[arin-ppml] Policy Proposal: Customer Confidentiality

michael.dillon at bt.com michael.dillon at bt.com
Wed Jun 10 14:27:26 EDT 2009

> We as a community need to answer a question. Do you think the 
> community needs to know the details of every user of the IP 
> address space, or do they just need to know the contact 
> information of those that are responsible for its use?

Personally, I would like to see certain details that are
not currently published. I don't want to know names,
addresses, phone numbers or email addresses. But I would
like to see NAICS codes <http://www.census.gov/eos/www/naics/>,
number of employees at this site, date of first Internet
connection to this site, and similar data. For private residences 
there would be no NAICS code, just private residence, number
of people living at the address, date of first connection, etc.

This type of info would actually be of some use to the
"community" if you interpret that word to mean all of the
inhabitants of the ARIN region collectively.

> The idea of whois as a directory of Internet users is 
> ridiculous.

That's the ARPANET legacy. Back then it was not ridiculous,
in fact it was necessary to justify budget allocations. Back
then most people used multiuser systems, and every individual
account was counted.

> That large of a pool, not included 
> in the set, makes that purpose pointless.

The people who really need that kind of data are making alternate
arrangements to get it from ISPs. There is no longer a role for
a central database (SWIP) or even a centralised database search
mechanism (RWHOIS).

> ARIN can request 
> whatever information they want under the RSA.

And sometimes the hostmasters just prefer to take a database
dump in a spreadsheet or access db, instead of looking in 
whois. Errors can creep in between the translation of an ISP's
internal databases into SWIP/RWHOIS. And let's stop pretending
that SWIP and RWHOIS are cool technology. They are utter crap
that may have been cool back in the teenage days of the Internet
but should have been replaced long ago. Reform is needed at
many levels, including both policy and technology.

> The only purpose whois can serve, in today's world, is as a 
> contact directory for abuse or other issues,

And I would like to see this purpose take center stage, be
recognized in policy, and implemented in both technology and
ARIN processes. The processes would be involved with constantly
revalidating the data in the directory to make sure that it
can actually be used for Internet operational issues.

--Michael Dillon

More information about the ARIN-PPML mailing list