[arin-ppml] Comments on Draft Policy 2010-3: Customer Confidentiality
jeffc at surbl.org
Thu Mar 18 11:20:44 EDT 2010
Here are my comments on "Draft Policy 2010-3: Customer
Privacy and transparency are both worthy and sometimes
contradictory goals. Current ARIN policies on network
registrations strike a good balance between the two. They should
not be changed. In particular, registrations of residential
networks are not required to reveal personal names or home
addresses, and this seems appropriate. Reference:
The proposed new policy would allow ISPs to withhold providing
some of the contact information for business customers.
Businesses are already public entities, so this change seems
unnecessary and possibly counterproductive. The main benefit
would appear to be in not exposing ISP customer lists, however a
practical effect would be to require a court order to ARIN to
discover the business user of an IP address.
Such restrictions could severely hamper private operations that
significantly help to secure the Internet, such as security
research, botnet and malware mitigation, notification about
cracked servers and networks, etc. By slowing down access to
contact information, indeed severely restricting access to it,
routine actions which today help protect the Internet community
could be severely obstructed to the point of preventing them from
happening in many cases.
Therefore I oppose the proposed new policy.
ARIN should instead focus effort on improving the quality of
registration data. Too often, registration data are out of date,
fraudulent or otherwise inaccurate. Providing inaccurate contact
information is a disservice to the community.
Please note that I am commenting as a concerned individual and
not on behalf of an organization, but I believe the views above are
widely held by many in the security and anti-abuse communities.
mailto:jeffc at surbl.org
More information about the ARIN-PPML