[arin-ppml] Policy Question(s)

Ronald F. Guilmette rfg at tristatelogic.com
Tue Oct 5 19:14:42 EDT 2010 

In message <6E785560-2860-4180-8192-4B95B7308314 at arin.net>, 
John Curran <jcurran at arin.net> wrote:

>On Oct 5, 2010, at 5:22 AM, "Ronald F. Guilmette" <rfg at tristatelogic.com> w=
>rote:
>
>> So my question remains... if _someone_ creates a brand new, fresh, newly
>> manufactured LLC, can some other company that happens to have an unused
>> /18 lying around just ``gift'' that /18 to this new legal entity the
>> very next day?
>
>Ron -
>
>    If you believe that resources were transferred contrary to the policies=
> as shown in the Network Resource Policy Manual, section 8 (Transfers), the=
>n report it on the already noted ARIN Fraud reporting link and we'll invest=
>igate and correct the Whois entries if changed contrary to community policy=


Thank you John.  Believe me, despite my reservations about what you
folks may or may not consider to be the specific types of fraud that
you feel are within your portfolio to look into, I most certainly
would (and will) accept your invitation, and report to you, via the form,
anything that, as you say, looks to me to have been contrary to the policy
as laid out in Section 8 of the NRPM.

But see, here's the problem... In this case in particular... and also
in at least one other I'm aware of... I honestly am having trouble
interpreting what the words... specifically in Section 8.3... actually
mean.  Can you please give me just a tiny bit of help with that?

    8.3. Transfers to Specified Recipients

    In addition to transfers under section 8.2, IPv4 number resources within
    the ARIN region may be released to ARIN by the authorized resource holder,
    in whole or in part, for transfer to another specified organizational
    recipient. 

This passage appears on the face of it to give you (ARIN) pretty much
carte blanche to approve inter-company transfers as you think best,
or not, as you think best.  (Note the use of the word "may".)  The above
would appear to make ARIN judge, jury, and executioner for all inter-company
and/or inter-organization transfer requests.  (Does that sound about right?
Or am I misreading it?)

So anyway, is this what happened with regards to 216.59.128.0/18 ?  I mean
did you folks simply elect, within your reasonable and authorized discretion,
to allow a older company to transfer this 11 year old block to a company
that was newly formed only last year, in October of 2009 ?

If that's all that happened here, then gosh no!  In that case there's
certainly no fraud and nothing for me to report.  (And in fact, my
lawyer tells me that if there's no fraud, and if I nontheless report
something to you via your ``fraud'' form, then that act, on my part,
could very well be actionable.  Yikes!)

So again, this is a policy question:  May a company which is still very
much alive and kicking request that ARIN transfer some block it owns
to some brand new, newly manufactured company with no history whatsoever?
Is that permissible under ARIN's discretion granted in 8.3. as set forth
above?  And even if it is permissible for some company to _request_ such
a transfer, is it permissible, under the policy, for ARIN to _grant_ such
a request?   And if it is actually permissible under 8.3. to do that exact
thing, then may *I* go forth now and start buying up blocks of ARIN region
IP space, you know, as an investment, with equal confidence that you will
willingly transfer any blocks that I might buy to _my_ new company, just
as, it would appear, ARIN did in the case of 216.59.128.0/18 ?

And if the answers to all of the above questions are "no", then really,
I would very much like to know how an 11 year old block that belonged
to a company that is very much still alive (http://globalitcom.com/)
ended up registered to a shadowy mystery company that has no web site
and that, according to California Secretary of State online records,
was only formed just late last year (i.e. orangeisp.com[1]).

This is only marginally a question about what policies did or did not
allow _these companies_ to effect or to request this transfer.  It is
really more a question about what policy or policies _ARIN_ was being
guided by when it approved and allowed this transfer.

(Note: I rather doubt that Orange County Networks, LLC sent you ARIN folks
any fradulent documents claiming to be an 11 year old company, and even
if they had done so, it would have been easy enough for you folks to check
and disprove that online, in just a few seconds.  So it would appear that
ARIN knowingly approved the transfer of an 11-year-old /18 block to what it
knew, or could easily have known, was a brand new... albeit somewhat dubious...
company.)

So anyway, that's really the crux of the matter, from my perspective.  And
any light you can shed on the specific policy verbage, within Section 8,
that may have either authorized or mandated ARIN to effect this transfer
will be much appreciated.  (Obviously, as I've noted, the exact policies
ARIN is actually following with respect to inter-organization transfers
have some potentially HUGE financial implications... implications that,
in time, may ultimately affect everyone within the ARIN region.)


Regards,
rfg


========
[1]  John, at least, and maybe some others here, already know what types of
companies I tend to pay special attention to on the Internet.  People can,
I suspect, draw proper inferences from that, without me having to say any-
thing else explicitly.

More information about the ARIN-PPML mailing list