ARIN-PPML Message

[arin-ppml] Policy Question(s)

On Oct 6, 2010, at 6:46 AM, Ronald F. Guilmette wrote:
> 
> I guess you mean of NRPM section 8, but I don't think I saw anything really
> concrete in there that was an actual prohibition.  (Can you quote me the
> actual prohibition language out of the NRPM?)

Ron - Regarding violations in transfer of address space, if indeed you are
suggesting transfers independent of merger/acquisition (section 8.2) and 
independent of documented need (section 8.3) then that would be a violation
of number resource policy.  These are the only two transfer policies that 
have been adopted at this time.

>> IMHO you would be a fool to attempt to invest or setup an "IP investment
>> bank"
> 
> Well, that's what seemed to me might be a profitable thing to do, and I
> am not at all persuaded that ARIN could really stop me (or anyone) if
> somebody did that, and if they were dealing only in legacy blocks.

ARIN will maintain the Whois database according to the policies adopted by 
the community.  I'd suggest considering that when planning any endeavor,
and working with community using the policy development process to change 
the existing policy if it does not meet your needs today.  You are the
best judge of whether today's policies are suitable to your specific 
proposed business model.

> So much for ``open'' Internet governance.

The database entries are publicly visible, but the supporting material
for individual changes is not (as it often contains business sensitive
material.)  This too may be changed, as simpler policies don't require 
such material and/or it is quite possible for the community to decide 
that the requests and supporting documentation be public.  That's not
the current situation, and you'd need to work with others and make use
of the policy development process if you wish to make it so.

> I'm wondering if it occured to anybody, during the making of that decision,
> that what such a decision inevitably yields is an impenetrable Star Chamber,
> making un-reviewable decisions, in secret, that nobody ever even finds out
> about, let alone being able to question or understand.

To the contrary, all of the results are publicly visible, and we will review
any of resource action if someone believes that it is incorrect.

> Well, that's your view, based on what you know... But how do you know?
> I mean how does anybody know?  As you've noted, all these decisions
> about what may or may not get transfered, and to whom, are being made at
> this point, and have been made, since ARIN took over, with the same level
> of secrecy as the election of the next pope, i.e. total.  Right?  

Incorrect - all resources are publicly shown.  There's even an RSS feed 
of all the blocks issued or returned to ARIN daily if you want to watch 
transactions at that level of detail.

> Because
> everybody (or at any rate, a majority) wanted it that way.  OK fine. I
> get that part.  But now, here we are, and you actually can't tell me
> for certain, one way or the other, whether or not there's some Internet
> version of Gordon Gecko out there already, buying up IP real estate,
> quietly and secretly, and getting all those blocks quietly transfered
> to himself... or rather to his various paper subsidiaries... , again,
> very quietly.

If that's occurring, then hypothetical Mr. Gecko and his paper 
subsidiaries are supplying a significant amount of self-consistent 
information to qualify for address space per community policy.
Hopefully, they'd eventually stumble in their application process
or would raise suspicion in the community due to the publicly 
visible results and would be reported as an potential case of
fraudulent number resource assignments.  

> What I _can_ tell you is that I've made a special study of so-called
> snowshoe spammers.  These people consume (and lay waste to) IP space
> just like the proverbial stuff-through-a-goose.  And when I find...
> within the IPv4 space... another one of these operations... of which
> there are hundreds, as we speak, sometimes it is obvious where they
> are getting their IP space, i.e. from crooked ISPs that are lying to
> ARIN about their sub-allocations and their effective utilization rates.

> But at other times, it is not at all obvious how one of these criminals
> managed to glom onto a big fat hunk of IP space in a time of alleged shortage.

As reported earlier, we *do* take active measures to verify company
names, incorporation details, customers; but it is not always going
to be sufficient.  If you'd like to propose a different process for 
how we vet these applications based on your wisdom in this space,
feel free to do so.  If it has the support of the community, I will
make it happen at ARIN in record time.

> Such cases perplex me.  And I would argue that secrecy in these cases
> not only doesn't provide an answer to me personally, more importantly,
> in my opinion, it is counter to the best interests of the community.
> It's like saying that child molesters have a right-of-privacy, and so
> we ain't gonna tell you when one moves in two doors down from you.
> That used to be acceptable, but in a lot of places, it isn't anymore.

Ron - Propose a policy change to address this as you feel most appropriate.

Thanks!
/John

John Curran
President and CEO
ARIN