[arin-ppml] Policy Proposal 95: Customer Confidentiality

George Bonser gbonser at seven.com
Fri Jan 29 03:37:13 EST 2010

> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net]
> Behalf Of Joe Morgan
> Sent: Friday, January 29, 2010 12:02 AM
> To: Owen DeLong
> Cc: arin-ppml at arin.net
> Subject: Re: [arin-ppml] Policy Proposal 95: Customer Confidentiality
> abuse. The people who are honest about customer swip data would still
> provide the actual customer name and would only hide the address and
> phone number. If somebody wanted the malicious user removed from a
> network they would still contact the person who the ip space has been
> allocated too and who is ultimately responsible for it. I don't think
> anyone here is trying to claim that they own the ip space or that they
> want to harbor malicious users.

I want enough information to call the end user directly or I want them
to be able to call me and tell me that it looks like one of my servers
is borked.  This isn't about the organizations wanting anonymity.  This
does not offer the end user any benefit and adds only additional work
for everyone involved for no benefit to anyone except those commercial
transit providers who wish to hide their customer base.  How do we know
that this would even make  much of a difference?

I am not against commercial transit providers, in fact I am all for
them.  In fact, anything that enhances competition tends to spur
innovation and reduce my costs.  This doesn't seem like one of those

The problem right now seems to be that anyone can determine what
prefixes are in use in a given area and crawl whois to find delegations.
There might be some kind of mechanism to get people the information they
want but everything I think of would be a lot more work for ARIN if they
were try to police who was abusing the system.  One thing I thought of
was something akin to a registration number that points to the POC.  In
order to get the POC, one would have to ask ARIN for it.  That could be
automated but some mechanism would have to be built to check for abuse.
Maybe a user registration would be required to get access to that
function and that user's access could be revoked if they abused it.  The
point being that unless a mechanism for providing that information for
legitimate uses emerges, I am going to be against keeping the POC
information a secret.

Having only a company name does very little for me, particularly when
the company HQ is in Korea or India and the network is in the US.  And
quite frankly, the fact that one ISP cold-calls another ISPs customers
matters to me about as much as one cell phone provider cold calling
customers of a competing provider or a company contacting people working
for their competition and offering them a job or a gas war between two
stations on a corner.  It's business and yeah, I understand that people
want every edge they can get but I believe the blanket secrecy of SWIPs
is a draconian way of dealing with the problem.


More information about the ARIN-PPML mailing list