[arin-ppml] Draft policy 2010-3

Rudolph Daniel rudi.daniel at gmail.com
Tue Feb 2 14:36:10 EST 2010 

 "The customer's actual information must be provided to ARIN on request and
will be held in the strictest confidence."

The wording of 2010-3:  I think that the "on request" should be a mandatory
requirement. ARIN should not have to request it.

RD




>
> Draft Policy 2010-3
> Customer Confidentiality
>
> Draft Policy 2010-3 comes from the successful petition of "Policy
> Proposal 95: Customer Confidentiality." The draft policy is being posted
> for adoption discussion on the PPML and at the Public Policy Meeting in
> Toronto in April. The text of this draft policy is under the control of
> the petitioner, Aaron Wendel, until the conclusion of the Public Policy
> Meeting.
>
> Draft Policy 2010-3 is below and can be found at:
> https://www.arin.net/policy/proposals/2010_3.html
>
> You are encouraged to discuss Draft Policy 2010-3 on the PPML prior to
> the April Public Policy Meeting. Both the discussion on the list and
> at the meeting will be used by the ARIN Advisory Council to determine
> the community consensus for adopting this as policy.
>
> The ARIN Policy Development Process can be found at:
> https://www.arin.net/policy/pdp.html
>
> Draft Policies and Proposals under discussion can be found at:
> https://www.arin.net/policy/proposals/index.html
>
> Regards,
>
> Member Services
> American Registry for Internet Numbers (ARIN)
>
>
> ## * ##
>
>
> Draft Policy 2010-3
> Customer Confidentiality
>
> Version/Date: 2 February 2010
>
> Policy statement:
>
> ISPs may choose to enter the customer's name along with the ISP's
> address and phone number in reassignments and reallocations in lieu of
> the customer's address and phone number.  The customer's actual
> information must be provided to ARIN on request and will be held in the
> strictest confidence.
>
> Rationale:
>
> Version 2.0 clarifies the need for the customer name to remain in the
> SWIP and RWHOIS information.
>
> Customer contact lists are one of the most proprietary and confidential
> pieces of information in any business.  The requirements for ISPs to
> publish those lists via SWIP or RWHOIS runs contrary to good business
> practices and invites competitors and others to solicit both individuals
> and companies receiving reassignments and sub allocations from upstream
> providers.
>
> Timetable for implementation: immediate
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 2 Feb 2010 13:18:34 -0500
> From: William Herrin <bill at herrin.us>
> To: Chris Engel <cengel at sponsordirect.com>
> Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Petition Underway - Policy Proposal 95
> Message-ID:
>        <3c3e3fca1002021018t358ce58dy49b8044d9de355ad at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Tue, Feb 2, 2010 at 12:52 PM, Chris Engel <cengel at sponsordirect.com>
> wrote:
> > Bill Herrin wrote:
> >> I have issues with Joe of the bot-infestation that
> >>his ISP is probably better geared to chase down
> >>but I also have issues with Joe the /14-holding
> >>florist that I want to discuss with Joe directly."
> >
> > That's great...but I'm not sure how exactly having
> >Joe's contact info really helps you determine
> >whether his /14 is justified?
>
> Chris,
>
> If Joe, allegedly assigned a /14 from his ISP, is a neighborhood
> florist and he responds "What's the Internet?" then my audit is
> basically done and it's time to report the ISP's fraud to ARIN.
>
> If his reasons for the /14 are moderately plausible and I get the same
> result with the other half-dozen suspicious looking assignments then
> I'm basically done as well, though for the opposite reason.
>
>
> The problem is: Joe's /14 assignment can't look suspicious or look any
> other way if it's public listing is permissibly redacted to "ISP
> Customer."
>
>
> There are, of course, other values to an administrative contact. You
> are, for example, not a common carrier. If your customer is hiding
> behind your identity as an ISP, you could end up responsible for
> accepting legal notice on his behalf. Is your legal department staffed
> adequately to avoid missteps in that process that will get you sued by
> the complainant, your customer or both?
>
> Regards,
> Bill Herrin
>
>
>
> --
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 2 Feb 2010 12:26:27 -0600
> From: Kevin Kargel <kkargel at polartel.com>
> To: "'ppml at arin.net'" <ppml at arin.net>
> Subject: [arin-ppml] Draft Policy 2010-3: Customer Confidentiality
> Message-ID:
>        <8695009A81378E48879980039EEDAD28876D3FCB at MAIL1.polartel.local>
> Content-Type: text/plain; charset="us-ascii"
>
> Now that the petition has moved forward I do have some further comments on
> this proposal.
>
> I do not think that ARIN is in the business of defending the secrecy of
> customer lists.  Keeping your customers should be a matter of competitive
> pricing and quality of service, not sequestering your customers in a closet
> or keeping them in a walled garden.  Free enterprise is part and parcel of
> doing business on the internet.
>
> Hiding community members from contact by prospective service offerings is
> not included anywhere in the ARIN mission statement that I could see.
>
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 2 Feb 2010 13:49:06 -0500
> From: John Curran <jcurran at arin.net>
> To: William Herrin <bill at herrin.us>
> Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
> Subject: [arin-ppml] Notes on the current ARIN Policy Development
>        Process
> Message-ID: <DAE65501-DA5D-4005-AA85-A5EEFB1BFC97 at arin.net>
> Content-Type: text/plain; charset="us-ascii"
