[arin-ppml] Policy Proposal: Customer Confidentiality

Tue Jun 9 15:56:16 EDT 2009

{SNIP}
> 
> I could accept a proposal that suggests that privacy should be limited
> such that if the furthest downstream party wishes to have privacy, the
> ISP must replace the contact information with that of an immediate POC
> that can handle issues on their behalf promptly.  In that case, you have
> to address how you can validate that information, or establish a
> complaint and resolution (or penalty) process if it turns out that
> information published does not meet that criteria.
>

I would also support wording to that effect.

> > Leaving the PoC as the top level ISP could put contact with an effective
> > administrator a number of tiers away, and could engender a situation
> where
> > resolution of an immediate issue is days away.
> 
> I suppose this does tend to happen a lot.  When we first started, our
> IPs were allocated to us from Savvis to our reseller, to us.  We had our
> IPs SWIPed to ensure we were contacted, but there were abuse reports
> sent directly to Savvis that could take days to reach us.  That just
> seems irresponsible, since forwarding email is relatively trivial.
> 
> > Filtering customers from abuse contacts is not a good thing.  If
> customer
> > networks are exposed directly to the internet then the customer needs to
> > have capable administrators on staff or under contract and those
> > administrators must be reachable.
> >
> > Expecting reasonable responsibility is not unreasonable.  Vehicle
> drivers on
> > public roads are or should be required to have the knowledge, resources
> and
> > skills to operate a vehicle. Network operators on public networks should
> > likewise be expected to have the knowledge, resources and skills to
> operate
> > a network.
> 
> I trust you do not work with dedicated server hosting much. ;)

Ah, but in the case of hosted servers the server host would actually be a
more appropriate contact than the end user, and the server host is the
actual owner (we can say that now that we can sell IP blocks) of the IP
addresses.  The server host has the capability of immediately modifying the
customer traffic and routing. In this case the server host is the network
operator, not the web author.  I agree wholeheartedly that it would be not
be reasonable or prudent to expect web authors to understand routing issues.

> 
> Expecting this level of knowledge or an appropriate system administrator
> is impossible in our business, even when we explicitly tell customers
> about the need for this.  Sometimes, a customer believes he has a
> competent administrator on staff which turns out to be only slightly
> more literate in server and network management than the customer
> himself.  Other times the competent administrator leaves the company or
> is laid off, with the customer getting the ensuing mess to deal with,
> clueless.  It's routine, and letting us field the abuse reports in this
> case is the best way we can make sure such issues actually get explained
> to the customer and handled promptly.
> 
> --
> Kevin Stange
> Chief Technology Officer
> Steadfast Networks
> http://steadfast.net
> Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688 | Cell: 312-320-5867

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3224 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20090609/6dd0bf61/attachment.bin>