[arin-ppml] POC privacy

Kevin Kargel kkargel at polartel.com
Fri Oct 26 12:28:32 EDT 2012 

The tech and abuse PoC's need to be public. They need to be real, accessible and responsive contacts.  If they are not publically accessible they are useless. If you make them private just eliminate them.  
 
I would go in the other direction completely and say that there needs to be a public reporting process where members of the public could easily report non-responsive Tech and Abuse contacts to ARIN and then ARIN could investicate and remove non-responsive contacts.  

Admin PoC's also need to be public to accept legal communications.  

If all contacts for a netblock are non-responsive then the netblock should be considered abandoned and reclaimed.

Think about it..  These are *CONTACTS* ..  What good is a contact if you can't "contact" it..  

Kevin Kargel
Polar Communications

 


________________________________

	From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of Patrick Klos
	Sent: Friday, October 26, 2012 10:30 AM
	To: ARIN-PPML at arin.net
	Cc: Klos Technologies Legal Folder
	Subject: Re: [arin-ppml] POC privacy
	
	
	Andrew Koch wrote: 

		Yesterday during the open mic at the policy meeting, Mike Joseph of
		Google had planted an idea of making Admin and Tech contacts private.
		
		Rather than being able to move all Admin and Tech contacts to being
		private, I would be in favor of requiring one public POC of each type
		be visible.  However,  additional POCs of those types could be marked
		private.
		
		This would provide for the ability to move all but a select
		representative or role account to receive communications into a
		private status.  These private POCs could continue to manage
		resources.  It also balances the concern that POCs may receive a large
		bit of unwanted communications and the need to contact them.
		
		As I think about this a bit further, creating a role POC and then
		being able to link multiple ARIN Online accounts to that role POC is
		already available.  This would meet the ability to manage resources,
		but not place personal details in the public database.  So, I think
		further information on the drivers of this are needed.
		
		In some after-meeting discussions, another thought that was brought
		forward was moving the ability to view certain POC data to a
		restricted system.  For example, in public whois, the resource would
		link to a POC name, but the details (name, phone, email) would be only
		accessible after logging into ARIN Online, or using REST with an API
		key.
		
		Regards,
		Andrew Koch
		  


	These ideas of hiding POCs are ridiculous!  What is the purpose of a "point of CONTACT" if you cannot use it to CONTACT someone?!?!
	
	I constantly use POCs to try to notify resource owners that their resources (usually a server on their network) have been compromised and are behaving badly (i.e. hosting phishing sites or viruses/trojans).  I don't get paid to do it - I do it because it needs to be done.  If more obstacles are put in my way (i.e. requiring me to use various web interfaces and log in to get the details I need), I will have less and less time to help out the community.
	
	What are people worried about that they feel their POC information should be "private"??  
	

	1.	A little spam?!?  I get so little spam on my POC email addresses, it's silly to worry about it!  
		
	2.	What else?  Privacy??  Businesses (legitimate ones, anyway) have no reason to hide themselves! 

	What good is a "private" POC?  Who would ever got to use it if it's private???
	
	Can someone come up with a single legitimate example of why they should have public Internet resources assigned to them, but their contact information should be hidden from the world??
	
	Sincerely,
	
	Patrick Klos
	Klos Technologies, Inc.

More information about the ARIN-PPML mailing list