[ppml] MOVED RE: [arin-discuss] Privacy of Reassignment Information

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Mon Apr 10 19:16:34 EDT 2006 

 er... you talked to me. I've never put bad data into whois, for me
or my customers.  there are reasons to not put data into whois at all.
no data is not bad data.

--bill


On Mon, Apr 10, 2006 at 04:59:16PM -0400, Divins, David wrote:
> I never said there is a law preventing companies from publishing this
> data.  However, the USA does have very strict privacy laws regarding to
> HIPPA healthcare information.  If HIPPA healthcare clearing system gets
> SWIPed it may provide a vector.
>  
> I am here in Montreal at ARINXVII and I have talked to every ISP I can
> think of.  Every one has either directly placed bad info in whois or
> have nudge, nudge, wink wink told customers directly how to do it.
>  
> How accurate and useful is this?
>  
> If you have no requirement for privacy on reassignments, do not use
> them. However there are some reasons that customers need it.
>  
> -dsd
> 
> David Divins
> Principal Engineer
> ServerVault Corp.
> (703) 652-5955
> 
> 
>   _____  
> 
> From: Internet Partners, Inc. Tech Support [mailto:support at ipinc.net] 
> Sent: Monday, April 10, 2006 4:39 PM
> To: Divins, David; Owen DeLong; ARIN-discuss at arin.net
> Subject: RE: [arin-discuss] Privacy of Reassignment Information
> 
> 
>  
> Please cite the privacy law you are referring to that prohibits a
> company from placing it's name, phone number
> and role contact information on an IP assignment.  I am unaware of any
> such law.
>  
> Just because there's ISP's out there who feel that they can ignore the
> rules and fill in bogus contact
> information does not mean we should rewrite the system to cater to these
> people
>  
> There are always people who regard public trusts as their own personal
> property, to abuse as they see
> fit, and to ignore the rules the rest of us have setup, because they
> feel that somehow they are "special"
> that because of who they are and what they do that the rules need to be
> adjusted to suit their own
> personal agenda.  This is called regarding yourself as above the law.
>  
> If we trade in the mandate for ISP's to place valid, public data for
> reassignment information into the
> database, in exchange for some sort of "NDA trade out" as you are
> advocating, then we may make
> a small minority happy and make a problem go away, for the time being.
>  
> Then when the next small minority has a beef with the system we are
> going to adjust the system
> to suit them - because after all we did it for the private numbers
> people.  And so on and so on.
>  
> Eventually the Internet becomes nothing more than what happened in
> Europe in the Middle Ages
> with everyone with their own little fiefdom and their own little laws.
>  
> If an ISP or a company does not like the requirement to disclose who
> they are, they can simply not
> connect to the Internet.  Nobody is holding a gun to anyone's head and
> telling them they must be
> connected to the Internet or else.  If they absoluely have to have
> e-mail, why last I checked UUCP
> worked just fine and did not require a public IP address.
>  
> Ted Mittelstaedt
> NOC Manager
> Internet Partners, Inc.
> 
> -----Original Message-----
> From: arin-discuss-bounces at arin.net
> [mailto:arin-discuss-bounces at arin.net]On Behalf Of Divins, David
> Sent: Friday, April 07, 2006 10:26 PM
> To: Owen DeLong; ARIN-discuss at arin.net
> Subject: Re: [arin-discuss] Privacy of Reassignment Information
> 
> 
> 
> All IP Allocations are done based upon trust.  If an ISP just wanted to
> obscure a reassignment they could simply make up a customer.
> 
> Allowing ISP's to enter into NDA type status for reassignments and
> representing these reassignments as private in public servers should
> provide the registrar with more accurate information-- as that is the
> basis for the reassignment policy.  Additionally, this provides much
> needed privacy for companies that must adhere to ever more restrictive
> privacy laws.  This allows a valid mechanism.
> 
> Why is a corporate entities right to privacy any less than an
> individuals (when it comes to IP space-- and remember not all companies
> are public)?
> 
> Why is there a need to know what company owns a block provided there is
> a valid contact provided? This probably brings the question of how can
> we ensure a valid contact.  Since all assignments are done based on
> trust, there must be some base assumption that for the most part ISP's
> act according to ARIN rules--  I am not aware of any ARIN
> para-military-esque auditing arm that checks ISP corporate accounting
> against IP assignments to see who skirts the rules.
> 
> Honestly, I would be content to see a policy that allows an ISP to go
> full NDA with ARIN and provide reassignment information to ARIN on a
> private basis.  Under this condition, the ISP would need to maintain
> valid contact (abuse/noc) for all address space it has been assigned and
> not publicly reassigned.
> 
> I firmly believe that this issue will not be going away. 
> 
> -dsd 
> 
> David Divins 
> Principal Engineer 
> ServerVault Corp. 
> (703) 652-5955 
> 
> 
> _____________________________________________ 
> From:   Owen DeLong [ <mailto:owen at delong.com> mailto:owen at delong.com] 
> Sent:   Friday, April 07, 2006 11:56 PM 
> To:     Divins, David; ARIN-discuss at arin.net 
> Subject:        Re: [arin-discuss] Privacy of Reassignment Information 
> 
> * PGP Signed by an unknown key: 04/07/2006 at 11:55PM 
> 
> 
> 
> --On April 7, 2006 10:25:11 PM -0400 "Divins, David"
> <dsd at servervault.com> 
> wrote: 
> 
> > All, 
> > 
> > Provided an ISP, or other direct assignment recipient, supplies valid 
> > and responsive (24x7) Abuse, NOC, and other pertinent contact 
> > information, a reassignment should be allowed to remain private. 
> > 
> First, a direct assignment recipient cannot reassign, so, this would 
> not apply to a direct assignment recipient. 
> 
> Second, the policy was abandoned fairly recently due to lack of 
> support by the community and lack of consensus to move forward. 
> 
> IP resources are an element of public trust.  It is common and
> widespread 
> practice to disclose as a matter of public record possessory interest 
> in public resources.  The public interest in an open and equitable 
> system of resource assignments and allocations overrides ISPs 
> interest in hiding the identities of their customers. 
> 
> 
> > The ability for an ISP to selectively and voluntarily make an
> assignment 
> > private will still allow ARIN to have accurate reassignment
> information 
> > as the assignments will be provided to ARIN privately whenever address
> 
> > utilization must be determined. 
> > 
> ARIN is a stewardship organization.  The IP addresses are no more owned 
> by ARIN than by any recipient organization.  They are administered by 
> ARIN and the ISPs in the public trust.  They are public resources. 
> 
> > The private designation in no way relieves the ISP of its
> responsibility 
> > to the Internet community.  In fact, a private reassignment expands
> this 
> > responsibility as the ISP actually must take on the responsibility 
> > providing valid 24x7 point of contact. 
> > 
> The community vehemently opposed adding such a requirement to the
> previous 
> attempt at such a policy. 
> 
> > If an ISP is unable or unwilling to provide a responsive NOC/abuse 
> > contact, then they may not designate any reassignments as private. 
> > 
> How would you propose to prevent ISPs from ignoring this requirement? 
> 
> Owen 
> 
> -- 
> If it wasn't crypto-signed, it probably didn't come from me. 
> 
> 
> * Unknown Key 
> * 0x0FE2AA3D - unknown 
> 

> _______________________________________________
> PPML mailing list
> PPML at arin.net
> http://lists.arin.net/mailman/listinfo/ppml

More information about the ARIN-PPML mailing list