[arin-discuss] Privacy of Reassignment Information

All,

Provided an ISP, or other direct assignment recipient, supplies valid
and responsive (24x7) Abuse, NOC, and other pertinent contact
information, a reassignment should be allowed to remain private.

This has been discussed before and abandoned
(http://www.arin.net/policy/proposals/2004_6.html).  However, I feel
this issue needs to be raised again as it is more important than ever.

There are ample valid reasons for a reassignment to remain private.

ISP's may not want their customers to be mined via a public service.
Many companies only use their assignment for private business exchanges
and do not want a public vector into their block.  HIPAA clearing
facilities, banking exchanges, procurement systems are all example of
viable private reassignments.

Note also that visibility into a companies assignments makes forging DoS
attacks or phishing schemes much easier, and this is a concern for some
organizations.

The ability for an ISP to selectively and voluntarily make an assignment
private will still allow ARIN to have accurate reassignment information
as the assignments will be provided to ARIN privately whenever address
utilization must be determined.

The private designation in no way relieves the ISP of its responsibility
to the Internet community.  In fact, a private reassignment expands this
responsibility as the ISP actually must take on the responsibility
providing valid 24x7 point of contact.

If an ISP is unable or unwilling to provide a responsive NOC/abuse
contact, then they may not designate any reassignments as private.

I will be at the Montreal meeting and plan on raising this issue during
the open policy and/or open mic sessions.

Thank you,
dsd

David Divins
Principal Engineer
ServerVault Corp.
(703) 652-5955