[arin-ppml] Policy Proposal 95: Customer Confidentiality

Chris Engel cengel at sponsordirect.com
Tue Feb 2 11:53:56 EST 2010

Milton L Mueller wrote:

"> It's a fact that an audit can't positively confirm the accuracy of an
> end-user assignment without checking with the end-user.

But this fact does not necessarily imply a generalized capability of any member of the public to check with the end user. There are other mechanisms of doing audits."

Milton is absolutely correct here as well. So through a public lookup you know that ACME, inc has been assigned X number of IP addresses. As a member of the general public, how does that actualy help you determine whether that assignment is justified or not? A member of the general public may never have heard of ACME, Inc before and wonder why they should possibly get so many IP's....but they may have just signed a private contract to host all web services for Microsoft. You can't really expect that ACME has to divulge all the details of it's private contracts to anyone that calls them on the phone. ARIN's staff needs that info, because it's THIER job to justify the IP assignment...not John Smith's....and it's ARIN's staff that gets access to that INFO...under proper confidentialty rules.

So I'm not really sure of the utility of "public accountability" under such a scenerio. ARIN's accountable to the public for good management of a public resource. The people who request address space from ARIN are accountable to ARIN for utilizing that space in accordance with the justifications they provided for getting it. It's ARIN staff, not the public who actualy have the mechanisms to determine that. The public isn't really going to have the ability to determine whether ACME, inc is a legitimate business under private contracts to provide a huge number of services....or just a shell corporation being run out of some guys basement that's hoarding IP's to try to lease them out later.

Christopher Engel

More information about the ARIN-PPML mailing list