[ppml] Policy Proposal 2004-7: Residential Customer Privacy P olicy

william(at)elan.net william at elan.net
Wed Oct 20 07:51:38 EDT 2004

On Wed, 20 Oct 2004 Michael.Dillon at radianz.com wrote:

> > In my opinion, most important is to let users know that no business
> > activities is a requirement if they want their address/name hidden 
> > from public records, i.e. ISP would not just automaticly "hide" 
> > customer info just because its residential dsl order (as SBC seems to 
> > have been doing lately) but would  have special form which prints out 
> > requirements and customer has to sign and  return to have his data hidden.
> This kind of detailled suggestion sounds like it has
> been crafted with the laws of the United States of America
> in mind. 

First of all it was an example and second I don't see anything so specific 
to US laws in that anyway.

> I'd like to remind y'all that ARIN covers more
> than a single legislative jurisdiction and therefore 
> ARIN's policies must be compatible with the privacy
> laws and customs of more than one country.

Nobody is saying ARIN policies should override laws of any country. 
But ARIN does stand for North American IP registry and two largest
countries in its region are US and Canada (together covering over 99%
of ARIN's ip allocations), so its fair for ARIN policies to be based on 
privacy laws of these two countries.

> In addition, the things that you know about privacy
> and public records in the USA may no longer be
> true. The new regime imposed after 9/11 has changed
> a lot of things and the change is continuing. It
> would be a good idea for ARIN to think carefully
> about how the whois database facilitates terrorist
> attacks, or thwarts terrorist attacks.

I'm really hoping the kind of paranoid actions I see from US governmemt
lately are temporary thing, I hate to see this country turned into a 
police state. But as far as recent changes in privacy and public records,. 
if anything government seem to want to have access to anything and does
not care about personal privacy, but for other privacy issues not much
changed and as far as ARIN, we're talking about privacy for commercial
companies and US (and Canadian) laws regularly favor requrying commercial
companies to provide access to all public records (through corporate 
records and various permits) for any public resource the company uses.

> Personally, I'm concerned that a whois service originally designed
> for the purposes of public oversight of government funds has been 
> morphed into a sort of "big brother" style regime where people
> are not allowed to have personal secrets. 

People are allowed to have personal secrets just fine with current
arin whois policies, its privacy policies for companies that use
ip blocks that would be changed by 2004-7 and I do not believe 
that single hierchy with only ISP listings will let serve public
(or other ISPs for that matter) any good.

As far as personal info, I'm not particularly against removing all
those records for ip blocks used by individual users (i.e. residential
customer blocks and small business), I don't however want to have the
kind of policies in regards to that that are regularly abused to hide
bad activities. I do want to see full whois records for the kind of blocks 
that can potentially be used independently from isp and advertised in bgp 
(i.e. blocks > /24). That is why I'm in favor of decreasing minimum 
requirement for reporting ip assignments and allocations from /28 to /25 
or /24. That will solve privacy issues for over 99% of those who are 
worried about it and at the same time keep the whois data usefull for
majority of cases when its needed.

William Leibzon
Elan Networks
william at elan.net

More information about the ARIN-PPML mailing list