Motivation: The Core Validators recently had a discussion around the concept of Identity at Stake, specifically around what does “address” mean for us as a group.
(NOTE: If there was another forum post created for this topic, please link to and I’ll close this one.)
At present the security model that we have in places rests with validators that have staked their identity. Identity (a rather difficult idea) is a multi-fold construct in the POA Network and includes (as of today): notary commission, address, email, and one’s name (with other, evolving proofs being developed by the foundation - such as proof of phone and bank account.)
I feel that each of these proofs can be viewed as being loosely coupled.
Eg: Suppose that the requirements for procuring a notary license in your jurisdiction does not require the issuing authority to completely know your physical address, a PO Box is sufficient. But does that mean that POA Network’s Core Validators would feel confident that some can stake a non-physical (residential) address?
What do others feel is appropriate? What should we be staking?
I would like to unpack this and then put it to rest. The ultimate goal is clarifying what is meant in our “Bylaws / Playbook / Github / SOPs / Whatever we call this” - after a discussion here and then having a vote (once that tool has been finalized of course.)
Physical addresses are sometimes legally necessary to perform personal service. For example, a summons or complaint usually requires personal service in most jurisdictions. For this reason, I would suggest that core validators share and update physical addresses for this purpose.
I think it depends on what types of things people decide to post to the POA network. In rare situations, notaries do get subpoenaed to testify as to particular documents. This is true in some cases where competency, willingness to sign, and fraud is at issue.
We really need to accept the fact that legal challenges will come up. The form of these exactly, I don’t know.
As a person that used to work in a highly regulated field (contract environmental lab testing), lawsuits were simply baked into the job - if you will (never fun of course). But when these happen, I hope that we all can be found and properly served so that we may respond in a timely manner.
Jeff, I see what your concern is. I believe we all shared our residential and mailing addresses with the state for the license. Some states choose not to display full address info for security reasons. I believe we all share our residential and mailing addresses with federal authorities on tax returns and other forms. If some unknown hypothetical legal challenges come up at some point in the future we all can be easily found by the state or federal authorities.
I’ve been roped into lawsuits simply because of tangential relationships. The goal being of course increase the set such that defense on a per person basis Vs. monies sought results in quick settlement. These really are not fun, cutting a check because defense would be 50% more (and then there is the real potential of still losing.)
I don’t want there to be two sub-groups. Those that can be easily served and those that cannot be so easily served. We already know who will targeted first (lowest energy doesn’t only apply to thermodynamic equations.) so this is a question of fairness for me.
Also, looking at some state’s application (for example) - you don’t have to put down a physical address (i.e. some states permit only a PO Box). As for other routes of such discover, such as tax forms, we did not have to fill out any such documentation for tax related purposes (such as a W9).
I’ve come to realize that any additional step(s) added to a system, you will see basically an exponential drop off. This again makes me wonder if we are creating two classes of validators. Those that are immediately discoverable and those that are not.
I’m simply trying to convey my concerns around what I see as a division in the validating set. Some validators are using addresses that are more easily ascribed to the individual and some are not. I figure that my concerns have been clearly communicated, and I’d like to know what others feel.
If after more discourse it appears that Personal-Business and/or PO Box addresses are acceptable to our network; and are acceptable to our individual jurisdictions - then fine… Personally I will lend a hand in the write up of the protocol to help my fellow Californians to perform this change.
I was and am still seeking clarity as to what others feel about the matter.
Again - I personally believe that the intent behind the “staking of one’s address” was that of a ‘personal’ address to facilitate rapid identification of a validator. At least that was my interpretation.
I’m not sure what rapid identification of a validator means. I remember we discussed this topic during our Sat meeting. You personally stated you are ok with PO Boxes, you personally stated on the forum you are ok with using business addresses. You are also ok with using home address. I’'m not sure what you are trying to achieve. Could you please explain how ‘personal’ address(I read it as residential address) is more unique property to person’s identity than PO Box or business address? In many cases there are other individuals who share residential or business address. It’s a part of their identity as well and therefore not a very unique property to person’s identity. I wonder what others think about it too.
I’m ok with a PO Box, provided that the entire network is as well. This is in question. Also, I would have liked (once some concerns were raised) everyone to have self identified themselves.
I’m ok with a corporate business address. I really don’t see validator’s main source of income being derived from their activities on the POA Network - at least not for some time. So… I actually sort of like one’s address being a corporate address … As if one is being served, these are typically performed during business hours. I’m sure that HR would be more than happy to help track down said employee. From my experiences, corporate HR dept’s really have a problem with dealing with anything ‘weird’. And so people that have staked this type of an address are extra incentivized to keep from getting on their main source of income’s weirdness radar.
I’m NOT ok with a personal company address, as one can make these extra difficult to actually locate the ‘real’ person. I.e. there’s no independent HR team to assist with compliance.
As for rapid ID, may I ask if you have ever been served and/or otherwise sued (tort)? The goal is to hit the lowest hanging fruit quickly. I just don’t wish there to be two groups of validators.
I think Jeff’s point is that notary license aside, how do we tie addresses to the physical person? While the requirements of the POA Core network was dependent on getting a notary license, there were never requirements on how the addresses should be listed on the POA explorer. Given that there are variability in how notary license addresses are presented in different states, it may be difficult to tie just the notary license to the physical person.
I thought about this quite a bit after our call last week - this is actually really interesting because I am not sure if addresses are even sufficient to actually stake a person’s identity. In states where only the zip code is required, there is actually no safeguard on a person putting any random address with the same zip code. Ex. someone could put down a fake residential address within zip code 90000, and their commission will say the same thing, but there’s still no way to confirm that identity. (this may be a discussion saved for later.)
Coming back to this issue - if we all agree that addresses at this point are the best way to stake our identity, then we should be consistent and outline exactly what this means. I personally don’t think it’s an issue if it is a PO Box, residential, business addresses as long as this is all agreed to and no confusion for anyone. I think that’s where everyone is getting hung up - we all have our own interpretation of what the addresses should mean but I also don’t think anyone is wrong in their interpretation. The current POA guidelines does not address this issue this but I do think our job as validators can be used to help clarify. The end goal is for anyone who see the addresses and will know exactly what this entails.
Great points, Sherina! I believe the address is a very weak property of someone’s identity. I think we all agreed that notary license is the best way to stake our identity at this point. There are simply much more unique properties of someone’s identity than the address. The bank account, biometrics(fingerprints, iris etc) are one of them.
Notary license requires fingerprints and background checks (I would assume that is in every state, but might be wrong)
If that is the case, then we should be OK with P.O. Boxes
Having Norary License will garantee identity of validator
But if we talk about “serving legal papers” or traveling validators that work remotely… P.O. Box might be an issue. Since it might be harder to track the person. But again, Secretary of State should be able to provide personal information in case of legal actions.
I think P.O. Box should be OK.
Will be good to hear from others, including not validators.