[arin-ppml] Policy Proposal 117: Required Resource Reviews

[Benson Schliesser]

I'm opposed to this policy proposal.  Overall, my opinion of this is expressed by Michael Dillon's comment:

On 21 Jun 10, at 8:37 AM, <michael.dillon at bt.com> <michael.dillon at bt.com> wrote:
> Personally, I don't see the need for a policy that ORDERS staff to
> do these reviews. I feel that it would be better to be done at the
> discretion of the BOT who can also take into account resourcing issues
> and other work that the staff could be doing. That's why we trust
> the trustees to run the organization.



That being said, here are some additional more-specific thoughts:

On 21 Jun 10, at 7:39 AM, Member Services wrote:

> a. Report or discovery of an acquisition, merger, transfer, trade or
> sale in which the infrastructure and customer base of a network move
> from one organization to another organization, but, the applicable IP
> resources are not transferred. In this case, the organization retaining
> the IP resources must be reviewed. The organization receiving the
> customers may also be reviewed at the discretion of the ARIN staff.

It might be more reasonable to narrow the scope to M&A activity where the network infrastructure/customers IN WHOLE are transferred to a new controlling party while the address resources are not.  The sale of any PART of a network , infrastructure, customer base, etc, shouldn't require an investigation unless ARIN staff believes there is an issue with one or more surviving party.

> c.Upon receipt by ARIN of five or more reports from separate individuals
> representing at least three separate organizations of fraud or abuse for
> the same organization or the same IP address block.

If there is good evidence of fraud or abuse from any individual, ARIN should investigate.  But it should be at the discretion of the staff.  Requiring ARIN to investigate any/all claims, simply because of the number and variety of complaints, could result in wasted resources.  It also creates an environment that is easily manipulated, encouraging political gaming and potentially undermining the community.

> e. An organization which submits a request for additional resources when
> more than 25% of their existing resources are obscured in SWIP or RWHOIS
> pursuant to section 4.2.3.7.6 (residential customer privacy).

This is not only unfair to a class of ISPs serving residential users, but it also fails to address the issue directly.  If the concern is regarding lack of visibility into address assignments and/or their legitimacy, then there should be a more general way to characterize it that covers more than just Customer Privacy scenarios.  And, of course, it should leave the decision to investigate up to ARIN's discretion.

Cheers,
-Benson