[arin-ppml] Policy Proposal: Customer Confidentiality
tedm at ipinc.net
Tue Jun 9 21:35:23 EDT 2009
Scott Leibrand wrote:
> See my last post. This would not allow you to hide the name on the
> SWIP, just address and phone number.
Not exactly true. Policy implementation is a matter of interpretation
of the written policy. It is entirely possible to write a policy and
have it go into the manual and end up with it being interpreted
differently than your intention. That is one reason why the Rationale
section exists - to help ARIN staff interpret policy changes so they are
interpreted the way you intend, not some different way.
With this proposal, the Rationale is very generally written, and the
policy proposal attempts to be concise. Unfortunately, concise
statements are very subject to reinterpretation. Since the NAME field
is NOT specified by the policy change, and the Rationale section talks a
great deal about privacy and customer contact, it is pretty easy to make
a case that publishing the company name would defeat the point of
hiding the company contact info - and thus defeat the intent of the
privacy desires as expressed in the Rationale.
It's my hope that the policy submitter will rewrite the submission to
make it more explicit. I understand it's his first and as such is a
learning experience. I also am not surprised to see it as I expected
something along these lines if my own whois POC cleanup policy was
adopted. But it must be explicit that the ISP filing the SWIP may opt
to privatize the street address/e-mail/etc but that they ARE NOT ALLOWED
to do this with the NAME of the customer. I frankly also find nothing
is served by hiding the e-mail address as well, since if the customer
wants they can use a privatized domain name that also reveals nothing -
but that is a minor quibble and not anywhere nearly as important as
explicitly stating the customer name, not the ISP name, must be present
in the SWIP.
> Ted Mittelstaedt wrote:
>> We (my org) completely oppose this policy as it runs counter to
>> the general privacy adoptions of the worldwide Domain Name System.
>> In DNS you are allowed to hide the domain name holder's street
>> address as well as e-mail but you are NOT allowed to hide the NAME
>> of the holder.
>> If ARIN is to adopt such a policy it should align with that used by DNS.
>> Member Services wrote:
>>> ARIN received the following policy proposal and is posting it to the
>>> Public Policy Mailing List (PPML) in accordance with Policy Development
>>> This proposal is in the first stage of the Policy Development Process.
>>> ARIN staff will perform the Clarity and Understanding step. Staff does
>>> not evaluate the proposal at this time, their goal is to make sure that
>>> they understand the proposal and believe the community will as well.
>>> Staff will report their results to the ARIN Advisory Council (AC) within
>>> 10 days.
>>> The AC will review the proposal at their next regularly scheduled
>>> meeting (if the period before the next regularly scheduled meeting is
>>> less than 10 days, then the period may be extended to the subsequent
>>> regularly scheduled meeting). The AC will decide how to utilize the
>>> proposal and announce the decision to the PPML.
>>> In the meantime, the AC invites everyone to comment on the proposal on
>>> the PPML, particularly their support or non-support and the reasoning
>>> behind their opinion. Such participation contributes to a thorough
>>> vetting and provides important guidance to the AC in their
>>> The ARIN Policy Development Process can be found at:
>>> Mailing list subscription information can be found
>>> Member Services
>>> American Registry for Internet Numbers (ARIN)
>>> ## * ##
>>> 1. Policy Proposal Name: Customer Confidentiality
>>> 2. Proposal Originator: Aaron Wendel
>>> 3. Proposal Version: 1.0
>>> 4. Date: 9 June 2009
>>> 5. Proposal type: new
>>> 6. Policy term: permanent
>>> 7. Policy statement:
>>> ISPs may choose to enter their own address and phone number in
>>> reassignments and reallocations in lieu of the customer's address and
>>> phone number. The customer's actual information must be provided to
>>> ARIN on request and will be held in the strictest confidence.
>>> 8. Rationale:
>>> Customer contact lists are one of the most proprietary and confidential
>>> pieces of information in any business. The requirements for ISPs to
>>> publish those lists via SWIP or RWHOIS runs contrary to good business
>>> practices and invites competitors and others to solicit both individuals
>>> and companies receiving reassignments and sub allocations from upstream
>>> 9. Timetable for implementation: immediate
>>> You are receiving this message because you are subscribed to
>>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>> Unsubscribe or manage your mailing list subscription at:
>>> Please contact info at arin.net if you experience any issues.
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML