[arin-ppml] Privacy rights & IP number whois

Milton L Mueller mueller at syr.edu
Tue Sep 2 23:30:29 EDT 2008

-----Original Message-----
From: Ted Mittelstaedt [mailto:tedm at ipinc.net]
>That is a poor example since it's absolutely false.  DMV record
>availability is set by the state governments in the US not feds
>and it differs from state to state.

"Absolutely false" is a strong claim. My claim was that there is no state (and I made no claim about whether the law was federal or state) that allows anyone to look at a drivers license on the road and anonymously type it into an Internet-based database and receive, without any restriction on time, person, manner or purpose,  the name, address, email and telephone number of the person who registered that plate. I still don't think that claim is false, and as far as I can tell nothing has been said to refute it.

>About 6-8 years ago in my 
>state there were no restictions at all, none whatsoever and it
>WAS perfectly legal to do this.

I'd like to verify. Please name the state. 

Also: Where there were "no restrictions at all" was the access available anonymously via Internet? Was the data subject notified? Was a purpose requested? Was the requestor's information recorded? If the answer to the first question was "no" and to all the others "yes", then my assertion is verified, not refuted by your example. If the answer to the first question is "yes," do you think it unreasonable that they stopped doing that? Can you appreciate why they might have stopped doing that? These are honest, not rhetorical questions. I want to know why you would feel that it is important for Internet users not to be anonymous but you would support anonymous downloading and use of sensitive information. 

>I have done so recently in fact.  And this is if the vehicle is
>a privately owned car.  If it is commercially owned then yes,
>you absolutely have the right for this information, no questions
>asked, and the DMV in my state will give it to you, no questions

But that's the legal person / natural person distinction. That's grounded in privacy law. And in either case, the DMV still has to verify who the owner is before you get any data, right? You don't get it anonymously off the Internet. 

>Thus, it is quite obvious that people in society have much more
>right to information on IP address holders than they have on
>people who own vehicles.

Perhaps you misinterpret what I am saying. I am not saying that there should be no address Whois. ARIN's IP address Whois, from a privacy standpoint, poses no serious problems today. It tells you which company has been assigned the address block and gives you contact info for that company. That is all it needs to do to fulfill its operational purpose, which is to maintain uniqueness and promote conservation and aggregation and other forms of routing stability. 

If there are criminal or even some civil problems with a specific internet user, IP Whois allows you to identify the operator and law enforcement can, using existing powers, subpoena the operator for additional identification or usage information about individual account holders at the operator. Due process. No problem with that. 

But ARIN's address Whois does not -- and, I hope you agree, should not -- tell anyone in the world who wants to know what Ted Middlstaedt's phone number is and what he did on the Internet last night, simply because they somehow got hold of your IP address number.  

I hope people on this list are aware of the Verizon v. RIAA case. It was all about IP address information and under what conditions it can be linked to a specific subscriber. http://www.eff.org/files/filenode/RIAA_v_Verizon/opinion-20031219.pdf 

As Verizon claimed at the time, the RIAA's position "opens the door for any person claiming to own a copyright to submit a one-page form to a clerk of a court and obtain the unlimited ability to collect private subscriber information" based on the collection of an IP address from a p2p site. 

>The legislatures, courts and constitutions of different countries
>in the world all differ greatly on this, and what laws there are
>out there differ widely.  This kind of issue is what the United
>Nations was created to solve.  And so far the UN has not issued
>guidelines and directives on this for IP addresses.

Are you inviting the UN to intervene in address policy? Shall I forward this message to the ITU and tell them that an ARIN ppml member really wants them to get involved?  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080902/dbf3cdc8/attachment.htm>

More information about the ARIN-PPML mailing list