[arin-ppml] Policy Proposal: Customer Confidentiality

michael.dillon at bt.com michael.dillon at bt.com
Wed Jun 10 14:59:11 EDT 2009


> a) Trying to track down the contact details of someone doing 
> DoS, SPAM, Criminal Acts or having technical problems and 
> having US providers telling people outside the US like us to 
> get lost when we ask for the details of who is using an IP range.

There may actually be a role here for ARIN to act as
a kind of clearinghouse for this type of reporting.
For instance, have a webpage where people can fill
in some fields and check some boxes. Then send the 
ISPs a daily or hourly report with stats of what
was reported. The ISP can drill down into the details
on the website if they want to.

The problem is that when abuse crosses international
borders, it is difficult to find the right place to
make a report. And when report volume gets too high,
the recipients cease to respond to it.

> If there was a method to have issues dealt with... i.e., we 
> could contact ARIN and have them look into the matter then it 
> would be fine.... but this is not what they do.  So what 
> happens then?  Should it be written into the policy that CERT 
> or some other organisation should be able to have the 
> information disclosed to them?

Formally, I think that this could be handled via suggestions
but try not to cover too many things in one suggestion.
<https://www.arin.net/participate/acsp/index.html>

> The policy also does not state whom ARIN can disclose it to - 
> just saying 'held in strictest confidence' doesn't actually 
> mean anything.

The RSA covers all of this already.

--Michael Dillon



More information about the ARIN-PPML mailing list