[arin-ppml] SWIPs & IPv6

tvest at eyeconomics.com tvest at eyeconomics.com
Thu Dec 3 14:05:43 EST 2009 

Hi Chris,

The same license plate analogy was discussed on the RIPE policy list  
about six months ago:

>> On 23 Jul 2009, at 13:14, tvest at eyeconomics.com wrote:

>> There is almost certainly some sort of clearing house role for the  
>> RIRs in any address space matrket: authenticating the seller's  
>> "title" to the space, maintaining up to date registry info and so  
>> on. However this doesn't have to record prices. For instance the  
>> DMV doesn't care what someone pays for a car. They do want to know  
>> who owns it.
>
> That's true, but then you don't go to the DMV volutarily. You go  
> because:
>
> 1. you are required by law to obtain a special token that indicates  
> that your vehicle are bona fide -- a token that is clearly visible  
> to everyone you interact with at all times.
> 2. guys with the authority to mete out real consequences are  
> constantly cruising around, looking specifically for missing or out- 
> of-date tokens.
> 3. Every driver is aware of (2); some people may occasionally try to  
> get by without registering, and bad guys know generally don't try to  
> register stolen vehicles, but everyone is aware that the LEA risk is  
> real.
>
> In the Internet context, not only is each of the above false; in  
> each case the opposite is true.


So, I would suggest that one cannot really embrace the license plate  
parallel unless you also want to embrace all that goes along with it,  
i.e., substantial investment in a large, widely distributed rule  
enforcement system with real power to mete out punishment, which is  
constantly if somewhat thinly and randomly monitoring everyone on the  
road...

TV


On Dec 3, 2009, at 1:38 PM, Chris Engel wrote:

> I believe that Milton makes an excellent point below. The important  
> issue, I believe, is NOT that the general public be able to  
> determine who ACTUALY owns a particular address block or domain. The  
> important issue is being able to report a problem with a particular  
> domain/address block to some-one who can take appropriate action  
> upon it.
>
> Looking at the analogy of cars on a road is probably rather  
> appropriate in this case. Roads are a public shared resource just  
> like the internet. In order to be able to put a car on the road (at  
> least in the US) it needs to registered with your state DMV and  
> needs to have a visible license plate on it. Note that the ONLY  
> thing that is publicaly revealed when your car is on the road is  
> that License Plate #... not the owners Name, Address, Phone #, etc.  
> The public can NOT simply goto the DMV and get the corresponding  
> Contact Info for a License Plate #.
>
> The reasons for that are obvious.... a stalker or abusive ex- 
> boyfriend knows the car thier intended victem is driving.... if they  
> are able to get a home address/phone # from that publicaly availble  
> license plate #, thier ability to carry out abuse is greatly  
> enhanced. The hazards for providing contact information for the  
> actual owners of a domain/IP block are not that different.
>
> What you CAN do is report that License Plate # to the Police/DMV  
> when there is a problem with that car (say it knocked over your  
> fence and then drove off) and THEY can take action that is neccesary  
> to address the problem. In cases where you have a legitimate need  
> for the actual contact information (say you need to know who to sue  
> for damaging your property) THEY will provide it for you if your  
> requirement for it is determined to be legitimate. They act as gate- 
> keepers for that information. In cases where you feel those gate- 
> keepers are not providing such information when there is legitimate  
> cause you can petition the courts for redress.
>
> I really see no issue with an ISP or other Agent acting as the POC  
> or Gatekeeper for an individual block/domain holders information.  
> The problem occurs when that ISP/Agent is not themselves responsive  
> when there is a legitimate need to resolve an issue that the address  
> holder is causing. In our real world example, the Police/DMV have  
> dual responsibilties.... they are responsible to protect the privacy  
> of the vehicle owner.... but also responsible to protect the rights  
> of individuals who that vehicle may have infringed upon... they are  
> equaly accountable to both. In essence, they have no horse in the  
> race themselves. In the case of the ISP/Registrar/Agent the person  
> who's identity they are protecting is thier customer so they have a  
> vested interest in being biased toward thier interests. Perhaps that  
> is part of the issue here.
>
>
> .....
> Milton L Mueller writes:
>
> "This is a typically unbalanced and exaggerated claim. There are  
> legitimate privacy concerns regarding access to contact and address  
> data, including shielding people from cyber-criminals and spammers,  
> and there are legal issues regarding the display of that data when  
> natural persons (i.e., not incorporated organizations) are involved.
>
> Revelation of the data shielded by these so-called privacy services  
> is notoriously easy to obtain, basically you just have to ask for  
> it, be a real entity and have some legitimate purpose. All of these  
> constraints are absent, of course, from anonymous, web-based whois  
> interfaces. The idea that people can abuse the internet (correct, of  
> course) must always be balanced by the equally valid observation  
> that people can and do abuse unrestricted access to sensitive data.
>
> The implication that only criminals use DNS privacy protection  
> services is obviously false, unless you believe that about 30% of  
> all domain name registrants are criminals and that the numerous  
> reputable individuals I could cite, including newspaper reporters  
> and small businesspeople, are also criminals.
>
> The expectation that WHOIS/SWIP issues can be discussed  
> independently of data protection rules and norms is a fantasy. I  
> know Ted is a lost cause on this issue and don't frankly care; but I  
> hope the rest of this list is a bit more mature and not populated by  
> people who think that their convenience as technical administrators  
> trumps any and every human rights concern.
>
> Beyond that, to avoid the practically useless kinds of ideological  
> debates in which Ted revels, I'd propose restricting any further  
> discussion of this to specific proposals and operational guidelines.  
> You can't know whether there is a legitimate privacy and/or security  
> issue unless we are discussing real proposals in real contexts.
>
> --MM "
>
>
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list