[ppml] Policy Proposal 2005-2: Directory Services Overhaul

Leo Bicknell bicknell at ufp.org
Fri Apr 15 14:57:04 EDT 2005

In a message written on Fri, Apr 15, 2005 at 09:53:41AM -0700, Azinger, Marla wrote:
> 1.  I feel it would be best for us to get a definative answer on
> Privacy Laws and what should and should not be made public accesible
> information.  Along with a definition of what "public Accessible"
> really entails.

I've talked to ARIN Council and to a number of other people about
"privacy laws" and the answer is that the problem is almost

There are literally several hundred federal laws that deal with
privacy in various circumstances, and if you throw in the state,
province, and city laws you could realistically be looking at over
10,000 or even over 100,000 laws affecting privacy inside the ARIN
region.  What's more, many of them are conditional on various other
criteria.  Examples include Canada, where you can't publish information
without consent of the party who's information is being published,
or the Children's Online Protection Act, which prevents you from
publishing information on people under the age of 13, or under 18
without parents consent.  Is it reasonable for ARIN to require an
ISP to obtain consent in these cases?  Is it reasonable to deny
someone under the age of 13 IP addresses because they cannot have
their information published?

I started off investigating the legal aspects of this policy and
quickly backed away.  To say the legal side of things is a can of
worms grossly understates the problem.  Add to this that this is
an area of law that's rapidly changing.  Look at the recent identity
thefts that have made the news.  There are now over 100 bills pending
in congress that all have provisions dealing with keeping "private
information" "private".

Since many of you work for companies with legal teams, what I would
do is urge you to ask your own lawyers.  Tell them ARIN currently
requires you to publish your client's name, address, and e-mail
address under certain circumstances, and you want to know if it is
legal for your company to do so in your jurisdiction.  I believe
that the conversation that you have will be very interesting.

       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20050415/038f22de/attachment-0001.sig>

More information about the ARIN-PPML mailing list