[arin-ppml] SWIPs & IPv6
tvest at eyeconomics.com
tvest at eyeconomics.com
Thu Dec 3 14:05:43 EST 2009
The same license plate analogy was discussed on the RIPE policy list
about six months ago:
>> On 23 Jul 2009, at 13:14, tvest at eyeconomics.com wrote:
>> There is almost certainly some sort of clearing house role for the
>> RIRs in any address space matrket: authenticating the seller's
>> "title" to the space, maintaining up to date registry info and so
>> on. However this doesn't have to record prices. For instance the
>> DMV doesn't care what someone pays for a car. They do want to know
>> who owns it.
> That's true, but then you don't go to the DMV volutarily. You go
> 1. you are required by law to obtain a special token that indicates
> that your vehicle are bona fide -- a token that is clearly visible
> to everyone you interact with at all times.
> 2. guys with the authority to mete out real consequences are
> constantly cruising around, looking specifically for missing or out-
> of-date tokens.
> 3. Every driver is aware of (2); some people may occasionally try to
> get by without registering, and bad guys know generally don't try to
> register stolen vehicles, but everyone is aware that the LEA risk is
> In the Internet context, not only is each of the above false; in
> each case the opposite is true.
So, I would suggest that one cannot really embrace the license plate
parallel unless you also want to embrace all that goes along with it,
i.e., substantial investment in a large, widely distributed rule
enforcement system with real power to mete out punishment, which is
constantly if somewhat thinly and randomly monitoring everyone on the
On Dec 3, 2009, at 1:38 PM, Chris Engel wrote:
> I believe that Milton makes an excellent point below. The important
> issue, I believe, is NOT that the general public be able to
> determine who ACTUALY owns a particular address block or domain. The
> important issue is being able to report a problem with a particular
> domain/address block to some-one who can take appropriate action
> upon it.
> Looking at the analogy of cars on a road is probably rather
> appropriate in this case. Roads are a public shared resource just
> like the internet. In order to be able to put a car on the road (at
> least in the US) it needs to registered with your state DMV and
> needs to have a visible license plate on it. Note that the ONLY
> thing that is publicaly revealed when your car is on the road is
> that License Plate #... not the owners Name, Address, Phone #, etc.
> The public can NOT simply goto the DMV and get the corresponding
> Contact Info for a License Plate #.
> The reasons for that are obvious.... a stalker or abusive ex-
> boyfriend knows the car thier intended victem is driving.... if they
> are able to get a home address/phone # from that publicaly availble
> license plate #, thier ability to carry out abuse is greatly
> enhanced. The hazards for providing contact information for the
> actual owners of a domain/IP block are not that different.
> What you CAN do is report that License Plate # to the Police/DMV
> when there is a problem with that car (say it knocked over your
> fence and then drove off) and THEY can take action that is neccesary
> to address the problem. In cases where you have a legitimate need
> for the actual contact information (say you need to know who to sue
> for damaging your property) THEY will provide it for you if your
> requirement for it is determined to be legitimate. They act as gate-
> keepers for that information. In cases where you feel those gate-
> keepers are not providing such information when there is legitimate
> cause you can petition the courts for redress.
> I really see no issue with an ISP or other Agent acting as the POC
> or Gatekeeper for an individual block/domain holders information.
> The problem occurs when that ISP/Agent is not themselves responsive
> when there is a legitimate need to resolve an issue that the address
> holder is causing. In our real world example, the Police/DMV have
> dual responsibilties.... they are responsible to protect the privacy
> of the vehicle owner.... but also responsible to protect the rights
> of individuals who that vehicle may have infringed upon... they are
> equaly accountable to both. In essence, they have no horse in the
> race themselves. In the case of the ISP/Registrar/Agent the person
> who's identity they are protecting is thier customer so they have a
> vested interest in being biased toward thier interests. Perhaps that
> is part of the issue here.
> Milton L Mueller writes:
> "This is a typically unbalanced and exaggerated claim. There are
> legitimate privacy concerns regarding access to contact and address
> data, including shielding people from cyber-criminals and spammers,
> and there are legal issues regarding the display of that data when
> natural persons (i.e., not incorporated organizations) are involved.
> Revelation of the data shielded by these so-called privacy services
> is notoriously easy to obtain, basically you just have to ask for
> it, be a real entity and have some legitimate purpose. All of these
> constraints are absent, of course, from anonymous, web-based whois
> interfaces. The idea that people can abuse the internet (correct, of
> course) must always be balanced by the equally valid observation
> that people can and do abuse unrestricted access to sensitive data.
> The implication that only criminals use DNS privacy protection
> services is obviously false, unless you believe that about 30% of
> all domain name registrants are criminals and that the numerous
> reputable individuals I could cite, including newspaper reporters
> and small businesspeople, are also criminals.
> The expectation that WHOIS/SWIP issues can be discussed
> independently of data protection rules and norms is a fantasy. I
> know Ted is a lost cause on this issue and don't frankly care; but I
> hope the rest of this list is a bit more mature and not populated by
> people who think that their convenience as technical administrators
> trumps any and every human rights concern.
> Beyond that, to avoid the practically useless kinds of ideological
> debates in which Ted revels, I'd propose restricting any further
> discussion of this to specific proposals and operational guidelines.
> You can't know whether there is a legitimate privacy and/or security
> issue unless we are discussing real proposals in real contexts.
> --MM "
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML