[arin-ppml] Use of the specified transfer policy (was: "Leasing" of space via non-connectivity providers)
On Feb 8, 2011, at 1:23 AM, Benson Schliesser wrote:
> My comment was targeted at your statement about ARIN "vetting" address rights (or whatever you want to call it) associated with a legacy block. You stated that there was value in such vetting, and I'm inclined to agree. But the degree of value could be wildly different depending on the vetting process, associated authority or insurance, etc.
Because parties do attempt to hijack address blocks (and have had
the ability to make changes to their record over time), ARIN needs
to be particularly careful when formalizing relations with a party
during the signing of the LRSA.
> Take this hypothetical case as example: ARIN receives a LRSA for a legacy block, vets the legacy address holder and accepts the LRSA, and then facilitates the transfer of addresses to a specified recipient. The recipient and their ISPs are then hit with a court order instructing them, in whatever manner, to stop routing the addresses because they belong to somebody else. This might have happened due to sloppy records, convoluted M&A and/or bankruptcy history, or whatever else you want to imagine including outright mistake or even fraud. Maybe ARIN was consulted by the court, or maybe ARIN wasn't consulted - after all, ARIN is just one of the many possible Whois database sources that exist, and claims only to be self-referentially authoritative.
Such cases due to occur, and ARIN has filed with courts in cases
of error with 100% success to date.
> In this situation, does the recipient have any recourse? Who pays their legal fees, and if they lose the address block who refunds their costs? They can sue the "seller", but I'd also expect them to also sue ARIN for incorrectly "vetting" the original legacy block holder.
Litigation is common in the United States, indeed.
> Now, this is completely hypothetical, but it's also plausible. I don't think ARIN should shy away from vetting and facilitating these transfers - that's not my point in the least. My point is that ARIN should establish the process in a legally defensible way, and back up the process with the sort of risk mitigation that businesses would expect. Otherwise, your previous comment about LRSA value for transfer transactions is moot.
> Absolutely. But it's a risk that hasn't been tested: whether ARIN has any authority to reclaim legacy address blocks (especially from entities that it has no contractual relationship with) and/or whether ARIN is liable for damages if such a reclamation results in a negative outcome for any parties involved or third parties, etc. Entering into an RSA and leveraging ARIN's services for transfer etc might remove the untested risk you've mentioned, but at the cost of the identifiable risks I described in my previous note.
ARIN routinely revokes address blocks, including legacy blocks, and ARIN's
ability to enforce community-developed policy in maintaining the database
has withstood challenges in both District and Bankruptcy courts.
Repeating from November email send to PPML:
> A summary is presented at each ARIN meeting during the Registration
> Services report: https://www.arin.net/participate/meetings/reports/ARIN_XXVI/PDF/Friday/nobile_rsd_update.pdf
> (slide 4) This is a total cumulative slide and reflects space in
> /16 equivalents; ... This has lines for returned, revoked (for
> non-payment), and reclaimed (generally due to fraud).
> What I think you're saying, in that last comment, is that demand will significantly outpace the supply - and that the demand/supply spread will result in very short durations of LRSA-to-transfer periods. I think I agree with you, at least for a period of time in the near future, and especially if legacy holders can identify recipients before entering into the LRSA. (Perhaps ARIN would permit an LRSA for only part of a de-aggregated legacy block?)
> But it doesn't mitigate the ongoing encumbrance to the recipient, relative to the original legacy allocation. Admittedly, I think we disagree on this point; see my comments above.
I believe we are actually in agreement regarding the "ongoing encumbrance"
to the recipient; it exists, and is materially no different than that of
any current resource holder under RSA. It is remarkably similar in all of
the regions, and represents the requirements of having a common registry