[arin-ppml] Policy Proposal: Customer Confidentiality

[Kevin Loch]

Alexander, Daniel wrote:

> I also disagree with the need for whois as a means of validation or
> transparency for ARIN. ARIN can request whatever information they want
> under the RSA. They do not need swips to confirm someone's utilization,
> and if that were the only mechanism being used then we have bigger
> problems to solve. If transparency is truly the goal, then it needs to
> be an all or nothing, and whois has no chance of acting as a directory
> for ALL Internet users.

It does not have to be all or nothing.  Any requirement to document
reassignments does help discourage abuse (hoarding) and verification
by ARIN for new requests.

It is my belief that for most applicants ARIN uses only the swip/rwhois
data to verify requests for additional space and only when there is
reason or history to suspect fraud do they dig for more.  This has
the benefit of requiring ISPs to have internal systems that manage
and document customer assignments accurately.  How many small/medium
ISPs/hosts would completely mismanage this if it were not for the
ARIN reporting requirement?

I don't care if customer assignments are made public but I strongly
support keeping the requirement that reassignments be reported to
ARIN as they are made.

I would support a policy that would allow restricting of rwhois server
access to ARIN only and allowing a "non-published" option on swip
templates to prevent it from showing in public whois queries.

I prefer to see all abuse complaints for my customers anyway (using
rwhois instead of swip generally encourages this) so I am aware of any
problem customers as soon as possible.

- Kevin