This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] End user (natural person) ID check: sensitive documents stored to "idenfy.com" ?
- Previous message (by thread): [members-discuss] Board Meeting on RIPE NCC Charging Scheme
- Next message (by thread): [members-discuss] End user (natural person) ID check: sensitive documents stored to "idenfy.com" ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
James Kennedy
jkennedy at ripe.net
Wed May 1 19:18:53 CEST 2024
Dear members, One of our primary objectives is to ensure an accurate registry. As part of this, we need to perform due diligence checks to verify all resource holders [1] and to determine the legitimacy of requests that we receive. We carry out these verifications both reactively when evaluating resource requests or providing support, and proactively (e.g. through our Assisted Registry Checks [2] or when notified by our registry data monitoring system about a potential change to a resource holder’s data). For natural persons, there are no public records, so we need to verify their existence by asking for an identification document. To be most effective, we use the third-party service iDenfy to validate these documents. We began using iDenfy in 2021 to automate some of our verification processes in the Registry. Prior to this, we were manually verifying identification documents, which took a great deal of time and effort from our Registry staff. I will publish a RIPE Labs article very soon that shares more insights into Registry workloads. We announced our switch to using this third-party service also in a RIPE Labs article, which goes into more detail about the process and why we chose this platform [3]. iDenfy is based in the EU and is therefore also subject to GDPR. They delete all IDs 14 days after being submitted. Using this tool actually makes it easier for us to ensure GDPR compliance as well as having more accurate identity checks. It also allows us to complete these checks much more quickly and reduces costs, which is a priority for us. Please let me know if you have any further questions about our identity verification process. Kind regards, James Kennedy Chief Registry Officer RIPE NCC —------ [1] Due Diligence for the Quality of the RIPE NCC Registration Data: https://www.ripe.net/publications/docs/ripe-791/ [2] Assisted Registry Checks: https://www.ripe.net/manage-ips-and-asns/resource-management/assisted-registry-check/ [3] Using Third Parties to Automate Our Due Diligence: https://labs.ripe.net/author/felipe_victolla_silveira/using-third-parties-to-automate-our-due-diligence/ On Fri, 26 Apr 2024 at 10:33, Lennart Seitz via members-discuss <members-discuss at ripe.net> wrote: > > Hi, > > i was also quite shocked to see that such critical data is outsourced to > 3rd party. Isn’t the Sponsoring-LIR supposed to check the identity of > the End-user? Why is an additional check via a 3rd party necessary? > > Also interesting to notice on this topic: for other legal form (for > example GmbH), a registration paper is authorization enough. This can be > grabbed publicly (atleast in Germany) by everybody for a few bucks. Why > is it required for End-users to upload sensitive documents while for > other legal forms, public available information is enough? > > BR, > Lennart > > Am 26.04.2024 um 09:15 schrieb Maxi: > > Idenfy is used for an amount of time. Atleast one year. > > > > Idenfy themself state that they delete the data right after verification. > > > > See here https://www.idenfy.com/security/ > > > > However… that is all payed for by the LIRs. It would there for be nice > > to integrate it in a way, that the LIRs could use the information for > > their contract themself. As in we can get access to the result to > > fulfill the standard agreement. > > > > It’s a waste of resources to require an identification from the LIR > > just to then do another one. > >> On 25. Apr 2024, at 17:19, Clement Cavadore via members-discuss > >> <members-discuss at ripe.net> wrote: > >> > >> Dear all, > >> > >> I, as LIR, have received requests from RIPE NCC, as they are running a > >> project to verify all the resource holders registered with them, to > >> check the ID of some of our end users (natural persons). We have been > >> provided links to a third party organization which (I think) runs ID > >> check on behalf of RIPE NCC. > >> > >> The URL for those check is ivs.idenfy.com/<something>. > >> > >> The fact is that: > >> - We do not have any information regarding how those sensitive > >> documents are processed (and stored ?) > >> - the URL is hosted bedhind an AWS URL, and this is not really an > >> acceptable solution for RGPD. > >> > >> Could we please have more infos on this ? > >> > >> Thanks in advance > >> > >> Clément Cavadore > >> > >> _______________________________________________ > >> members-discuss mailing list > >> members-discuss at ripe.net > >> https://mailman.ripe.net/ > >> Unsubscribe: > >> https://lists.ripe.net/mailman/options/members-discuss/maxi%40zeug.co > > > > _______________________________________________ > > members-discuss mailing list > > members-discuss at ripe.net > > https://mailman.ripe.net/ > > Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/mail%40lseitz.de > > _______________________________________________ > members-discuss mailing list > members-discuss at ripe.net > https://mailman.ripe.net/ > Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/jkennedy%40ripe.net
- Previous message (by thread): [members-discuss] Board Meeting on RIPE NCC Charging Scheme
- Next message (by thread): [members-discuss] End user (natural person) ID check: sensitive documents stored to "idenfy.com" ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]