[arin-ppml] Policy Proposal 2008-7 - Staff Assessment

[Member Services]

Policy Proposal 2008-7
Title: Whois Integrity Policy Proposal
Submitted: 15 August 2008
Assessment: 8 October 2008


ARIN Staff Assessment

The assessment of this proposal includes comments from ARIN staff and
the ARIN General Counsel. It contains analysis of procedural, legal, and
resource concerns regarding the implementation of this policy proposal
as it is currently stated. Any changes to the language of the proposal
may necessitate further analysis by staff and Counsel.

I. Proposal

Policy Proposal is available below and at:
http://www.arin.net/policy/proposals/2008_7.html

II. Proposal Summary

ARIN staff understands that this policy would require that a resource be
covered by a valid ARIN RSA before it can be updated.


III. Comments

A. ARIN Staff

1. Requiring all requestors to have a signed RSA (Legacy or Standard)
prior to ARIN making any updates to their records could cause a serious
delay in the completion of the update which could negatively affect an
organization’s business.
2. This policy may cause additional information to become stale in Whois
since non-RSA/LRSA signatories will no longer be able to update their
information.
3. Since reverse DNS data is part of WHOIS data, a delay in processing
or a refusal to process delegation update requests could negatively
impact requestor’s DNS operations even if the contact information in
WHOIS is correct.



B. ARIN General Counsel

Clearly protecting or enhancing the accuracy of Whois data is an
appropriate goal of standard setting, and if that creates collateral
requirements, they are likely to be upheld by any reviewing legal authority.

ARIN currently provides free services to legacy holders, including those
who have no written agreement with ARIN for specific legacy resources,
and makes changes for them in Whois that conform to other policies. ARIN
has never adopted a policy requiring such free services be provided by
ARIN but has customarily done this for legacy holders. This policy would
change ARIN’s customary practice by requiring such a written agreement
before ARIN would continue to provide such free services as changing
Whois data. From the standpoint of legal obligations, counsel is not
aware of any legal theory that would require ARIN to continue to provide
free services if it chose to discontinue providing such services for free.

It is likely enactment of the current draft may result in litigation
testing why the policy was enacted and whether it is reasonably related
to achievement of an appropriate standard setting objective.

One or more legacy holder(s) might object to this new requirement for a
written agreement that requires a series of contractual promises by the
legacy holder claiming such a step violates antitrust or other aspects
of legally protected commerce policies. They may also argue that since
ARIN could charge a fee for service as one alternative to requiring a
more comprehensive written agreement, the requirement for the more
extensive agreement is legally impermissible.

IV. Resource Impact –Major
The resource impact of implementing this policy is viewed as major.
Barring any unforeseen resource requirements, this policy could take
over 180 days to be implemented from the date of the ratification of the
policy by the ARIN Board of Trustees. It will require the following:

· Updates to Guidelines
· Staff training
· New software tools will need to be developed that will identify
whether a resource is covered under a RSA.
· Existing software tools will need to be modified to flag those
resources that are not covered by a RSA for analysis by staff.
· May require additional staff to handle increased number of manually
processed requests.

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


#####


Policy Proposal 2008-7
Whois Integrity Policy Proposal

Author: Heather Schiller

Date: 26 August 2008

Policy statement:

To ensure the integrity of information in the ARIN WHOIS Database a
resource must be under an RSA (either legacy or traditional) in order to
update the WHOIS record. ARIN will not update historical information in
the ARIN Whois Database until the resource holder can prove the
organization's right to the resource.

Rationale:

ARIN currently maintains WHOIS and in-addr.arpa delegation records in a
best-effort fashion. In many cases ARIN does not have a formal agreement
with the legacy resource holders. Legacy records are frequently out of
date and have become an increasingly popular target for hijackers.
Having up to date contact information and a formal
relationship with legacy record holders would assist ARIN and ISP's in
ensuring these records are maintained accurately. A similar policy was
successfully adopted in the APNIC region.
(http://www.apnic.net/policy/proposals/prop-018-v001.html)

Timetable for implementation:

Within sixty (60) days of approval - with notification to current POC
email addresses listed on historical assignments, or as soon as
reasonable for ARIN staff.