations take is to say that someone has to be a member for a certain length of time before conferring voting rights on them, though the only time I've seen this is enacted is when there have been serious problems with people joining to push particular agendas. (Also worth nothing that this in our case would need an amendment to the Articles.)

I am reminded that we have an EGM in the pipeline to change (or not) the voting processes of AGMs.

Gordo

The Postcard idea is good, but remember that a postcard isn't in an envelope, so please don't print anything more on it than the minimum needed for us to know which postcards have come back - i.e. a membership number.

I would suggest that you also want something in the process to raise an alert when you have more than three members at an address, - this can of course be perfectly legit if the address is a University Hall of residence, but it can be a useful check.

WSC

On 22 November 2012 12:05, Katherine Bavage < katherine.bavage@wikimedia.org.uk> wrote:

Morning all,

So, I'm sensing that while there is some acceptance that a bit more gatekeeping may be warranted, we don't want anything heavy handed, and that verifying identity prior to voting each time isn't practicable.

How do we feel about Jon's suggestion of confirming address? I can easily set up a join process whereby:

1. Member indicates wanting to join by filling out application form

(online or paper) 2. Office logs application on Civi CRM and sends potential member a postcard and sticker in an envelope. Postcard has our freepost address on once side, and bullet points on the other side briefly explaining:

1. The membership approval process (some new members aren't always

clear on being approved and the delay until the next round of approvals by the board) 2. Signposting to our events page in the meantime 3. That returning the card is an effective declaration that their address and name as provided are genuine (and they will undertake to update us if this changes) 4. That if they have not applied for membership they should inform us of the error via email

3. Member receives postcard at genuine address if given. Enjoys sticker

(yay) and drops postcard into the post. 4. Office receives postcard, and marks address as verified against membership record.

The downside if this approach is we can't verify that a person's name is what they have declared it is. However, the upsides are having not only verified they live where they say they do, but this being at a minimal expense, and providing more information and an opportunity to engage them early in the process. Currently becoming a member can be a bit underwhelming.

Also, I should add, I strongly agree with the idea that the best overall way to combat the problem is to have a larger, more active membership, complemented by staff, Trustees and volunteers to continue to be alert to any unusual patterns of recruitment or behaviour in a new crop of unknown volunteers. I think this approach will add a layer of security to that however.

Katherine

On 21 November 2012 08:19, Gordon Joly gordon.joly@pobox.com wrote:

...

On 20/11/12 20:12, Chris Keating wrote:

...

Another step some organisations take is to say that someone has to be a member for a certain length of time before conferring voting rights on them, though the only time I've seen this is enacted is when there have been serious problems with people joining to push particular agendas. (Also worth nothing that this in our case would need an amendment to the Articles.)

I am reminded that we have an EGM in the pipeline to change (or not) the voting processes of AGMs.

Gordo

______________________________**_________________ Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/**mailman/listinfo/wikimediauk-lhttp://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

-- *Katherine Bavage * *Fundraising Manager * *Wikimedia UK* +44 20 7065 0949

Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).

*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

On 22 November 2012 14:12, Gordon Joly gordon.joly@pobox.com wrote:

Suppose a group with funds wish to influence a body. They pay for the membership fees (and a little on the side for goodwill). All these schemes will not uncover that scam.

Our threat model here is dedicated Internet trolls. They tend not to include winners at life, and aren't overflowing with surplus cash.

- d.

To reply to Harry's points:

(i) Should we enforce more checks on prospective members?

Yes, although "enforce" is the wrong word. Perhaps "check that they are real people who will support our objects and haven't given a fake address" would be a better way of putting it. We have a duty to ensure that the members of the charity are actual people, and not, for example, someone's cats who have a vote in order to swing elections one way or another.

(ii) Should we enforce more checks on members before we let them vote at AGMs, whether in person or by proxy?

No. Once a member, it's too late - you have the right to vote (even if you're a cat, I suspect). Checks really need to be done before members are approved.

Richard Symonds Wikimedia UK 0207 065 0992

Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).

*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*

On 19 November 2012 15:19, Harry Burt harryaburt@gmail.com wrote:

Aren't there really two points here: (i) Should we enforce more checks on prospective members? (ii) Should we enforce more checks on members before we let them vote at AGMs, whether in person or by proxy?

I think the legal question is a good one. Are charities required to do neither/either/both? Legal issues aside, surely (ii) but not (i) is the easiest by quite a margin.

