[arin-ppml] ARIN-PPML Digest, Vol 58, Issue 49
rudi.daniel at gmail.com
Sat Apr 17 23:57:50 EDT 2010
Having shown some support for 2010-3 in the past; all the comments I have
read to date on both sides leads me to reconsider and I would therefore not
support policy change 2010-3 as written. However I could never
imagine *" policy
were (can) to be construed as conferring on ARIN a duty to shield that
information"* from anti-abuse researchers and investigators.
> The Digital Crimes Unit within Microsoft investigates cybercrime attacks
> against our customers and services. We rely on information from the ARIN
> database to correlate and identify the source of nefarious online
> activities. As such, we oppose any policy change that would lessen the
> quantity and quality of information in the ARIN database. While we
> recognize the importance of data privacy, we strongly believe that the
> proposed changes would only hamper the security community's ability to
> investigate and mitigate cybercrime.
> Restricting access to the WHOIS data has the potential to slow or
> bottleneck investigations and security initiatives because customer
> addresses and phone numbers are critical to anti-abuse investigations.
> Although the current WHOIS data is not wholly reliable, further anonymizing
> and restricting the available data would only serve to weaken security and
> anti-abuse efforts. At best, requiring anti-abuse researchers and
> investigators to formally request needed customer data from ARIN will delay
> progress on time sensitive investigations and incur additional costs for
> both ARIN and the security community. At worst, the policy, as written,
> could seriously obstruct investigations if the policy were to be construed
> as conferring on ARIN a duty to shield that information.
> That ambiguity itself raises serious concerns about how the policy changes
> would be implemented in practice. According to the proposal language, "the
> customer's actual information must be provided to ARIN on request and will
> be held in the strictest confidence." This leaves open the question of when
> and under what circumstance this data would or could be shared with
> investigators, with the likely outcome being uncertain and inconsistent
> standards for both withholding and disclosing data.
> Given these serious concerns, we urge that this policy change not be
> adopted and we thank you for considering this feedback on Draft Policy
> Richard Boscovich
> T.J. Campana
> Angeline Lee
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ARIN-PPML