[ppml] Policy Proposal 2005-2: Directory Services Overhaul

[Michael.Dillon at radianz.com]

> There are literally several hundred federal laws that deal with
> privacy in various circumstances, and if you throw in the state,
> province, and city laws you could realistically be looking at over
> 10,000 or even over 100,000 laws affecting privacy inside the ARIN
> region.  What's more, many of them are conditional on various other
> criteria.  Examples include Canada, where you can't publish information
> without consent of the party who's information is being published,
> or the Children's Online Protection Act, which prevents you from
> publishing information on people under the age of 13, or under 18
> without parents consent.  Is it reasonable for ARIN to require an
> ISP to obtain consent in these cases?  Is it reasonable to deny
> someone under the age of 13 IP addresses because they cannot have
> their information published?

You've just made a good case for ARIN to stop publishing
any data that is not directly relevant to Internet operations.
Bye, bye whois!

In fact, it would be a darn good idea to get into compliance
with Canadian law and only publish whois data about organizations
who explicitly consent to have that data published. Since ARIN
allocations require siging an agreement with ARIN, this can be
bundled into that agreement.

That gives us the top level of the chain of authority for IP
address blocks. If any of those companies think that they should
not be 100% responsible for their customers' use of the blocks, 
then it should be up to them to get the customer's permission
to publish data. And in the process, they will be able to make
sure that they have the CORRECT contact information.

Hallelujah!

--Michael Dillon