Harry

-- Harry Burt (User:Jarry1250)

On Mon, Nov 19, 2012 at 10:54 AM, Katherine Bavage < katherine.bavage@wikimedia.org.uk> wrote:

...

Hi All,

At the board meeting on Saturday a valid point was made that currently the verification process for membership applications doesn't really prove a barrier to fraudulent or duplicate applications.

I'd like to look at ways of improving this, so as we aim to expand our membership numbers we're also making sure fairness is enshrined in a checking process that means people can only have one vote.

If people pay their membership fee with Paypal, this isn't so much of a problem, as having a verified paypal account has already required this person to link their identity to their postal address - but we want to be as open as possible and so there will be people who give us 'a form and a fiver'.

What checking processes do we think would be acceptable without being invasive/onerous? At a basic level, we should be confirming that the applicant is the named person at the address given.

Please flag up concerns, suggestions for services or resources we can use, and so on. It may be that we can't completely eliminate the risk of fraudulent applications, but we can make it more difficult and provide a measure or reassurance that no individual has more power than any other by being able to vote twice etc .

Thanks!

-- *Katherine Bavage * *Fundraising Manager * *Wikimedia UK* +44 20 7065 0949

Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).

*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

---

Wikimedia UK mailing list wikimediauk-l@wikimedia.org http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: http://uk.wikimedia.org

On 20 November 2012 15:03, Jon Davies jon.davies@wikimedia.org.uk wrote:

How about doing it in a nice way? Sending a thank you LETTER (sorry trees) with a badge or sticker in and an 'if not received return to...label. AT least that would be some sort of verification. Perhaps a freepost confirmation postcard therein as a belt and braces?

That's easy and sensible.

To be frank going from 320 to 260 members recently seems that our problem is quite the reverse.

Well, yes. But with a suitable screening process I'm sure we can reduce that number even further.

- d.

On 22 November 2012 12:44, michael west michawest@gmail.com wrote:

Just to put this into a real world perspective. I an a member of the Labour Party which gives me certain rights to vote. I've never once in 23 years been asked to provide evidence of who I am. In terms of entryism the Labour Party has had a long history and the problem is dealt with not with postcards or expensive credit checks or heaven forbid notorised copies of documents but with a simple acceptence that you abide by the constitution. If you don't you get kicked out and if you disagree you take the party to court at your own expense. For a post that has had so many contributions I haven't seen much justification for any change in what you do already. The fear of reds under the bed or freak cabals seems to more important that actually signing up members and supporters and bogging them down with what if requirements. Maybe an approach to another charity or the electoral reform society and ask how they deal with ghost members might be more enlightening, than throwing it open to a public mailing list.

+1

The real solution is more members.

- d.

On Thu, Nov 22, 2012 at 1:58 PM, Katherine Bavage < katherine.bavage@wikimedia.org.uk> wrote:

... The concern arose from the fact that under the current system, fraudulent membership is possible - there are no effective safeguards.

I think the concern is not one or two fake memberships but more that someone could successfully do this to such a scale that they could influence a vote, either electing new trustees or passing an undesirable motion. In reality, I think the risk here is very low as long as we have a sizeable, engaged membership and sufficient candidates for board elections.

Looking back at motions and elections over the last four years I can see scant evidence that this has ever happened - in fact the only time I am aware is the very first election back in 2008, when a 16 year old tried to stand for the board and then he unsuccessfully tried again using a sockpuppet. It didn't take long for it to be exposed and it lead nowhere.

I don't agree that there are no effective safeguards against this, in particular:

- the board considers each membership application individually before approving - the board has the power to remove people as members if necessary

That's very important - you are able to do something about it if you identify that it is happening.

For me, the key thing is keeping an open eye when you see new membership applications and spot any patterns emerging. You might want to check for multiple members with the same email address or at the same postal address or lots of people joining up just before an AGM all in the same area.

I think that would deal with the risk adequately. Credit checking, besides the costs, would require consent and can damage their credit rating so I would strongly advise against that. I would not strongly object to having confirmation cards in the post but it would seem a bit overkill and not entirely consistent with a Wikimedia culture that is predominantly online and still, for instance, allows pseudonymous admins on the English Wikipedia.

Hope this helps and hope your recruitment is a success in reversing the trend of declining membership (although I suspect this is simply because we are finally getting round to knocking long-lapsed people off the list).

Regards,

Andrew