[arin-ppml] Policy Proposal: Customer Confidentiality

Kevin Stange kevin at steadfast.net
Tue Jun 9 14:23:09 EDT 2009

William Herrin wrote:
> On Tue, Jun 9, 2009 at 8:55 AM, Member Services<info at arin.net> wrote:
>> 1. Policy Proposal Name: Customer Confidentiality
>> ISPs may choose to enter their own address and phone number in
>> reassignments and reallocations in lieu of the customer's address and
>> phone number.  The customer's actual information must be provided to
>> ARIN on request and will be held in the strictest confidence.
> I oppose this policy as written, however I would support the policy if
> "address" was clarified to mean email address but not postal address.

I support this policy fully, as written, or with any additional clauses
to expand the language to explicitly mention protection of end-users as
additional rationale.

> Describing the registrant's identity for the consumption of
> non-trivial amounts of IPv4 address space serves good public policy.
> It makes it possible for third parties to perform spot-checks which
> audit the ISP's honest use of address space. Whether used or not, this
> greatly impacts ARIN's process transparency. This is especially
> helpful when a supposed ISP is suspected of fraud. A name alone or
> fully private registrations are insufficient for auditing.

Is it anyone's job but the IP regulatory agencies and governmental
agencies to investigate charges of fraud?  If it's suspected, there
should certainly be other clues besides rwhois, enough to involve people
to whom this job is assigned.  I don't see how it can be argued that the
ISP should *have to* make this information available for "third parties"
at random to dig around, effectively gaining a customer database as a
result.  This isn't just about the ISP's protection, though.

Privacy of personal information is something our customers regularly ask
us about because our system automatically publishes their information in
rwhois.  In many cases, these customers do not have the technical
knowledge to know how to handle contact involving their IP usage, and
would simply defer to us anyway.  We have no problem with fielding these
questions and filtering queries to them that they don't really have need
to worry about.

Some "controversial" companies end up having home addresses and other
information published which exposes them to possible retaliation and the
idea that this information is supposed to be public record makes them
uncomfortable.  Sure, that information isn't that hard to find, but
we're just giving it away now in a way that can be systematically
queried and republished.

I don't think we'd change our "default" of publishing customer
information, but we certainly support giving them the ability to opt for
privacy if it suits them and will, as always, cooperate with ARIN and
law enforcement to provide the "privatized" information if it's needed
for administrative or legal reasons.

Kevin Stange
Chief Technology Officer
Steadfast Networks
Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688 | Cell: 312-320-5867

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20090609/9fca0354/attachment-0001.sig>

More information about the ARIN-PPML mailing list