[arin-ppml] Policy Proposal: Customer Confidentiality
Skeeve at eintellego.net
Wed Jun 10 12:19:36 EDT 2009
As a non-ARIN member, but with interest in using information to perform our duties globally... I would like to make some comments.
I see two conflicting issues.
a) Trying to track down the contact details of someone doing DoS, SPAM, Criminal Acts or having technical problems and having US providers telling people outside the US like us to get lost when we ask for the details of who is using an IP range.
b) Protecting the identity of sensitive entities should they become targets if their addresses be known, and for the collection of customer base data
So b) is reasonable, but a) is more important day to do operationally.
If there was a method to have issues dealt with... i.e., we could contact ARIN and have them look into the matter then it would be fine.... but this is not what they do. So what happens then? Should it be written into the policy that CERT or some other organisation should be able to have the information disclosed to them?
The policy also does not state what happens if the ISP refuses to provide the information to ARIN, or is inaccurate, or they do not know it. "Sorry, it just has a pobox'.
The policy also does not state whom ARIN can disclose it to - just saying 'held in strictest confidence' doesn't actually mean anything.
So... basically.. with the above thoughts, the key question is:
What do we do, as a foreign company/entity, if we need to track down who is doing something (illegal/technical issue/etc) and the upstream ISP won't disclose it to us?
Skeeve Stevens, CEO/Technical Director
eintellego Pty Ltd - The Networking Specialists
skeeve at eintellego.net / www.eintellego.net
Phone: 1300 753 383, Fax: (+612) 8572 9954
Cell +61 (0)414 753 383 / skype://skeeve
NOC, NOC, who's there?
> -----Original Message-----
> 7. Policy statement:
> ISPs may choose to enter their own address and phone number in
> reassignments and reallocations in lieu of the customer's address and
> phone number. The customer's actual information must be provided to
> ARIN on request and will be held in the strictest confidence.
> 8. Rationale:
> Customer contact lists are one of the most proprietary and confidential
> pieces of information in any business. The requirements for ISPs to
> publish those lists via SWIP or RWHOIS runs contrary to good business
> practices and invites competitors and others to solicit both
> and companies receiving reassignments and sub allocations from upstream
> 9. Timetable for implementation: immediate
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML