[arin-ppml] Policy Proposal: Customer Confidentiality

Tue Jun 9 10:27:30 EDT 2009

Hi David,

I was think thinking something very similar.
Regardless of which party initiates the action, if the end result is  
the use of ISP contact information to mask the identity of the end  
customer, then by definition the ISP is effectively agreeing to act as  
the customer's proxy (or at least proxy of last resort) in any/all  
recognized legitimate interactions are mediated by whois, for as long  
as that identity substitution remains in effect.

I imagine that "recognized legitimate" uses of whois could/should be  
imported by reference to broader established policies, and the actual  
scope/details of discretionary proxy services should be left to  
specific bilateral arrangements -- but I think that the "proxy of last  
resort" language should probably be added to the proposal.

TV

On Jun 9, 2009, at 10:07 AM, David Farmer wrote:

> In general, the concept of privacy or confidentially attaches to
> the client or customer not to the agent or service provider.  An
> example, attorney client privilege is a right of the client and a
> duty of the attorney, it is for the benefit of the client not the
> attorney.
>
> If withholding such information is solely in the business interest
> of the agent or service provider, the ISP in this case, and
> especially if it in anyway damages the interest of client or
> customer, then I'm opposed to such policies.
>
> Customer information is not solely the property of the agent or
> service provider, the client or customer should have the
> controlling interest in such information.
>
> I generally support an effort to increased Customer
> Confidentially, but it needs to focus on the Customer's interest
> not solely on the ISP's interest.  So I am worried about how
> this proposal is written and that it seems to focus on the ISP's
> interest not the Customer's interest.
>
> It maybe as simple as requiring an ISP to provide the actual
> customer information in Whois if direct by the customer to do
> so.  That might be all it takes to put the customer's interest
> ahead of the ISP's interest.
>
> I'm fine with an ISP choosing the default action, but the
> customer should have a choice about their information, not
> solely the ISP.
>
> On 9 Jun 2009 Member Services wrote:
>
>> 1. Policy Proposal Name: Customer Confidentiality
>>
>> 2. Proposal Originator: Aaron Wendel
>>
>> 3. Proposal Version: 1.0
>>
>> 4. Date: 9 June 2009
>>
>> 5. Proposal type: new
>>
>> 6. Policy term: permanent
>>
>> 7. Policy statement:
>>
>> ISPs may choose to enter their own address and phone number in
>> reassignments and reallocations in lieu of the customer's address and
>> phone number.  The customer's actual information must be provided to
>> ARIN on request and will be held in the strictest confidence.
>>
>> 8. Rationale:
>>
>> Customer contact lists are one of the most proprietary and
>> confidential pieces of information in any business.  The requirements
>> for ISPs to publish those lists via SWIP or RWHOIS runs contrary to
>> good business practices and invites competitors and others to solicit
>> both individuals and companies receiving reassignments and sub
>> allocations from upstream providers.
>>
>> 9. Timetable for implementation: immediate
>
>
> ===============================================
> David Farmer                                      Email:farmer at umn.edu
> Office of Information Technology
> Networking & Telecomunication Services
> University of Minnesota		       Phone: 612-626-0815
> 2218 University Ave SE		       Cell: 612-812-9952
> Minneapolis, MN 55414-3029	       FAX: 612-626-1818
> ===============================================
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.