[arin-ppml] Audits

John Curran jcurran at arin.net
Sat Nov 6 09:29:30 EDT 2010 

On Nov 6, 2010, at 5:19 AM, Owen DeLong wrote:

> On Nov 5, 2010, at 11:49 AM, John Curran wrote:
> 
>> On Nov 5, 2010, at 2:19 PM, Leo Bicknell wrote:
>>> What would the community have to get the ARIN staff to go proactively
>>> looking for fraud, abuse, defunct companies and other non-compliant
>>> uses of the address space?
>> 
>> As usual: have the community develop an appropriate policy and ensure that 
>> there is an adequate level of support for the increased ARIN costs (which 
>> will appear back as overall service fees) once we get to implementation.
>> 
> 
> John,
>    We tried this with 2010-11 and the community abandoned it primarily
> because staff said it wasn't necessary and they got the message that we
> wanted them to be more active and report more on anti-fraud activities.

Anti-fraud activities: Yes.  We are actively reviewing reports, reclaiming
resources, and trying to improve our reporting of these activities.  We've
got a clear definition of Internet number resource fraud, and the staff can
attest that we're putting much more attention here. 

Note, however, that scope of Leo's request is *much* larger than 2010-11, 
as 2010-11 was predominantly how ARIN handles various events in a reactive
basis, where as Leo's question about staff going "proactively looking" for 
violations, and that could be require enormous resources depending on the 
actual policy scope.

Leo's message also includes both "abuse" & "defunct companies" which 
definitely require better definition via policy before ARIN knows how to 
ramp up these activities.  If abuse means anything other than the fraud
definition we're using, then we need to be very clear about what you all
believe constitutes abuse.  

We have similar issues with resources held by "defunct" organizations, 
since it can be very difficult to find the appropriate original legal 
entity that was assigned a legacy resource, and then even more challenging
to determine if they're actually defunct when there's no declaration of
same, given the chain of mergers, acquisitions, and divestitures that 
occurred in this the early days of this industry. 

Tracing these legally is just manageable when dealing with someone inside
the successor firm, who has access to their legal records, and is willing 
to be responsive to our requests for documentation (as occurs with transfers 
due to merger and acquisition.)  Attempting to prove the same decades later 
entirely from external legal records would to be a real adventure...

>    From your message above, it appears only the report more portion
> of the message actually got through.

Incorrect. We're more active in pursuing and reporting anti-fraud 
activities, but the scope of Leo's request is far far greater.

/John

John Curran
President and CEO
ARIN

More information about the ARIN-PPML mailing list