ARIN-PPML Message

[arin-ppml] Draft Policy 2010-11: Required Resource Reviews

We have an update for the following:
> B. ARIN General Counsel
>
> Pending

Counsel found no significant legal issues with this draft policy.

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)



> -----Original Message-----

> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On

> Behalf Of Member Services

> Sent: Tuesday, July 20, 2010 2:12 PM

> To: arin-ppml at arin.net

> Subject: [arin-ppml] Draft Policy 2010-11: Required Resource Reviews

>

> Draft Policy 2010-11

> Required Resource Reviews

>

> On 15 July 2010 the ARIN Advisory Council (AC) selected "Required

> Resource Reviews" as a draft policy for adoption discussion on the PPML

> and at the Public Policy Meeting in Atlanta in October.

>

> The draft was developed by the AC from policy proposal "117. Required

> Resource Reviews". Per the Policy Development Process the AC submitted

> text to ARIN for a staff and legal assessment prior to its selection as

> a draft policy. Below the draft policy is the ARIN staff and legal

> assessment, followed by the text that was submitted by the AC.

>

> Draft Policy 2010-11 is below and can be found at:

> https://www.arin.net/policy/proposals/2010_11.html

>

> You are encouraged to discuss Draft Policy 2010-11 on the PPML prior to

> the October Public Policy Meeting. Both the discussion on the list and

> at the meeting will be used by the ARIN Advisory Council to determine

> the community consensus for adopting this as policy.

>

> The ARIN Policy Development Process can be found at:

> https://www.arin.net/policy/pdp.html

>

> Draft Policies and Proposals under discussion can be found at:

> https://www.arin.net/policy/proposals/index.html

>

> Regards,

>

> Member Services

> American Registry for Internet Numbers (ARIN)

>

>

> ## * ##

>

>

> Draft Policy 2010-11

> Required Resource Reviews

>

> Version/Date: 20 July 2010

>

> Policy statement:

>

> Replace the text "under sections 4-6" in section 12, paragraph 7 with

> "under paragraphs 12.4 through 12.6"

>

> Add to section 12 the following text:

>

> 10. Except as provided below, resource reviews are conducted at the

> discretion of the ARIN staff. In any of the circumstances mentioned

> below, a resource review must be initiated by ARIN staff:

>

> a. Report or discovery of an acquisition, merger, transfer, trade or

> sale in which the infrastructure and customer base of a network move

> from one organization to another organization, but, the applicable IP

> resources are not transferred. In this case, the organization retaining

> the IP resources must be reviewed. The organization receiving the

> customers may also be reviewed at the discretion of the ARIN staff.

>

> b. Upon receipt by ARIN of one or more credible reports of fraud or

> abuse of an IP address block. Abuse shall be defined as use of the

> block

> in violation of the RSA or other ARIN policies and shall not extend to

> include general reports of host conduct which are not within ARIN's

> scope.

>

> c. In the case where an organization wishes to act as recipient of

> resources pursuant to a transfer under section 8.3, unless otherwise

> prohibited by paragraph 12.2(c).

>

> d. An organization which submits a request for additional resources

> when

> more than 25% of their existing resources are obscured in SWIP or

> RWHOIS

> pursuant to section 4.2.3.7.6 (residential customer privacy).

>

> e. Other than as specified in 12.10(c), paragraph 12.2(c) does not

> exempt organizations from the reviews required under section 12.10.

>

> Rationale:

>

> The first change is a minor correction which improves clarity and

> consistency of the original policy without changing the meaning.

>

> The addition of 12.10 (a) through (e) serves to create a set of

> circumstances under which a resource review is required, rather than

> optional and entirely at ARIN staff discretion.

>

> The majority of early comments on this proposal focused on 12.10 (e).

> Mostly it was confusion about the exact ramifications. This section

> will

> cause ARIN to maintain greater scrutiny only in cases where a given ISP

> issues more than 25% of their total space to residential customers who

> wish to remain anonymous and receive network blocks of /29 or larger.

> To

> the best of my knowledge, there are not currently any ISPs which meet

> this criteria. Additionally, it would only apply that scrutiny to IPv4,

> and will not carry forward into IPv6 residential assignments.

>

> This policy should improve the compliance verification of ARIN policies

> and may result in the improved reclamation of under-utilized IP address

> space. It should also serve as a deterrent to certain address hoarding

> tactics which have come to light in recent history.

