[ppml] Policy Proposal 2003-3: Residential Customer Privacy

Ian Baker ibaker at codecutters.org
Sat Jul 26 04:11:46 EDT 2003 

----- Original Message ----- 
From: "Owen DeLong" <owen at delong.com>
To: <sigma at smx.pair.com>; <ppml at arin.net>
Sent: Friday, July 25, 2003 7:28 PM
Subject: Re: [ppml] Policy Proposal 2003-3: Residential Customer Privacy


> As someone who has IP allocations in my house, I must say I can see both
> sides to this issue.  However, we aren't necessarily talking about ORGS
> in this case.  It is not unusual today for end-user consumers to have
> multiple computers and receive a /28 or /29 from their provider for those
> computers to share an internet link.  We're talking about a family
> with two working parents and a couple of high-school to college age kids
> all of whom have their own systems, for example.  With the inexpensive
> availablity of DSL and 802.11, this is becoming less common.  This is a
> good thing.  However, I can see the desire of the average household to
> not publish their home address, names, and phone numbers in whois.  I have
> chosen to publish mine, but I can understand many people choosing not to.
>
> In this case, their provider should still have to account for the space
> to ARIN, but, it is not unreasonable, if the provider chooses to, for the
> provider to take responsibility for handling abuse complaints and contact
> about problems with the network.  If the provider can't contact the
customer
> and get the issue resolved, they should turn off their access until it is.

An excellent point.

As a few people have already stated, users of (e.g.) DSL/Cable Modem
connections must abide by their provider's AUP. It is pointless to contact
the residential customer directly, and would, in any event, have a lot less
impact than contacting the organization with the facility to cut-off their
'net access. I would be happy to give a couple of genuine examples where
this has done more good than simply e-mailing a private individual.

On the privacy side, those people that (e.g.) post photographs of cars would
appreciate not advertising their full home address to people that could then
fake registration documents (just as one specific instance of fraud). There
are also other legal implications, assuming that anyone else on the list
have dealt with (e.g.) German companies or individuals that might get
themselves registered on ARIN-allocated blocks.

I'm [personally] happy to remain contactable (nothing to hide re: spam
etc.), but it can be quite easy in these discussions to get too heavily
focussed on a couple of specific technical points.

It might be a nice idea to add a genuine AUP contact (i.e. that of your ISP,
updated whenever one changes provider), but I can't see that happening in
The Real World - spammers will simply omit the information or lie, while
others would very often forget to update the information; it is also likely
that a takeover of one ISP by another would also omit this update step..

All lead to a dilution of the data quality, probably to the extent where
it's pointless to even attempt to store the information.

If one is designing something to automatically assign AUP information, then
simply place it into a database and, on a new occurrence, perform a simple
text search on the "fresh" WHOIS data. AFAIK ARIN is a registrar, not an
anti-spam organization!

Regards,

Ian

More information about the ARIN-PPML mailing list