[arin-ppml] Policy Proposal 2007-14: Resource Review Process – Revised and posted to last call

Member Services info at arin.net
Tue Nov 25 14:27:43 EST 2008 

Policy Proposal 2007-14
Resource Review Process

Following the ARIN XXII meeting the ARIN Advisory Council (AC)
determined that this proposal needed to be revised. The author has
revised the proposal to version 3.3A. On 20 November 2008 the AC, acting
under the provisions of the ARIN Internet Resource Policy Evaluation
Process, determined that the community supports this proposal and moved
it to an extended last call. A list of updates to this proposal is
provided following the proposal text.

Feedback is encouraged during this last call period. All comments should
be provided to the Public Policy Mailing List. This last call will
expire at 23:59 EST, 14 January 2009.

The policy proposal text is provided below and is also available at:
http://www.arin.net/policy/proposals/2007_14.html

The ARIN Internet Resource Policy Evaluation Process can be found at:
http://www.arin.net/policy/irpep.html

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


## * ##


Policy Proposal 2007-14
Resource Review Process

Author: Owen DeLong, Stephen Sprunk

Proposal Version: 3.3A

Date: 17 October 2008

Proposal type: modify

Policy term: permanent

Policy statement:

Add the following to the NRPM:

Resource Review

1. ARIN may review the current usage of any resources maintained in the
ARIN database. The organization shall cooperate with any request from
ARIN for reasonable related documentation.

2. ARIN may conduct such reviews:

    a. when any new resource is requested,
    b. whenever ARIN has reason to believe that the resources were
    originally obtained fraudulently or in contravention of existing
    policy, or
    c. at any other time without having to establish cause unless a full
    review has been completed in the preceding 24 months.

3. At the conclusion of a review in which ARIN has solicited information
from the resource holder, ARIN shall communicate to the resource holder
that the review has been concluded and what, if any, further actions are
required.

4. Organizations found by ARIN to be materially out of compliance with
current ARIN policy shall be requested or required to return resources
as needed to bring them into (or reasonably close to) compliance.

    a. The degree to which an organization may remain out of compliance
    shall be based on the reasonable judgment of the ARIN staff and
    shall balance all facts known, including the organization’s
    utilization rate, available address pool, and other factors as
    appropriate so as to avoid forcing returns which will result in
    near-term additional requests or unnecessary route de-aggregation.
    b. To the extent possible, entire blocks should be returned. Partial
    address blocks shall be returned in such a way that the portion
    retained will comprise a single aggregate block.

5. If the organization does not voluntarily return resources as
requested, ARIN may revoke any resources issued by ARIN as required to
bring the organization into overall compliance. ARIN shall follow the
same guidelines for revocation that are required for voluntary return in
the previous paragraph.

6. Except in cases of fraud, or violations of policy, an organization
shall be given a minimum of six months to effect a return. ARIN shall
negotiate a longer term with the organization if ARIN believes the
organization is working in good faith to substantially restore
compliance and has a valid need for additional time to renumber out of
the affected blocks.

7. In case of a return under sections 4-6, ARIN shall continue to
provide services for the resource(s) while their return or revocation is
pending, except any maintenance fees assessed during that period shall
be calculated as if the return or revocation was complete.

8. This policy does not create any additional authority for ARIN to
revoke legacy address space. However, the utilization of legacy
resources shall be considered during a review to assess overall compliance.

9. In considering compliance with policies which allow a timeframe (such
as a requirement to assign some number of prefixes within 5 years),
failure to comply cannot be measured until after the timeframe specified
in the applicable policy has elapsed. Blocks subject to such a policy
shall be assumed in compliance with that policy until such time as the
specified time since issuance has elapsed.

Delete NRPM sections 4.1.2, 4.1.3, 4.1.4
Remove the sentence "In extreme cases, existing allocations may be
affected." from NRPM section 4.2.3.1.

Rationale:

Under current policy and existing RSAs, ARIN has an unlimited authority
to audit or review a resource holder's utilization for compliance at any
time and no requirement to communicate the results of any such review to
the resource holder.

This policy attempts to balance the needs of the community and the
potential for abuse of process by ARIN in a way that better clarifies
the purpose, scope, and capabilities of ARIN and codifies some
appropriate protections for resource holders while still preserving the
ability for ARIN to address cases of fraud and abuse on an expedited basis.

The intended nature of the review is to be no more invasive than what
usually happens when an organization applies for additional resources.
Additionally, paragraph 2c prevents ARIN from doing excessive
without-cause reviews.

The authors believe that this update addresses the majority of the
feedback received from the community to date and addresses most of the
concerns expressed.

#####

The current version is available at:
http://www.arin.net/policy/proposals/2007_14.html

Previous versions, including 3.0 can be viewed at:
http://www.arin.net/policy/archive/2007_14_orig.html

This version incorporates the following changes vs. what was
published in the ARIN XXII meeting discussion guide:

H 1. Proposal Version 3.0 updated to 3.3A
H 2. Date 14 August updated to 17 October 2008
P 3. Paragraph 1 -- covered by an ARIN RSA updated to maintained in the
ARIN database
L 4. Paragraph 1b -- fraudulently updated to fraudulently or in
contravention of existing policy
P 5. Paragraph 1c -- unless a prior review updated to unless a full review
LS 6. Paragraph 3 Generic updated to Specific statement about staff
communication requirements.
L 7. Paragraph 4 substantially out of compliance updated to materially
out of compliance
L 8. Paragraph 4a extent to which updated to degree to which
L 9. Paragraph 6 intentional violations updated to violations of policy
L 10. Paragraph 7 Rephrased to convey intent in manner acceptable to legal
(primarily made specific as to return clauses applicable)

L 11. Paragraph 8 Rephrased for compliance with legal.
H 12 Paragraph 9 Comma (,) added after first phrase.

Changes tagged with an H are simple housekeeping.
Changes tagged with a P are the result of public comments.
Changes tagged with an L are made at the request of ARIN Legal Counsel.
Changes tagged with an S are made at the request of ARIN Staff.

The version in the meeting discussion guide was Version 3.0 from
August 14, 2008 and was archived on October 6, 2008.

There were several interim versions on PPML and in the policy
archive. They were not discussed at the meeting, although all
of the changes in them were discussed during ARIN XXII.

More information about the ARIN-PPML mailing list