[arin-ppml] SWIPs & IPv6

tvest at eyeconomics.com tvest at eyeconomics.com
Thu Dec 3 14:05:43 EST 2009

Hi Chris,

The same license plate analogy was discussed on the RIPE policy list  
about six months ago:

>> On 23 Jul 2009, at 13:14, tvest at eyeconomics.com wrote:

>> There is almost certainly some sort of clearing house role for the  
>> RIRs in any address space matrket: authenticating the seller's  
>> "title" to the space, maintaining up to date registry info and so  
>> on. However this doesn't have to record prices. For instance the  
>> DMV doesn't care what someone pays for a car. They do want to know  
>> who owns it.
> That's true, but then you don't go to the DMV volutarily. You go  
> because:
> 1. you are required by law to obtain a special token that indicates  
> that your vehicle are bona fide -- a token that is clearly visible  
> to everyone you interact with at all times.
> 2. guys with the authority to mete out real consequences are  
> constantly cruising around, looking specifically for missing or out- 
> of-date tokens.
> 3. Every driver is aware of (2); some people may occasionally try to  
> get by without registering, and bad guys know generally don't try to  
> register stolen vehicles, but everyone is aware that the LEA risk is  
> real.
> In the Internet context, not only is each of the above false; in  
> each case the opposite is true.

So, I would suggest that one cannot really embrace the license plate  
parallel unless you also want to embrace all that goes along with it,  
i.e., substantial investment in a large, widely distributed rule  
enforcement system with real power to mete out punishment, which is  
constantly if somewhat thinly and randomly monitoring everyone on the  


On Dec 3, 2009, at 1:38 PM, Chris Engel wrote:

> I believe that Milton makes an excellent point below. The important  
> issue, I believe, is NOT that the general public be able to  
> determine who ACTUALY owns a particular address block or domain. The  
> important issue is being able to report a problem with a particular  
> domain/address block to some-one who can take appropriate action  
> upon it.
> Looking at the analogy of cars on a road is probably rather  
> appropriate in this case. Roads are a public shared resource just  
> like the internet. In order to be able to put a car on the road (at  
> least in the US) it needs to registered with your state DMV and  
> needs to have a visible license plate on it. Note that the ONLY  
> thing that is publicaly revealed when your car is on the road is  
> that License Plate #... not the owners Name, Address, Phone #, etc.  
> The public can NOT simply goto the DMV and get the corresponding  
> Contact Info for a License Plate #.
> The reasons for that are obvious.... a stalker or abusive ex- 
> boyfriend knows the car thier intended victem is driving.... if they  
> are able to get a home address/phone # from that publicaly availble  
> license plate #, thier ability to carry out abuse is greatly  
> enhanced. The hazards for providing contact information for the  
> actual owners of a domain/IP block are not that different.
> What you CAN do is report that License Plate # to the Police/DMV  
> when there is a problem with that car (say it knocked over your  
> fence and then drove off) and THEY can take action that is neccesary  
> to address the problem. In cases where you have a legitimate need  
> for the actual contact information (say you need to know who to sue  
> for damaging your property) THEY will provide it for you if your  
> requirement for it is determined to be legitimate. They act as gate- 
> keepers for that information. In cases where you feel those gate- 
> keepers are not providing such information when there is legitimate  
> cause you can petition the courts for redress.
> I really see no issue with an ISP or other Agent acting as the POC  
> or Gatekeeper for an individual block/domain holders information.  
> The problem occurs when that ISP/Agent is not themselves responsive  
> when there is a legitimate need to resolve an issue that the address  
> holder is causing. In our real world example, the Police/DMV have  
> dual responsibilties.... they are responsible to protect the privacy  
> of the vehicle owner.... but also responsible to protect the rights  
> of individuals who that vehicle may have infringed upon... they are  
> equaly accountable to both. In essence, they have no horse in the  
> race themselves. In the case of the ISP/Registrar/Agent the person  
> who's identity they are protecting is thier customer so they have a  
> vested interest in being biased toward thier interests. Perhaps that  
> is part of the issue here.
> .....
> Milton L Mueller writes:
> "This is a typically unbalanced and exaggerated claim. There are  
> legitimate privacy concerns regarding access to contact and address  
> data, including shielding people from cyber-criminals and spammers,  
> and there are legal issues regarding the display of that data when  
> natural persons (i.e., not incorporated organizations) are involved.
> Revelation of the data shielded by these so-called privacy services  
> is notoriously easy to obtain, basically you just have to ask for  
> it, be a real entity and have some legitimate purpose. All of these  
> constraints are absent, of course, from anonymous, web-based whois  
> interfaces. The idea that people can abuse the internet (correct, of  
> course) must always be balanced by the equally valid observation  
> that people can and do abuse unrestricted access to sensitive data.
> The implication that only criminals use DNS privacy protection  
> services is obviously false, unless you believe that about 30% of  
> all domain name registrants are criminals and that the numerous  
> reputable individuals I could cite, including newspaper reporters  
> and small businesspeople, are also criminals.
> The expectation that WHOIS/SWIP issues can be discussed  
> independently of data protection rules and norms is a fantasy. I  
> know Ted is a lost cause on this issue and don't frankly care; but I  
> hope the rest of this list is a bit more mature and not populated by  
> people who think that their convenience as technical administrators  
> trumps any and every human rights concern.
> Beyond that, to avoid the practically useless kinds of ideological  
> debates in which Ted revels, I'd propose restricting any further  
> discussion of this to specific proposals and operational guidelines.  
> You can't know whether there is a legitimate privacy and/or security  
> issue unless we are discussing real proposals in real contexts.
> --MM "
> _______________________________________________
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list