>
> On Feb 1, 2010, at 4:03 PM, William Herrin wrote:
> >
> > On Mon, Feb 1, 2010 at 12:32 AM, Owen DeLong <owen at delong.com> wrote:
> >>        The AC was elected to help develop good, technically sound
> >> policy.
> >
> > Owen,
> >
> > The AC was elected first and foremost to be shepherds of the bottom-up
> > public-originated policy development process. Advising whether a
> > particular proposal is "good, technically sound policy" is supposed to
> > be the very last step, not the first. Moving it to the front violates,
> > disrupts and eventually destroys the bottom-up character of the
> > process.
>
> At the end of 2008, the ARIN Board of Trustees adopted an updated
> Policy Development Process (PDP) which gave ARIN Advisory Council
> more freedom in handling policy proposals. The revision to the PDP
> was made after presentation of the proposed changes in the Denver
> Public Policy Meeting in April 2008, and then after a public call
> for comments. You can view the full explanation of the changes here:
> <http://lists.arin.net/pipermail/arin-announce/2008-April/000715.html>
>
> The revised PDP places policy proposals and draft policies under the
> purview of the AC as opposed to the proposal submitter, and made clear
> that the AC has the authority edit/merge/abandon policy proposals as
> needed to come up with draft policies which fair and technically sound.
> The result of the AC's work then goes to the PPML and the Public Policy
> Meeting for consideration by the community (full process is available
> here: <https://www.arin.net/policy/pdp.html>)
>
> This change was made to insure that draft policies are technically
> sound, not duplicative, and consistent with the policy framework.
> It is hoped that the AC output will be Draft Policies which are
> strong candidates for adoption and will gain community support as
> a result during the PPML and Public Policy Meeting discussion.
>
> It was recognized that this revision to the PDP places significant
> control in the hands of the ARIN AC, and hence the petition process
> was made prominent in the revised PDP to allow any AC action to be
> petitioned via only 10 members of the community.  This is a very
> low threshold intentionally, so that community could readily bring
> a matter to the PPML and next Public Policy Meeting.  It does not
> indicate that the AC failed in any manner, but only that an action
> taken by the AC may warrant further consideration.  As this is the
> first time we're exercising this process, we also taking notes as
> to the process itself in addition to the results.
>
> The Policy Development process is not static, and there's already
> some thought that we should look at another update based on the
> experiences and lessons learned with the new PDP to date.  If
> there are specific suggestions that people have which they have
> not already posted, you may send them to me directly at any time.
> Of course, there will also be a similar community presentation
> of any revised PDP and that will also offer another opportunity
> to provide feedback in a public manner.
>
> I post this message to PPML in order to make sure that everyone
> is aware of these changes, and encourage folks to continue with
> the important discussions of the policy proposals and drafts
> which are before us.
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> ARIN
>
>
>
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 2 Feb 2010 12:53:13 -0600
> From: Kevin Kargel <kkargel at polartel.com>
> To: 'William Herrin' <bill at herrin.us>, 'Chris Engel'
>        <cengel at sponsordirect.com>
> Cc: "'arin-ppml at arin.net'" <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Petition Underway - Policy Proposal 95
> Message-ID:
>        <8695009A81378E48879980039EEDAD28876D3FCC at MAIL1.polartel.local>
> Content-Type: text/plain; charset="us-ascii"
>
> > There are, of course, other values to an administrative contact. You
> > are, for example, not a common carrier. If your customer is hiding
> > behind your identity as an ISP, you could end up responsible for
> > accepting legal notice on his behalf. Is your legal department staffed
> > adequately to avoid missteps in that process that will get you sued by
> > the complainant, your customer or both?
> >
> > Regards,
> > Bill Herrin
>
>
> One current and active example of this is the flurry of Digital Millenium
> Copyright Act (DMCA) activity.  While there are protections for ISP's under
> Title II (OCILLA) of that act it *could* be interpreted by the provisions in
> this act that (as Bill inferred) if you are sequestering your customer then
> you are assuming the responsibility and/or liability under DMCA.  At the
> very least by that act you are assuming the responsibility to proxy
> actionable notices to your customer, and if you fail in that responsibility
> you may assume liabilities.
>
> This is for better legal minds than mine to determine, but it makes me
> wonder.
>
> IANAL  (I AM NOT A LAWYER)
>
>
>
>
> ------------------------------
>
> _______________________________________________
> ARIN-PPML mailing list
> ARIN-PPML at arin.net
> http://lists.arin.net/mailman/listinfo/arin-ppml
>
> End of ARIN-PPML Digest, Vol 56, Issue 10
> *****************************************
>



-- 
Rudi Daniel
e Business Consultant
http://www.svgpso.org
http://oecstimes.wordpress.com
“The whole problem with the world is that fools and fanatics are always so
certain of themselves, but wiser people so full of doubts.” - Bertrand
Russell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20100202/88d09d29/attachment.htm>

More information about the ARIN-PPML mailing list