[ppml] Privacy Legislation and new proposals affecting residential privacy

Wed Aug 25 05:43:37 EDT 2004

Let's not forget that there have been other proposals regarding privacy of 
the whois directory entries. In particular, I presented this proposal 
http://www.arin.net/policy/2004_4.html last year but it was rejected by a 
very small subset of ARIN members who were at the poorly attended meeting 
in Vancouver. This upcoming meeting at Reston should have a much larger 
subset of ARIN members present and if people feel that some of the ideas 
in my previous proposal should be incorporated into ARIN policy, then you 
should say so on this list. The ARIN Advisory Council can and will modify 
the current proposals before submitting them to a members vote. However 
they don't do this based on their own whims, rather they pay attention to 
the comments expressed on this mailing list.

In particular, there have been comments that the current privacy proposal 
will make life difficult for researchers. If you read the full text of my 
previous proposal you will see that I attempted to provide for reasonable 
research activities without compromising the right on individuals to 
privacy.

This is an important issue because today, there are no clear rules about 
what must be in a whois directory. Many of us do business in multiple 
legal jurisdictions and the temptation is there to simply stop publishing 
all whois data entirely because it may violate the law in one or more of 
the countries in which we operate. ARIN would have no recourse in this 
instance because ARIN has no policies that justify the whois directory. In 
fact, the activities of SPAM chasers such as William Leibzon could easily 
be used in court to set a precedent banning whois entirely. I'm not 
attacking William here or saying anything about the legitimacy of his 
activities, just that he does mine the whois directory and he works 
aggressively to get whois entries corrected according to his understanding 
of the scope and purpose of the whois directory.

I don't agree with all of William's views as to the purpose and scope of 
the whois directory and I don't think that the overall ISP community 
agrees with this view either. And I would urge each and every one of you 
to review this issue internally with your legal and regulatory people and 
not just make your decisions based on personal prejudices. We clearly have 
to change the nature of whois but we do have some leeway in how we do 
this.

I do agree with William that any data published in the whois directory 
should be accurate, that there should be a mechanism to test and report on 
the accuracy of the information, and that the directory should point to 
contact people within an ISP who is responsible for dealing with network 
problems including network abuse. The current proposal, unfortunately, 
doesn't address any of these issues and merely makes it entirely optional 
for an ISP to publish whois information at all.

If the current proposal passes, my organization will shut down our rwhois 
server. It's an ancient piece of software that is a royal pain to deal 
with and we'll be happy to see the end of it. We will cease to publish any 
whois data at all beyond the top level records showing the allocations 
received by ARIN. We will provide ARIN with a complete database of all our 
internal whois data (no /29 boundary) on demand any time they ask, 
possibly by providing a .CSV file on a password protected secure http 
server so they can pick up the latest daily dump whenever they want it.

How many of you will do the same?

-------------------------------------------------------
Michael Dillon
Capacity Management, 66 Prescot St., London, E1 8HG, UK
Mobile: +44 7900 823 672    Internet: michael.dillon at radianz.com
Phone: +44 20 7650 9493    Fax: +44 20 7650 9030

http://www.radianz.com
Voted "Best Network Provider 2004" Waters Magazine