[arin-ppml] Policy Proposal 95: Customer Confidentiality

[Ted Mittelstaedt]

Leo Bicknell wrote:
> I supported the petition for this proposal.  I did that not because
> I think this proposal is perfect, but because I think the issue is
> still important and relevant.  Also, as I have already posted, I
> believe there is a new twist on it with respect to IPv6; which may
> not be discussed in this proposal but it can be a vehicle for this
> discussion.
> 
> However, this issue is not new.  Some of our newer members may not
> understand that.  If you were not around for the following discussions,
> you may want to look in the Policy Proposal Archive on ARIN's web
> site, and or reach some back PPML archives....
> 
> 2001-7: Bulk ARIN WHOIS Data
> 2002-4: Bulk Copies of ARIN's WHOIS
> 2002-8: Privatizing POC Information
> 2003-1: Required Performance of Abuse Contact
> 2003-2: Network Abuse
> 2003-5: Distributed Information Server Use Requirements
> 2003-9: WHOIS Acceptable Use Policy (AUP)
> 2003-11: Purpose and scope of WHOIS directory
> 2003-16: POC Verification
> 2004-4: Purpose and scope of ARIN WHOIS directory
> 2004-6: Privacy of Reassignment Information
> 2004-7: Residential Customer Privacy
> 2005-2: Directory Services Overhaul
> 2006-1: Residential Customer Privacy
> 2006-6: Bulk WHOIS agreement expiration clarification
> 2008-1: SWIP support for smaller than /29 assignements
> 2008-7: WHOIS Integrity Policy Proposal
> 
> If you want my take on the entire area; the vast majority of folks
> are unhappy with the current state of how SWIP/WHOIS/contact
> information is entered, used and distributed.

I have to disagree with that.  Everyone on this list has not posted
regarding this issue.  The people posting are the ones who are
unhappy and the ones (like myself) who think their objections are
unwarranted.  But that is not the "majority of folks"  It MIGHT be
the "majority of posters" but the posters on both sides are a
minority.

Also a lot of people are unhappy with how the information is entered
because they don't like the SWIP system and want to replace it with
some webinterface thing, they are not objecting the the actual principle
of making the data available.

Other RIR's don't seem to have a problem with this data being available
and I frankly think that the reason this topic generates attention
on this list is that because the list is heavy with people from North
America where so much of the Internet connectivity is provided privately 
by corporations.

In the US there is this cultural mythos surrounding the perceived
"business underdog".  People root for the small guy against his large 
competitors, Microsoft for example was the darling of the hobby market
when it was slugging it out with IBM - then when Microsoft got big
everyone who loved it turned their back on it and now they love Apple,
(and are willing to pay 6 times for a computer for the privilege but
that's a different story).  This despite the fact that the little guy
in some cases is providing an inferior product against the big guy.
(ie: the ipod shuffle vs the Sony MP3 walkman)

The people pushing these "cover your IPs" type proposals like to frame
it as David vs Goliath, due to this mythos, and it always gets good
press, the small struggling ISP being poached by the giant lumbering
ISP who sets their sales dogs to digging into WHOIS.

The reality is that there isn't significant customer loss from poaching
WHOIS from a business that is doing a good job and keeping it's 
customers happy.  Speaking from sales experience, trying to poach 
customers from a WHOIS list is really, really dumb.  A good salesman is
going to define a territory of customers, figure out how to serve
them, then go after them.  A territory is commonality between
customers.  Some companies use geography as a criteria, some
use type of business. Some use connections and their customer
territory looks senseless from an outside observer until you
find out that all their customers golf at the same course as the
salesman.  NO territory I ever heard of a salesman using ever
mapped neatly onto TCP/IP ranges.  ISPs do not customarily
group all their medical customers into the same IP range, or
all their construction customers, or all their customers who
run webservers.  You could get a better lead
list from pointing a blunderbuss at the phone book and pulling
the trigger and going after anything still readable than by
pulling WHOIS data.  At least, with the phone book method, they
would all live in the same area.

 >  However, even though
> perhaps 80% of the people are unhappy with the current system, no
> more than 20% of the people can agree on any "solution", and thus
> the status quo always wins.
>
> However I think the sheer number of proposals is proof that the
> status quo is not working for a lot of people.
>

The sheer number of proposals is frankly because the opponents
of the status quo are arguing on principle, as are the supporters
of the status quo.  It is an argument that YOU, Leo, aren't going to
solve, nor am I.  It is like the Abortion argument in the US, it's
a fight based on principles on both sides, and it isn't going to
end, ever, no matter what the law is written to say.

If the status quo was that ARIN covered everything then there
would be just as many proposals to OPEN the database.

> Sadly though, the discussion has already devolved into useless
> analogies, attacks, lack of understanding, lack of empathy, and
> down right cynicism.  Everyone is sure there is some ulterior motive
> involved, to hide a spammer, make money, or game the system.  Rather
> than thinking about Joe Average, everyone is talking about the one
> corner case that will always exist, no matter what system we have
> in place.
> 

I am sorry you are so cynical yourself to say that but that
just isn't true.

As someone else posted this topic is fundamentally an argument
of the Good of the Many outweighing the Good of the Few, or
the One.  (for those Trekkies out there)  Yes, for some
"corner cases" it might be beneficial to privatize their
SWIPS, if for no other reason than they lack the creativity of
coming up with baloney names for SWIP entries (ie: Universal
Exports, Binford Tools, and the like)  But the community would
suffer, as there is currently NO procedure for routine audits
by the RIR of the SWIP data, nor is there ever likely to be,
and almost certainly nobody on this list would be willing to
see their fees increase to pay for one.  IPv6 does not change
this because the issue here is reachability of the other guy who
is spamming/attacking/whatever to you vs reachability of the
other guy so you can waste your time trying to poach him.

History is replete with examples of this kind of argument, over
a great many topics, and there's no shortage of them today.
People get emotional and come up with wild scenarios to prove
their point because this is how these arguments work.  And usually
there is not much movement from either side - which is why the
AC tried dropping this proposal in the first place.

I will close with one last point, and that is the Internet got
to where it is today with the system it has now.  That is probably
the most compelling argument that openness in WHOIS was the
right choice in the beginning, as it has WORKED.

Ted