[arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <CAP-guGXTb9jZDFZ1WU=Hbd2rDDvS86YwsjGaenx2Nshb_3mHgg at mail.gmail.com>
William Herrin <bill at herrin.us> wrote:

>Upon finding the complaint unsubstantiated, ARIN could even offer the
>registrant the opportunity to redact anything they considered a trade
>secret before publication...

I want to be real real clear about this.  It is absolutely *indisputable*
that ARIN actually (and legally) *cannot* divulge anything that even remotely
implicates any trade secret.  That is true, I think _regardless_ of whether
ARIN's investigation of any pattern of fishy facts causes them to reach a
determination that the relevant member is or isn't engaged in fraud, and
also regardless of any determination, by ARIN, that the member in question
is or isn't in violation of policy.

In short there are NO circumstances in which ARIN can, should, or may
divulge trade secret or confidential proprietary business information.

Indeed the mere mention, even just on this mailing list, of the notion of
ever, under any circumstances whatsoever, exposing any information that might
even conceivably be construed as a trade secret has likely already raised
both the hackles and the alarm bells within the ARIN legal department...
AS WELL IT SHOULD.  So let's just keep that entirely off the table shall we?
(It is anyway, legally speaking.)

I personally do not ask for and would not want to be given any kind of
legitimately "business confidential" information by ARIN, ever.  I should
clarify that I personally don't feel the need of any such anyway.

Let's take as an example this case, i.e. the case of SL-206.

Historical ARIN WhoWas records show clearly that this entity was granted ARIN
membership on or about 12-11-2012.  On or before that date, this member must
have submitted, to ARIN, some sorts of bona fides documents as part of its
membership application package.  It may perhaps have submitted to ARIN
other documents as well, including perhaps some to be used as justification
for either the IPv4 /19 block that it was later assigned, and/or some to be
used as justification for the ARIN-assigned ASN that it was later assigned.
But any such additional documents would have been separate from any basic
incorporation document(s) attesting to the mere fact that they were who
they said they were, i.e. legal representatives of a Nevis-incorporated
and Nevis-domiciled legal entity formally known as "1337 Services LLC".

It is not clear to me what specific documents ARIN may hold that were
submitted by the legal representatives of this entity and which ARIN
may have required at the time in order for this entity to be granted a
membership, in the first instance, and number resources, either subsequently
or concurrently.  In any case, in and among all of these documents we
(and ARIN) may reasonably hope that there was one which was (a) signed by
an actual legal representative of the company and that (b) asserted that
the company would be engaging in some type of commerce or presence within
the region, as called for by NRPM Section 9.

Whatever document made that assertion could rather easily be redacted, by
ARIN, of all other information and then presented publicly.  And indeed,
if I were to ever give an "I have a dream" speech, on the Capitol Mall
or elsewhere, I would express my dream that someday all five Regional
Internet Registries would cease racing to the bottom of the barrel
against all of the most disreputable and dodgy "offshore" secrecy
jurisdictions on the planet to see which one could be the absolute
worst in terms of basic and minimal transparency.

To put it more plainly, I see neither any justification, legal or otherwise,
nor even any persuasive reason why any of the five RIRs should not immediately
place on their respective web sites those documents, redacted as necessary,
which would show the names, signatures, and contact information of all
legal representatives of all members, as well as any additional basic
assertions they have made regarding their locations and domiciles, and
their bare intents, if any, to do business in this or that region.

None of this information may be reasonably construed to represent either
"trade secrets" or even "confidential business information", unless one
is in the business of tax avoidance, money laundering, sanctions busting,
or merely hiding your assets from your soon-to-be-ex spouse, and nobody
can credibly claim otherwise, not even any of those high-priced mouthpieces
that adorn such opaque havens, as Nevis & St. Kitts, the British Virgin
Islands (whose President was just busted in the U.S. on drug charges),
the Cayman islands, The Isle of Man, Guernsey, Belize, U.A.E., the
Seychelles Islands and the Marshall Islands.

