[arin-ppml] New Version of ARIN-prop-126: Compliance Requirement

[John Curran]

On Feb 16, 2011, at 11:53 AM, Martin Hannigan wrote:

> It's expensive and complex to respond to section 12 audits. This
> increases that expense for member orgs.

This is definitely an accurate statement; we have heard from multiple 
organizations that responding to an audit can involve quite a significant 
amount of work.  It also requires a similar level on behalf of the ARIN 
staff to process the information received.

> It gives the Corporation too much leeway to do harm to its members,
> more than the substantial amount that we already allow through
> "discretion".  Discretion also results in unpredictability. Policy
> should be as predictable as possible.

Fully agreed as well.  To the extent that policy requires staff discretion, 
it creates significantly more exposure then those policy statements that do 
not require staff discretion.

> These audits take time and people. Some of these audits also "appear"
> to be being conducted with what might be questionable[1] "probable
> cause" as a result of tip-line like fraud reporting activity. A
> majority of the fraud reports seem to be false positives. Revocation
> is the ultimate hammer and ARIN already has that power.

The false positive rate is to be expected, as we tend to error on
the side of caution given the potential impact, and our standards
for clear violations is likely quite higher than many of those 
reporting issues.

I have no view on the policy proposal itself, but wanted to make 
sure that the PPML community was apprised of the validity and 
of the above statements.  

FYI,
/John

John Curran
President and CEO
ARIN