[ppml] MOVED RE: [arin-discuss] Privacy of Reassignment Information

Divins, David dsd at servervault.com
Mon Apr 10 16:59:16 EDT 2006


I never said there is a law preventing companies from publishing this
data.  However, the USA does have very strict privacy laws regarding to
HIPPA healthcare information.  If HIPPA healthcare clearing system gets
SWIPed it may provide a vector.
 
I am here in Montreal at ARINXVII and I have talked to every ISP I can
think of.  Every one has either directly placed bad info in whois or
have nudge, nudge, wink wink told customers directly how to do it.
 
How accurate and useful is this?
 
If you have no requirement for privacy on reassignments, do not use
them. However there are some reasons that customers need it.
 
-dsd

David Divins
Principal Engineer
ServerVault Corp.
(703) 652-5955


  _____  

From: Internet Partners, Inc. Tech Support [mailto:support at ipinc.net] 
Sent: Monday, April 10, 2006 4:39 PM
To: Divins, David; Owen DeLong; ARIN-discuss at arin.net
Subject: RE: [arin-discuss] Privacy of Reassignment Information


 
Please cite the privacy law you are referring to that prohibits a
company from placing it's name, phone number
and role contact information on an IP assignment.  I am unaware of any
such law.
 
Just because there's ISP's out there who feel that they can ignore the
rules and fill in bogus contact
information does not mean we should rewrite the system to cater to these
people
 
There are always people who regard public trusts as their own personal
property, to abuse as they see
fit, and to ignore the rules the rest of us have setup, because they
feel that somehow they are "special"
that because of who they are and what they do that the rules need to be
adjusted to suit their own
personal agenda.  This is called regarding yourself as above the law.
 
If we trade in the mandate for ISP's to place valid, public data for
reassignment information into the
database, in exchange for some sort of "NDA trade out" as you are
advocating, then we may make
a small minority happy and make a problem go away, for the time being.
 
Then when the next small minority has a beef with the system we are
going to adjust the system
to suit them - because after all we did it for the private numbers
people.  And so on and so on.
 
Eventually the Internet becomes nothing more than what happened in
Europe in the Middle Ages
with everyone with their own little fiefdom and their own little laws.
 
If an ISP or a company does not like the requirement to disclose who
they are, they can simply not
connect to the Internet.  Nobody is holding a gun to anyone's head and
telling them they must be
connected to the Internet or else.  If they absoluely have to have
e-mail, why last I checked UUCP
worked just fine and did not require a public IP address.
 
Ted Mittelstaedt
NOC Manager
Internet Partners, Inc.

-----Original Message-----
From: arin-discuss-bounces at arin.net
[mailto:arin-discuss-bounces at arin.net]On Behalf Of Divins, David
Sent: Friday, April 07, 2006 10:26 PM
To: Owen DeLong; ARIN-discuss at arin.net
Subject: Re: [arin-discuss] Privacy of Reassignment Information



All IP Allocations are done based upon trust.  If an ISP just wanted to
obscure a reassignment they could simply make up a customer.

Allowing ISP's to enter into NDA type status for reassignments and
representing these reassignments as private in public servers should
provide the registrar with more accurate information-- as that is the
basis for the reassignment policy.  Additionally, this provides much
needed privacy for companies that must adhere to ever more restrictive
privacy laws.  This allows a valid mechanism.

Why is a corporate entities right to privacy any less than an
individuals (when it comes to IP space-- and remember not all companies
are public)?

Why is there a need to know what company owns a block provided there is
a valid contact provided? This probably brings the question of how can
we ensure a valid contact.  Since all assignments are done based on
trust, there must be some base assumption that for the most part ISP's
act according to ARIN rules--  I am not aware of any ARIN
para-military-esque auditing arm that checks ISP corporate accounting
against IP assignments to see who skirts the rules.

Honestly, I would be content to see a policy that allows an ISP to go
full NDA with ARIN and provide reassignment information to ARIN on a
private basis.  Under this condition, the ISP would need to maintain
valid contact (abuse/noc) for all address space it has been assigned and
not publicly reassigned.

I firmly believe that this issue will not be going away. 

-dsd 

David Divins 
Principal Engineer 
ServerVault Corp. 
(703) 652-5955 


_____________________________________________ 
From:   Owen DeLong [ <mailto:owen at delong.com> mailto:owen at delong.com] 
Sent:   Friday, April 07, 2006 11:56 PM 
To:     Divins, David; ARIN-discuss at arin.net 
Subject:        Re: [arin-discuss] Privacy of Reassignment Information 

* PGP Signed by an unknown key: 04/07/2006 at 11:55PM 



--On April 7, 2006 10:25:11 PM -0400 "Divins, David"
<dsd at servervault.com> 
wrote: 

> All, 
> 
> Provided an ISP, or other direct assignment recipient, supplies valid 
> and responsive (24x7) Abuse, NOC, and other pertinent contact 
> information, a reassignment should be allowed to remain private. 
> 
First, a direct assignment recipient cannot reassign, so, this would 
not apply to a direct assignment recipient. 

Second, the policy was abandoned fairly recently due to lack of 
support by the community and lack of consensus to move forward. 

IP resources are an element of public trust.  It is common and
widespread 
practice to disclose as a matter of public record possessory interest 
in public resources.  The public interest in an open and equitable 
system of resource assignments and allocations overrides ISPs 
interest in hiding the identities of their customers. 


> The ability for an ISP to selectively and voluntarily make an
assignment 
> private will still allow ARIN to have accurate reassignment
information 
> as the assignments will be provided to ARIN privately whenever address

> utilization must be determined. 
> 
ARIN is a stewardship organization.  The IP addresses are no more owned 
by ARIN than by any recipient organization.  They are administered by 
ARIN and the ISPs in the public trust.  They are public resources. 

> The private designation in no way relieves the ISP of its
responsibility 
> to the Internet community.  In fact, a private reassignment expands
this 
> responsibility as the ISP actually must take on the responsibility 
> providing valid 24x7 point of contact. 
> 
The community vehemently opposed adding such a requirement to the
previous 
attempt at such a policy. 

> If an ISP is unable or unwilling to provide a responsive NOC/abuse 
> contact, then they may not designate any reassignments as private. 
> 
How would you propose to prevent ISPs from ignoring this requirement? 

Owen 

-- 
If it wasn't crypto-signed, it probably didn't come from me. 


* Unknown Key 
* 0x0FE2AA3D - unknown 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20060410/0e6b1161/attachment.htm>


More information about the ARIN-PPML mailing list