It does not give up any real commercial advantage to have it be known who
is behind a given company.  This kind of information is clearly not even
in the same ballpark as information saying that company X has plans to
rent such as such number of racks of servers in such and such data center.
All five Regional Internet Registries are however, as of now, continuing
(for their own obscure reasons) to perpetrate this myth that _all_
information that is ever given to them by member organizations falls under
the heading of "business confidential".  This just isn't true and they
know it.  Yet they all continue to pretend that they are all incapable
of making the kind of simple discriminations that any five year old
makes when he picks the undesirable broccoli out of his salad.

In Europe, all EU and NATO countries are now acutely aware that business
as usual and accepting dirty money from Russian oligarchs is no longer
a respectable enterprise.  Even well before the outbreak of the Ukraine
war, the EU had already promulgated a series of anti-money-laundering
regulations which they mandated all indivdual EU contries to adapt local
national laws to.  The most recent of these regimes is know as 5AML --
the Fifth Anti-Money Laundering Directive.  Among many other things this
directs all EU conutries to "open the books" as it were and to create
publicly accessible national registries wherein any citizen of earth
will be able to look up the actual beneficial owners of any corporate
entity within any EU country.  This EU directive is still quite some ways
off from full implementation throughout all EU countries, but at least we
must give the Europeans credit for trying.

Quite the opposite may be said of all five of the Regional Internet
Registries.  They all continue to jelously and greedily cling to every
last scrap of information about their respective members as if even just
the names of the people responsible for these member organizations were
the last life preserver on the Titanic.  All five remain as opaque as
the proverbial black cat in a dark room.  You would have more luck
getting blood from a stone than you would if you ever tried to get any
of the RIRs to divulge even just the names of whoever had signed the
original membership application papers for *any* member, corporate or
otherwise.  Indeed, I have even heard it said that some of the RIRs,
at least, have actively fought against even lawful subpoenas handed to
them by legitimate law enforcement agencies, requesting the identities
of the people behind certain member entities.

In short, every last one of the RIRs has elected to to be as opaque,
if not even more opaque, than the worst of the worst notorious corporate
secrecy jurisdictions that I have listed above.  Their decisions to pursue
this course were utterly indefensible even before the outbreak of hostilities
in Ukraine, and they are even less so now.  How many Russian oligarchs have
laundered their fortunes into large eyeball or transit providers in the
U.S. and/or elsewhere?  Good luck finding out because you can't.

The bottom line is that it should not take either an act of congress or
even a subpoena to find out just the names and the contact info for the
people who have submitted membership applications to any RIR, including
ARIN.  But it does.

None of this may seem at all related to the specific case of SL-206 and
the apparent error which allowed its membership to be approved and to
continue in force for ten years.  And arguably it isn't.  But in point
of fact, it is.  If anybody reading these words doesn't understand why
it is, raise your hand and I will be only too happy to explain it in
detail.

For now, and in closing, I will just say that I am sick and, quite frankly,
effing tired of all of these ridiculous "hide the ball" games.  There is
no reason for any of it.  There is nothing in either law or contracts
that obliges any RIR to keep secret even the names and contact information
of the individuals who complete membership applications.  When RIRs do
keep that information secret, it is by choice and not by legal obligation.
It is past time for the RIRs to join with Europe and the rest of the civilized
world and to cease pandering to the criminal element by unnecessarily helping
them to hide their faces from the disinfecting sunshine that is the light
of day.  If they don't, then honest men and women the world over should
rightly judge them to be every bit as notorious, disreputable, and cuplable
as the Cayman Islands were in decades past.  (More recently, Cayman Islands
has cleaned up its act considerably, or so I have read.)

It is said that Caesar's wife must be above reproach.  The five RIRs are
failing this test miserably on the basis of their abject opacity, and I
am quite sure that they all will come to regret it... even the ones that
haven't already.


Regards,
rfg