[arin-ppml] Audits

[John Curran]

On Nov 4, 2010, at 5:49 AM, Ronald F. Guilmette wrote:
> In message <9E11B785-FFA2-4C62-824B-23B5F6071673 at arin.net>, John Curran <jcurran at arin.net> wrote:
> 
>> On Nov 4, 2010, at 3:49 AM, Ronald F. Guilmette wrote:
>>> I have been waiting weeks now for John Curran to answer my simple question:
>>> i.e. What does, and what does not constitute "utilization fraud", and
>>> although I see that he's found time to participate here, he apparently
>>> hasn't found time to answer that question, the answer to which would help
>>> me to spot even MORE utilization fraud than I am already aware of.
>> 
>> Good morning Ron -
>> 
>> 
> {... big buch of non-responsive platitudes snipped... }

Actually, I was providing clarity regarding the state of the registry information on legacy resources and what constitutes number resource fraud.  I thought that was what you were asking about, but easily could have been wrong.

> I am _still_ waiting for John Curran to answer the simple question.
> 
> Look John, this is very simple.... I have read comments about various
> entities undergoing a "utilization audit".
> 
> Do such things exist?  Does ARIN perform any such?
> 
> (Those are both simple yes/no questions, by the way.)

Yes, they do exist.  Yes, we perform such.

They are routinely performed during the application for new or additional resources.  They are sometimes performed as a result of NRPM section 12.  They are *now* sometimes performed as a result of NRPM section 8.2 during M&A transfers.

> If such things DO NOT exist and/or if ARIN DOES NOT perform any such, then
> why have I read several people commenting about such audits and/or fretting
> aloud that they may have to undergo one?
> 
> Conversely, if such things DO exist and if ARIN DOES perform any such,
> then please do stop beating about the bush and just describe how that is
> done.

We request many different types of information to confirm the veracity of statements made by resource holders. The information asked varies depending on the specific assertions.

> I'm not asking either you or ``the community'' to invent anything new or
> to consider anything new or to ratify anything new.  My question is about
> current existing practice at ARIN.
> 
> If ARIN, at present, DOES NOT do any utilization audits or reviews, then
> please have the coutesy to just say that.
> 
> Conversely, if ARIN, at present, DOES perform utilization audits or reviews,
> then please just describe, briefly, how an organization either passes or fails
> such a thing.

Example: if an applicant says "we have X CPE devices/routers/widgets, and hence need Y additional number resources", we will ask for various hard-to-replicate materials that might back of those assertions regarding the X devices that they assert they have.  This could be copies of configurations, output of various commands, various business documentation, etc. 

> But whatever you do, please have the courtesy not to treat me to another
> long winded digression on how ``the community'' must evolve approaches to
> this, that, or the other.

Ron - I believe I've extended you every courtesy, even in absence of same.

The "long winded digression" was my attempt to answer your question of what constitutes number resource fraud.  This includes making false statements during a request to ARIN regarding resource utilization.  I was not aware that you were seeking details regarding audits, but hopefully this email will address that.

>  I haven't asked about the future.  I want to
> know what you are doing right now, today, in the way of reviewing utilization
> of existing allocations.  (And if the answer is "nothing", then don't be
> bashful... just say "nothing".  Nobody will begrudge you for the truth.)

Reviewing utilization of existing resources doesn't generally occur unless you're apply for additional resources, and hence may not be relevant to the vast majority of legacy resource holders.

/John

John Curran
President and CEO
ARIN