[arin-discuss] Privacy of Reassignment Information

Owen,

As this is a policy issue, please forward this discussion onto the 
Public Policy Mailing List, ppml at arin.net.
For those of you on arin-discuss not subscribed to ppml, you can find 
subscription instructions at:: http://www.arin.net/mailing_lists/index.html.
PPML is open to the general public and provides a forum to raise and 
discuss policy-related ideas and issues surrounding existing and 
proposed ARIN policies.

Regards,

Susan Hamlin
Director, Member Services

 

Owen DeLong wrote:

>Actually, no, I don't like being solicited.  I'm as annoyed by SPAM as
>anyone.  Phishing is little more than SPAM in my experience, since it's
>usually pretty easy to identify and I know better than to provide my
>personal information to URLs that don't look right.
>
>Education is the answer to phishing.  Hiding private information doesn't
>actually help.  The reality is that I can't recall ever receiving a
>phishing attempt that used information from whois.  The phishers
>don't generally bother.  For one thing, there isn't a high enough
>percentage of targets with whois entries.
>
>My opinions on this subject have nothing to do with being affiliated or not
>with a service provider or with the fact that I also work as a consultant.
>
>My opinions are based exactly on the fact, as I stated, that IP addresses
>are a resource assigned from the public trust.  If you obtain the use of
>federal land, that use permit is a matter of public record.  I don't see
>any reason IP address assignments should be treated any differently.
>Resource allocations in the public trust should be a matter of public
>record.
>
>Owen
>
>
>--On April 8, 2006 10:38:19 AM -0400 Eric Kagan <ekagan at axsne.com> wrote:
>
>  
>
>>David, 
>>  
>>I fully support and agree with the privacy policy you speak of below.  In
>>this day and age of deception (spam, phishing, fraud and a number of
>>other things) I feel having any information publically accessible that
>>could help defraud an individual or enterprise is neglegent.  I feel the
>>Con's far out-weigh the Pro's in this area. I get constant push back from
>>internal resources as well as private enterprise on releasing their
>>information.  (Solely in regards to reassignments, not reallocations).
>>The service providers info should be public and accurate and all
>>communications should come to the service provider and dealt with
>>privately to their customers.  Thats a responsibility and part of
>>business of being a service provider. (If space is assigned downstream,
>>the reallocated service provider info should be publically posted.) 
>>  
>>Lets realize that domain registrars have allowed private registrations
>>for some time.  Can anyone on this list say they have *never* received
>>inappropriate communications (via email, mail, phone call) that used this
>>certain public information ? I know Owen mentioned he is registered with
>>his info, but if he's on this list and a "consultant" he is closely tied
>>to the service provider world and maybe even likes that he can be
>>solicitied.  I am sure most business in the private sector would not feel
>>the same way. 
>>  
>>Unfirtnuately I am unable to attend the Montreal event, but I am willing
>>to assist or backup the private policy effort in any way possible.  I
>>will welcome online or offline responses and ideas as well. 
>>  
>>Thank you 
>>Eric 
>>  
>>Eric Kagan 
>>CTO 
>>Access Northeast/ASN 17113 
>>Direct 508-281-7626 
>>ekagan at axsne.com 
>>  
>>
>>
>>
>>-----Original Message-----
>>From: arin-discuss-bounces at arin.net
>>[mailto:arin-discuss-bounces at arin.net] On Behalf Of Divins, David
>>Sent: Saturday, April 08, 2006 1:26 AM
>>To: Owen DeLong; ARIN-discuss at arin.net
>>Subject: Re: [arin-discuss] Privacy of Reassignment Information
>>
>> 
>>
>>All IP Allocations are done based upon trust.  If an ISP just wanted to
>>obscure a reassignment they could simply make up a customer. 
>>
>>Allowing ISP's to enter into NDA type status for reassignments and
>>representing these reassignments as private in public servers should
