[arin-ppml] Policy Proposal: Customer Confidentiality

Alexander, Daniel Daniel_Alexander at Cable.Comcast.com
Tue Jun 9 16:41:25 EDT 2009 

Aaron,

You are off to a great start and have spurred good discussion. This is
in no way a criticism of the proposal but only a related thought for the
community to consider.

Given current policies and the proposed change, should the removal of
section 4.2.3.7.2 (/29 requirement) be included in such a change? Is
there a point of having hundreds of thousands or millions of /29's,
/28's, etc. with "private customer" and "private address" or the ISP
address information in whois? 

Is there any reason to have all the more specifics listed in whois if a
single aggregate record would cover the same address and POC
information? Of course if an end user wants the more specific listed
with different details, they should be allowed to do so. It just seems
that whois is getting cluttered with specifics that provide no
constructive use that would not be covered by the parent record.

Dan Alexander
ARIN AC

-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
Behalf Of Aaron Wendel
Sent: Tuesday, June 09, 2009 3:34 PM
To: arin-ppml at arin.net
Subject: Re: [arin-ppml] Policy Proposal: Customer Confidentiality

I purposely wrote the policy to be short, to the point, and easy to
understand.  The customer's communication with their provider should
include
whether they want their personal information published in a publically
accessible database.

My point in writing this policy was to protect information that is
proprietary to any business.  Tell a realtor you know that you're
thinking
about going into real estate and you'd like his customer list. Then tell
him
that you actually need his customer list to make sure he's legit.  If
all he
does is laugh at you then you got off lucky.  I can think of no other
private business that is required to publish customer information to the
public.

Customers can ask to have their information included and many of ours
specifically do but many of them have no idea how to admin their own
networks.  That's why they come to us.

This is my first policy proposal and the first I've seen from a source
outside the usual suspects you see bating around the proposals on the
list.
I am not sure how to change the wording or if it needs changing but I
feel
this is an important issue and am open to suggestions and guidance on
changes that people feel need to be made to make this a workable policy.

Aaron



-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
Behalf Of Milton L Mueller
Sent: Tuesday, June 09, 2009 1:36 PM
To: 'William Herrin'
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] Policy Proposal: Customer Confidentiality

I don't understand how this is a consideration if the ISP continues to
be
accurately identified in the whois. I don't understand how a third
party's
suspicion of an ISP gives them a right to access a customers' data as
opposed to the ISP data. Recall that ARIN has access to the customer
information and would thus be accessible to any real fraud
investigation. 

> -----Original Message-----
> It makes it possible for third parties to perform spot-checks which
> audit the ISP's honest use of address space. Whether used or not, this
> greatly impacts ARIN's process transparency. This is especially
> helpful when a supposed ISP is suspected of fraud. A name alone or
> fully private registrations are insufficient for auditing.
> 
> Regards,
> Bill Herrin
> 
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.

_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list