[arin-ppml] Policy Proposal: Customer Confidentiality

michael.dillon at bt.com michael.dillon at bt.com
Tue Jun 9 09:09:43 EDT 2009

 ISPs may choose to enter their own address and phone number 
> in reassignments and reallocations in lieu of the customer's 
> address and phone number.  The customer's actual information 
> must be provided to ARIN on request and will be held in the 
> strictest confidence.

I generally agree with this proposal. The purpose of whois
is to publish contact info for someone who is ready,
willing and able to take action in connection with network
issues ranging from outages, to incorrect configurations
and including network abuse. In an increasing number of
cases, that readiness (24/7), willingness and ability to
act are better found in the ISP, not in the end customer.

In addition, it is becoming so common for contacts to be
unresponsive, that more and more people don't even bother
chasing after an issue. It is common to see pleas for contact
information which are repeatedly answered with a recommendation
to go to the address-user's upstream ISP. This is now
becoming best practice because that ISP has a contractual
relationship with the address-user and almost certainly has
better internal contact info for them which cannot be
published in whois.

By modifying whois records to point to an ISP's preferred
contact point, we give message senders the ability to
quickly make contact with an end-user network, or to get
the ISP to take charge of problem resolution.

Perhaps the bit about "actual information" could be reworded
a bit. I interpret that as meaning that full and complete
info must accompany address applications, and will therefore
be protected by the normal NDA which covers all info submitted
to justify an address application.

Under current policy ARIN is meddling in ISP business models 
because it is not possible for an ISP to offer a fully-managed
Internet access service. If an ISP has to publish their customer's
name and valid contact address info in whois, then that customer
will be pestered with queries that should have been covered
by the ISP in a fully-managed scenario. It is time to fix this.

--Michael Dillon

More information about the ARIN-PPML mailing list