Is there some way you could not pay me interest so it doesn't trigger whatever federal code you are trudging up. I gave you money, why can't you just give it back? It's akin to me dropping my wallet it IRL, would you give it back to me if you found it?
I should not have to give out my personal info to every asset issuer from GLBSE, they didn't do anything like that for me when I gave it to them. If I were you, I would feel like a thief. I understand you got a lawyer to figure out what you should do, but I seriously wonder how you feel deep down knowing you are sitting on a pile of hardware other people bought for you.
Well there's actually an interesting point raised there.
In some countries (I don't know the situation in the US) certain types of business have to collect personal ID to do business with someone. The UK (where I live) is one such country. IF the person refuses or is unable to provide the ID then the company is not allowed to do business with them and has to return any funds they've received (exception being if the company believes the individual may be involved in money-laundering, terrorism etc when they have to file an SAR and hold the funds until either a deadline passes or they're instructed how to proceed). There's zero option of "we'll just keep the money" or "we already used it" or "we'll give it to charity".
Certainly in the UK if giga NEEDED that information for legal/regulatory reasons but didn't bother collecting the info when he received the funds then he'd have to just return the funds if you were unable/unwilling to provide the information (which would be what you paid for the bonds less any dividends received). His alternative here to returning it would be to file an SAR (Supicious Activity Report) with whoever his regulatory aithority was (which depends on type of business - e.g. FSA for most financial servie providers, Gaming Commission for casinos etc).
Additionally if in a regulated business then there's whole ton of hoops to jump through to be able to even collect the information - being registered for that specific type of business, having a formal policy on handling the data, liability insurance against loss/theft/misuse of the data, having an individual appointed in charge of the data etc (in fact two different individuals - one for data protection issues, one for KYC/AML requirements).
Now it could be very different in the US - but somehow I doubt it. If anything, the US is usually even more anal about the hoops companies have to jump through to do things.
Also in the UK it's mandatory to disclose in advance of entering any agreement if:
1. ID will be required (you also are supposed to provide your policy for complying with data-protection requirements, disclose what the info will be used for, how long it will be kept for etc.).
2. The agreement is being offered on behalf of a limited-liability entity.
As giga's lawyer said : "and, in fact, the information requested is no more detailed or onerous than what is generally required to open a brokerage or bank account."
Indeed - TO OPEN. Not requested many months later under threat of withholding your funds if you don't comply. The argument that everyone knew ID was needed is clearly junk (if ever raised) for a few reasons:
1. Not everyone lives in the US. We have no idea what threshholds there are there for requiring ID.
2. Simple common-sense. Many people hold small numbers of bonds whose value is less than the cost of obtaining apostille. Pretty obviously they had no expectation or belief that this level of ID would be required.
If anyone actually wants to complain, best bet is probably NOT the SEC or whatever - first place to start is his local Trading Standards or similar (no idea what they're called in the US): with the complaint being that he took funds and is now requesting that you complete ID procedures costing more than the total value of the transaction and refusing to return your funds if you won't comply. They'll then forward the complaint to whatever body is best placed to deal with it.
Now that nefario seems to have got a proper grip on sending out lists there seems no reasonable basis to claim that the ID is needed to identify the owners of assets. Giga trusted nefario to handle who held what bonds when he listed on GLBSE - and to date there's been no evidence suggesting the lists contain false claims. Which leaves just the "comply with laws" issue - where giga's definitely in the wrong if he believes it's fine to suddenly ask for ID AFTER accepting and using funds. But please - someone who knows how this works in the US correct me if it's fine there to take money in return for consideration, use it and/or then dispose of it in some manner other than returning it ALL to sender (or file an individual report with LE/regulators) if you subsequently request ID and they refuse to provide it.