>>provide the registrar with more accurate information-- as that is the
>>basis for the reassignment policy.  Additionally, this provides much
>>needed privacy for companies that must adhere to ever more restrictive
>>privacy laws.  This allows a valid mechanism. 
>>
>>Why is a corporate entities right to privacy any less than an individuals
>>(when it comes to IP space-- and remember not all companies are public)? 
>>
>>Why is there a need to know what company owns a block provided there is a
>>valid contact provided? This probably brings the question of how can we
>>ensure a valid contact.  Since all assignments are done based on trust,
>>there must be some base assumption that for the most part ISP's act
>>according to ARIN rules--  I am not aware of any ARIN para-military-esque
>>auditing arm that checks ISP corporate accounting against IP assignments
>>to see who skirts the rules. 
>>
>>Honestly, I would be content to see a policy that allows an ISP to go
>>full NDA with ARIN and provide reassignment information to ARIN on a
>>private basis.  Under this condition, the ISP would need to maintain
>>valid contact (abuse/noc) for all address space it has been assigned and
>>not publicly reassigned. 
>>
>>I firmly believe that this issue will not be going away. 
>>
>>-dsd 
>>
>>David Divins 
>>Principal Engineer 
>>ServerVault Corp. 
>>(703) 652-5955 
>>
>>_____________________________________________ 
>>From:   Owen DeLong [mailto:owen at delong.com] 
>>Sent:   Friday, April 07, 2006 11:56 PM 
>>To:     Divins, David; ARIN-discuss at arin.net 
>>Subject:        Re: [arin-discuss] Privacy of Reassignment Information 
>>
>>* PGP Signed by an unknown key: 04/07/2006 at 11:55PM 
>>
>>
>>--On April 7, 2006 10:25:11 PM -0400 "Divins, David"
>><dsd at servervault.com> 
>>wrote: 
>>
>>    
>>
>>>All, 
>>>
>>>Provided an ISP, or other direct assignment recipient, supplies valid 
>>>and responsive (24x7) Abuse, NOC, and other pertinent contact 
>>>information, a reassignment should be allowed to remain private. 
>>>
>>>      
>>>
>>First, a direct assignment recipient cannot reassign, so, this would 
>>not apply to a direct assignment recipient. 
>>
>>Second, the policy was abandoned fairly recently due to lack of 
>>support by the community and lack of consensus to move forward. 
>>
>>IP resources are an element of public trust.  It is common and widespread 
>>practice to disclose as a matter of public record possessory interest 
>>in public resources.  The public interest in an open and equitable 
>>system of resource assignments and allocations overrides ISPs 
>>interest in hiding the identities of their customers. 
>>
>>    
>>
>>>The ability for an ISP to selectively and voluntarily make an assignment 
>>>private will still allow ARIN to have accurate reassignment information 
>>>as the assignments will be provided to ARIN privately whenever address 
>>>utilization must be determined. 
>>>
>>>      
>>>
>>ARIN is a stewardship organization.  The IP addresses are no more owned 
>>by ARIN than by any recipient organization.  They are administered by 
>>ARIN and the ISPs in the public trust.  They are public resources. 
>>
>>    
>>
>>>The private designation in no way relieves the ISP of its responsibility 
>>>to the Internet community.  In fact, a private reassignment expands this 
>>>responsibility as the ISP actually must take on the responsibility 
>>>providing valid 24x7 point of contact. 
>>>
>>>      
>>>
>>The community vehemently opposed adding such a requirement to the
>>previous 
>>attempt at such a policy. 
>>
>>    
>>
>>>If an ISP is unable or unwilling to provide a responsive NOC/abuse 
>>>contact, then they may not designate any reassignments as private. 
>>>
>>>      
>>>
>>How would you propose to prevent ISPs from ignoring this requirement? 
>>
>>Owen 
>>
>>-- 
>>If it wasn't crypto-signed, it probably didn't come from me. 
>>
>>* Unknown Key 
>>* 0x0FE2AA3D - unknown 
>>
>>    
>>
>
>
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>ARIN-discuss mailing list
>ARIN-discuss at arin.net
>http://lists.arin.net/mailman/listinfo/arin-discuss
>  
>