[arin-ppml] Policy Proposal: Customer Confidentiality

Ted Mittelstaedt tedm at ipinc.net
Tue Jun 9 20:48:57 EDT 2009


Aaron Wendel wrote:
> I purposely wrote the policy to be short, to the point, and easy to
> understand.  The customer's communication with their provider should include
> whether they want their personal information published in a publically
> accessible database.
> 
> My point in writing this policy was to protect information that is
> proprietary to any business.  Tell a realtor you know that you're thinking
> about going into real estate and you'd like his customer list. Then tell him
> that you actually need his customer list to make sure he's legit.  If all he
> does is laugh at you then you got off lucky.  I can think of no other
> private business that is required to publish customer information to the
> public.

Every private business that runs a public-access business like a 
restaurant is required to post many notices.  An obvious one is
health inspection info.

Private individuals who drive vehicles on the road must display liscense
plates.

Use of the Internet is use of a public resource just like use of the 
roads is use of a public resource.  Vehicles that use public roads must 
display licenses.  Your example is therefore bogus.

The problem with simple proposals like yours is they take a sledge 
hammer to a problem that needs a delicate touch.  Hopefully after 
everyone has got past their orgy of "oh cool I can go off and be 
anonymous" they will come to their senses and realize this.

Ted

> 
> Customers can ask to have their information included and many of ours
> specifically do but many of them have no idea how to admin their own
> networks.  That's why they come to us.
> 
> This is my first policy proposal and the first I've seen from a source
> outside the usual suspects you see bating around the proposals on the list.
> I am not sure how to change the wording or if it needs changing but I feel
> this is an important issue and am open to suggestions and guidance on
> changes that people feel need to be made to make this a workable policy.
> 
> Aaron
> 
> 
> 
> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Milton L Mueller
> Sent: Tuesday, June 09, 2009 1:36 PM
> To: 'William Herrin'
> Cc: arin-ppml at arin.net
> Subject: Re: [arin-ppml] Policy Proposal: Customer Confidentiality
> 
> I don't understand how this is a consideration if the ISP continues to be
> accurately identified in the whois. I don't understand how a third party's
> suspicion of an ISP gives them a right to access a customers' data as
> opposed to the ISP data. Recall that ARIN has access to the customer
> information and would thus be accessible to any real fraud investigation. 
> 
>> -----Original Message-----
>> It makes it possible for third parties to perform spot-checks which
>> audit the ISP's honest use of address space. Whether used or not, this
>> greatly impacts ARIN's process transparency. This is especially
>> helpful when a supposed ISP is suspected of fraud. A name alone or
>> fully private registrations are insufficient for auditing.
>>
>> Regards,
>> Bill Herrin
>>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.




More information about the ARIN-PPML mailing list