[arin-ppml] SWIPs & IPv6
tvest at eyeconomics.com
tvest at eyeconomics.com
Thu Dec 3 13:50:20 EST 2009
On Dec 3, 2009, at 12:10 PM, Milton L Mueller wrote:
>> -----Original Message-----
>> From: tvest at eyeconomics.com [mailto:tvest at eyeconomics.com]
>> Since you've raised this issue yet again (c.f., June 10 ~ Aug. 31
>> 2009), perhaps now you'll be willing to share with us your
>> view of the proper balance between "legitimate" privacy concerns and
>> "convenience" of technical administration? Rephrasing the two
>> queries that went
>> unanswered last time:
> Privacy norms, standards and laws are well known and not that hard
> to apply to this case.
> Here is a link to a boilerplate explanation of basic data protection
> Respectful suggestion: do some homework on how this issue gets
> handled before wading into a policy arena with global human rights
Thanks for the respectful suggestion. I will take it under advisement.
However, I would respectfully suggest that providing more substantive
answers here would be useful both to you (if your goal is, in fact, to
help inform number resource policies), as well as to those list
members who are not likely to go off and do a lot of homework on this
>> 1. Would you say that the proper balance between these two opposing
>> goals is reflected in current DNS whois arrangements?
> Absolutely not. (And you know perfectly well that I've answered this
> question, not only on this list, but in lengthy scholarly articles,
> and in years of work on DNS Whois Working Groups and Task Forces.)
> It would be very easy for DNS Whois to contain the requisite
> technical information needed for both law enforcement and technical
> management without providing indiscriminate public access to anyone
> and everyone, for any purpose.
Okay, in that case I call:
1. Could you suggest how, exactly, a registration/whois system can be
both very accurate, very reliable, and very easy for technical
administrators to access (when justified) for real-time network
management requirements*, while at the same time satisfying the the
legitimate* privacy concerns of the individuals and institutions who
are represented in that registration data?
2. Could you also suggest how those conditions that are accurately
deemed to be legitimate*, required*, etc. by both groups might be
sustained over time? Specifically, if revelation of whois inaccuracies
is generally only possible as a result of outages or other "events"
that require technical administrator action, and discovery of correct
whois information in such cases is generally only possible through
legal mechanisms (warrants, subpoenas, lawsuits, registry
disaccreditations, etc.) which do not operate at time scales that are
consistent with real-time network management, what method(s) would you
propose for reconciling this critical mismatch?
3. Finally (and if appropriate), could you also suggest how those
conditions might be preserved in an environment of competitive
commercial provision of registration and whois services? Specifically,
what mechanisms would you recommend to encourage registration and
whois service providers to maintain the proper level of investment in
and ongoing support for this secondary, non profit-making function?
What mechanisms would you advocate to assure that individual
commercial registration and whois service providers resist the
temptation to differentiate themselves by cutting their whois-related
support and/or by relaxing their whois-related customer requirements?
Since (3) presumes that you advocate the competitive provision of
registration and whois services, with at least some competitors being
private/not-governmental entities, please disregard this question if
this presumption is inaccurate.
> The only reason this doesn't happen: DNS Whois arrangements have
> been hijacked by trademark protection firms, LEAs too lazy to get
> the proper authorizations, and by companies that collect and sell
> the data for various and sundry purposes. See data protection
> principle #2 for my opinion about that.
If I'm interpreting your reference correctly, data protection
principle #2 reads:
"Personal data shall be obtained only for one or more specified and
lawful purposes, and shall not be further processed in any manner
incompatible with that purpose or those purposes."
If we stipulate for the moment that we're only talking about protocol
number whois as used for legitimate technical administrative purposes
that are consistent with the law, then the relevance of data
protection principle #2 is still ambiguous. One justification for open
public whois is that public scrutiny provides a kind of continuous
distributed error detection and correction mechanism, which helps to
maintain whois completeness and accuracy in between those critical
moments when technical-administrative action is both legal and
justified -- and at which points the belated discovery of whois
inaccuracies can have the most adverse consequences.
Is it your view that the very existence and/or maintenance of accurate
personal data should be subject to a different, higher standard than
the standard suggested by data protection principle #2?
>> 2. Are the "legitimate privacy concerns" of artificial
>> persons (i.e.,
>> corporations) different from the "legitimate privacy concerns" of
>> natural persons?
> Sigh. Overlooking your complete ignorance of applicable law, I will
> simply answer yes.
> The distinction is well-established in law, not to mention common
> sense. Yes, Tom, there are differences between the privacy rights
> and legal norms applicable to publicly registered corporate entities
> and flesh and blood persons and their homes and personal property.
Ignoring the insult, I'll just observe again that a less clever but
more substantive response would have probably been more useful, to you
and everyone else.
>> If so, how -- and how should the differences be
>> reflected in rotocol number-related registration data and whois?
> Yes, of course the differences should be reflected. How? Not that
> hard, but as I said in my last message, let's debate specific
> arrangements and proposals, not ideology.
Excellent. Here's your chance to debate specifics.
It's good to know that it won't be that hard...
More information about the ARIN-PPML