ARIN-PPML Message

[arin-ppml] Errors in 2007-14 Revision 3.2

Policy Proposal 2007-14
Resource Review Process

This proposal has been revised. It is open for discussion on this
mailing list and will be on the agenda at the upcoming ARIN Public
Policy Meeting.

The current policy proposal text is provided below and is also available
at: http://www.arin.net/policy/proposals/2007_14.html

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


Owen DeLong wrote:
> Unfortunately, somehow the version 3.2 that was sent to the mailing list
> was apparently the result of applying the intended 3.2 updates to an older
> version than 3.1.
>
> Below is the corrected 3.2 which for clarity I will call version 3.3.
>
> Apologies for any inconvenience or misunderstanding. The updates actually
> conducted remain the same...
>
> Section 3 updated to address concerns from ARIN staff.
> Section 7 and 8 changed to address concerns from legal.
>
>
> Policy Proposal 2007-14
> Resource Review Process
>
> Author: Owen DeLong, Stephen Sprunk
>
> Proposal Version: 3.3
>
> Date: 14 October 2008
>
> Proposal type: modify
>
> Policy term: permanent
>
> Policy statement:
>
> Add the following to the NRPM:
>
> Resource Review
>
> 1. ARIN may review the current usage of any resources maintained in 
> the ARIN database. The organization shall cooperate with any request 
> from ARIN for reasonable related documentation.
>
> 2. ARIN may conduct such reviews:
>
>     a. when any new resource is requested,
>
>     b. whenever ARIN has reason to believe that the resources were
>     originally obtained fraudulently or in contravention of existing
>     policy, or
>
>     c. at any other time without having to establish cause unless a
>     prior review has been completed in the preceding 24 months.
>
> 3. At the conclusion of a review in which ARIN has solicited 
> information from the resource holder, ARIN shall communicate to the 
> resource holder that the review has been concluded and what, if any, 
> further actions are required.
>
> 4. Organizations found by ARIN to be materially out of compliance with 
> current ARIN policy shall be requested or required to return resources 
> as needed to bring them into (or reasonably close to) compliance.
>
>     4a. The degree to which an organization may remain out of
>     compliance shall be based on the reasonable judgment of the ARIN
>     staff and shall balance all facts known, including the
>     organization’s utilization rate,
>     available address pool, and other factors as appropriate so as to
>     avoid forcing returns which will result in near-term additional
>     requests or unnecessary route de-aggregation.
>
>     4b. To the extent possible, entire blocks should be returned.
>     Partial address blocks shall be returned in such a way that the
>     portion retained will comprise a single aggregate block.
>
> 5. If the organization does not voluntarily return resources as 
> requested, ARIN may revoke any resources issued by ARIN as required to 
> bring the organization into overall compliance. ARIN shall follow the 
> same guidelines for revocation that are required for voluntary return 
> in the previous paragraph.
>
> 6. Except in cases of fraud, or violations of policy, an organization 
> shall be given a minimum of six months to effect a return. ARIN shall 
> negotiate a longer term with the organization if ARIN believes the 
> organization is working in good faith to substantially restore 
> compliance and has a valid need for additional time to renumber out of 
> the affected blocks.
>
> 7. ARIN shall continue to provide services for the resource(s) while 
> their return or revocation is pending, except any maintenance fees 
> assessed during that period shall be calculated as if the return or 
> revocation was complete.
>
> 8. This policy does not create any additional authority for ARIN to 
> revoke legacy address space. However, the utilization of legacy 
> resources shall be considered during a review to assess overall 
> compliance.
>
> 9. In considering compliance with policies which allow a timeframe 
> (such as a requirement to assign some number of prefixes within 5 
> years), failure to comply cannot be measured until after the timeframe 
> specified in the applicable policy has elapsed. Blocks subject to such 
> a policy shall be assumed in compliance with that policy until such 
> time as the specified time since issuance has elapsed.
>
> Delete NRPM sections 4.1.2, 4.1.3, 4.1.4
>
> Remove the sentence "In extreme cases, existing allocations may be 
> affected." from NRPM section 4.2.3.1.
>
> Rationale:
>
> Under current policy and existing RSAs, ARIN has an unlimited 
> authority to audit or review a resource holder's utilization for 
> compliance at any time and no requirement to communicate the results 
> of any such review to the resource holder.
>
> This policy attempts to balance the needs of the community and the 
> potential for abuse of process by ARIN in a way that better clarifies 
> the purpose, scope, and capabilities of ARIN and codifies some 
> appropriate protections for resource holders while still preserving 
> the ability for ARIN to address cases of fraud and abuse on an 
> expedited basis.
>
> The intended nature of the review is to be no more invasive than what 
> usually happens when an organization applies for additional resources. 
> Additionally, paragraph 2c prevents ARIN from doing excessive 
> without-cause reviews.
>
> The authors believe that this update addresses the majority of the 
> feedback received from the community to date and addresses most of the 
> concerns expressed.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.