[ppml] Privacy Legislation and new proposals affecting residential privacy

Gregory Massel gregm at datapro.co.za
Tue Aug 24 19:08:27 EDT 2004 

Hello PPML

In discussions of the privacy of residential customer information, please
consider that the reach of this extends beyond ARIN itself.

Various countries have enacted, or are in the process of enacting, privacy
legislation.

Eg. In South Africa (which presently falls within the ARIN service region),
the chapter 2 of the constitution entrenches every person's rights to
privacy. To further entrench individual's privacy rights beyond this general
provision the Law Commission has been drafting privacy legislation that will
protect personal information. It is quite likely that in the future it will
be illegal for South African ISPs to publish residential customers' names
and address information in the whois database.

Although not strictly an issue for ARIN, it may be worth taking into
consideration legislative requirements outside of the ARIN region as these
demonstrate the result of extensive international consultation regarding
policies of this nature.

In particular, I draw your attention to the case of the EU region:
http://europa.eu.int/information_society/topics/ecomm/all_about/todays_framework/privacy_protection/index_en.htm

In particular, "Article 12 of the Privacy and Electronic Communications
Directive therefore grants subscribers of all forms of electronic
communication services (fixed or mobile telephony, e-mail) the right to
decide for themselves whether they want to be in a public directory."

The threats posed to individuals whose privacy is not entrenched are
extensive.

I have heard arguments that this could be used as a means of safeguarding
spammers and fraudsters, however, I urge you to consider the most basic
legal principle of "Innocent until proven guilty." It seems extremely
drastic to have to compromise the privacy of the innocent in order to make
the process of tracing the guilty simpler. It also seems drastic that even
the name and residential address of a spammer/fraudster be made public
before that person has been prosecuted lawfully and afforded the dignity of
defending the charges against him/her and a fair trial in which he/she is
judged and found guilty.

One might also want to consider the risks of backlash from organisations
such as the Electronic Frontier Foundation that  campaign for online privacy
should policies be amended to require the publishing of residential customer
information.

Regards
Gregory Massel

More information about the ARIN-PPML mailing list