>

> Timetable for implementation: Immediately upon ratification by the

> Board

>

>

> #####

>

>

> STAFF ASSESSMENT

>

> Proposal: (117) Required Resource Reviews

> Proposal Version (Date): 07 July 2010

> Date of Assessment: 14 July 2010

>

> 1. Proposal Summary (Staff Understanding)

>

> This draft policy establishes new criteria to enact NRPM 12 resource

> reviews. It requires ARIN staff to initiate resource reviews when M&A

> activity occurs but IP addresses are not transferred to the acquirer;

> when fraud or abuse is reported to ARIN, either about a specific IP

> address range or about an OrgID; when any NRPM 8.3 transfer occurs; or

> when staff are reviewing an additional IP address request and find that

> more than a quarter of an OrgID's downstream SWIPs are covered under

> the

> Residential Customer Privacy policy.

>

> 2. Comments

>

> A. ARIN Staff Comments

>

> • This proposal could cause ARIN staff to conduct resource reviews on

> a

> more frequent basis. Any prescription for prioritizing such reviews

> could delay other important registration activities from being

> processed

> in a timely manner.

>

> B. ARIN General Counsel

>

> Pending

>

>

> 3. Resource Impact

>

> This policy would have moderate resource impact. It is estimated that

> implementation would occur within 6 months after ratification by the

> ARIN Board of Trustees. The following would be needed in order to

> implement:

>

> • Resource reviews, audits, and fraud research require many man-hours.

> These new requirements to conduct audits on a much more regular basis

> could necessitate hiring and training additional registration staff.

> • Changes to current business practices

> • Staff training

> • Updated guidelines

>

>

> 4. Proposal Text

>

> Policy statement:

>

> Replace the text "under sections 4-6" in section 12, paragraph 7 with

> "under paragraphs 12.4 through 12.6"

> Add to section 12 the following text:

>

> 10. Except as provided below, resource reviews are conducted at the

> discretion of the ARIN staff. In any of the circumstances mentioned

> below, a resource review must be initiated by ARIN staff:

> a. Report or discovery of an acquisition, merger, transfer, trade or

> sale in which the infrastructure and customer base of a network move

> from one organization to another organization, but, the applicable IP

> resources are not transferred. In this case, the organization retaining

> the IP resources must be reviewed. The organization receiving the

> customers may also be reviewed at the discretion of the ARIN staff.

> b. Upon receipt by ARIN of one or more credible reports of fraud or

> abuse of an IP address block. Abuse shall be defined as use of the

> block

> in violation of the RSA or other ARIN policies and shall not extend to

> include general reports of host conduct which are not within ARIN's

> scope.

> c. In the case where an organization wishes to act as recipient of

> resources pursuant to a transfer under section 8.3, unless otherwise

> prohibited by paragraph 12.2(c).

> d. An organization which submits a request for additional resources

> when more than 25% of their existing resources are obscured in SWIP or

> RWHOIS pursuant to section 4.2.3.7.6 (residential customer privacy).

> e. Other than as specified in 12.10(c), paragraph 12.2(c) does not

> exempt organizations from the reviews required under section 12.10.

>

> Rationale:

>

> The first change is a minor correction which improves clarity and

> consistency of the original policy without changing the meaning.

> The addition of 12.10 (a) through (e) serves to create a set of

> circumstances under which a resource review is required, rather than

> optional and entirely at ARIN staff discretion.

>

> The majority of early comments on this proposal focused on 12.10 (e).

> Mostly it was confusion about the exact ramifications. This section

> will

> cause ARIN to maintain greater scrutiny only in cases where a given ISP

> issues more than 25% of their total space to residential customers who

> wish to remain anonymous and receive network blocks of /29 or larger.

> To

> the best of my knowledge, there are not currently any ISPs which meet

> this criteria. Additionally, it would only apply that scrutiny to IPv4,

> and will not carry forward into IPv6 residential assignments.

>

> This policy should improve the compliance verification of ARIN policies

> and may result in the improved reclamation of under-utilized IP address

> space. It should also serve as a deterrent to certain address hoarding

> tactics which have come to light in recent history.

>

>

>

>

>

>

> _______________________________________________

> PPML

> You are receiving this message because you are subscribed to

> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).

> Unsubscribe or manage your mailing list subscription at:

> http://lists.arin.net/mailman/listinfo/arin-ppml

> Please contact info at arin.net if you experience any issues.