ARIN-PPML Message

[ppml] Comment on "Policy Proposal 2006-1" (Residential Privacy modification)

I'd like to make additional comment regarding 2006-1 and potentially
offering a way to a solution that solves the issues but does not cause
as many problems and changes with ARIN system.

As a reminder a primary justification for introducing this seems to
be that full ZIP codes (6 code in Canada or full 9 digit code in US)
and city is in some cases are too specific and is almost the same as
offering full street address. The primary concerns seems to be about
those living in rural areas where the the density is very low.

Regarding zip/postal codes - a solution was proposed to only require
partial (minimum 3-letter) code rather then full zip/postal code.
I think many others have already shown that this would solve any
potential privacy concerns as 3-letter codes are not specific
enough (in fact for US even 5 letter code is not specific - zip
codes follow density as well so rural territories have very large
areas covered by same zipcode).

Regarding city this is indeed an issue for rural areas where city
may include only a dozen households (in many states they would not
even allow to incorporate in this case). I agree that this needs
to be addressed and there is actually a very simple solution by
allowing County name to be entered in case this is unincorporated
area (which is in fact exactly what is being done right now) as
well as if the city itself is smaller then say 1000 residents -
we can even do it by just renaming "city" field to "city/locality"
and leaving it to the discretion of the ISP if the are entering
actual city name there or name of local territorial unit (township,
borrough, county, etc) if user has privacy concerns.

I also would like to note a concern that privacy issues effecting
very few users in rural areas (<0.1%) are considered for changes 
that would cause data not be available for the reminder 99.9%.
As you know if you make something optional many just not do it
at all even if its not a problem for their case. The solution for
this really should be the one that addresses specific issues with
those 0.1% where current privacy policy would not be enough.

In short this issue needs to be looked at further by the AC but
the current proposal should be rejected.

-- 
William Leibzon
Elan Networks
william at elan.net