[arin-ppml] Policy Proposal: Customer Confidentiality - revised
tedm at ipinc.net
Wed Jun 10 13:36:45 EDT 2009
This is a much better proposal but there is one thing that EVERYONE
NEEDS to consider before supporting it, PARTICULARLY if you feel, as
I do, that the single most important reason for the existence of the
WHOIS database is to provide a contact to reach in abuse cases.
Currently, for ALL IP ADDRESSES under RSA, the ISP filing the SWIP is
CONTRACTUALLY OBLIGATED to supply NON-BOGUS contact info.
Thus, if a problem exists with a netblock, and you go to e-mail the
contact on the netblock, and you discover the e-mail address is
something like santa at north.pole.com, you can now go to the parent
block and complain.
If they ignore you, you can go to ARIN and complain. And ARIN can,
using the POC-cleanup language just added to the policy manual,
invalidate the SWIP entry.
This might come at a very bad time for the parent block - such as right
in the middle of their justification attempt to get more IPv4. Thus,
it is FAR MORE LIKELY that the threat of doing this will, in fact, get
the parent block to refile the SWIP with correct info, and if the block
holder CONTINUES to fail to respond to mails to the new, allegedly
valid, e-mail contact info, why then the parent block holder can STILL
have the SWIP invalidated by ARIN.
In other words, the way it is right now, ARIN has a big club to use
against the ISP/parent block holder that effectively forces them to
make sure that anyone they hand IP addressing out to, WILL in fact,
respond to complaints.
This policy change in effect gives up that club. Under it, if the
parent block holder/ISP uses their own contact info, and you send an
e-mail complaint to that contact info, and get no response - well then
ARIN cannot do anything to pull that SWIP since they would have to
pull ALL SWIPS using that unresponsive POC. And clearly they aren't
going to do that.
Thus the threat of losing the SWIP is gone, and we have less ability
to rein in those ISP's and netblocks who are out there DELIBERATELY
harboring spammers and network attackers.
I would feel a lot better about this proposal if additional language
was added that preserved that club.
Member Services wrote:
> Policy Proposal 95
> Customer Confidentiality
> The proposal originator submitted a revised version of the proposal.
> The AC will review this proposal at their next regularly scheduled
> meeting and decide how to utilize the proposal. Their decision will be
> announced to the PPML.
> In the meantime, the AC invites everyone to comment on this proposal on
> the PPML, particularly their support or non-support and the reasoning
> behind their opinion. Such participation contributes to a thorough
> vetting and provides important guidance to the AC in their deliberations.
> The ARIN Policy Development Process can be found at:
> Mailing list subscription information can be found at:
> Member Services
> American Registry for Internet Numbers (ARIN)
> 1. Policy Proposal Name: Customer Confidentiality
> 2. Proposal Originator: Aaron Wendel
> 3. Proposal Version: 2.0
> 4. Date: 10 June 2009
> 5. Proposal type: new
> 6. Policy term: permanent
> 7. Policy statement:
> ISPs may choose to enter the customer's name along with the ISP's
> address and phone number in reassignments and reallocations in lieu of
> the customer's address and phone number. The customer's actual
> information must be provided to ARIN on request and will be held in the
> strictest confidence.
> 8. Rationale:
> Version 2.0 clarifies the need for the customer name to remain in the
> SWIP and RWHOIS information.
> Customer contact lists are one of the most proprietary and confidential
> pieces of information in any business. The requirements for ISPs to
> publish those lists via SWIP or RWHOIS runs contrary to good business
> practices and invites competitors and others to solicit both individuals
> and companies receiving reassignments and sub allocations from upstream
> 9. Timetable for implementation: immediate
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML