[ppml] Comment on "Policy Proposal 2006-1" (ResidentialPrivacy modification)

Thus spake <Michael.Dillon at btradianz.com>
>> > What legitimate research need requires more than this?
>> >
>> Research which cares whether you are talking about Peoria, AZ or
>> Peoria, IL, or Peoria, IN for starters.
>
> That is not a definition of LEGITIMATE research.
> Consider a terrorist who is doing some research to
> identify the locality of a hated person in order to
> launch a poison gas attack in that locality.
>
> Yes, that is research but it is not legitimate
> research that ARIN and its members would wish
> to support.

I think we need to extend Godwin's Law to include terrorists. 
Seriously.

If you know the person's identity, there are far easier ways to figure 
out where they live, work, etc. than WHOIS.  The supposed problem with 
WHOIS is that it lets you _discover_ someone's identity from their IP 
address, which is a completely different problem.

Being able to distinguish between Peoria, AZ, and Peoria, IL, is trivial 
if we're going to allow even a single digit from the postal code, 
because that's all you need.  You're arguing over a moot point here. 
And, since you can turn postal codes (in the US, a 5-digit ZIP, which 
the current proposal allows) into locality and state names via public 
databases (e.g. usps.com), the point is doubly moot.  Removing part of a 
redundant set of data is useless.

I don't see a need to define the particular research people are 
referring to.  First of all, that only addresses research that's already 
in progress while ignoring whatever people may think of tomorrow. 
Second, we can easily accomodate unsubstantiated claims while still 
producing a policy that meets the claimed goal of making it difficult to 
turn an IP address into an identity.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking