[arin-ppml] New Version of ARIN-prop-126: Compliance Requirement

Owen DeLong owen at delong.com
Wed Feb 16 12:49:42 EST 2011

>> 12.6 - Update to: Except in cases of fraud, an organization shall be
>> given a minimum of thirty (30) days to respond. If an organization
>> does not respond within those thirty (30) days, ARIN may cease
> So they can take up to a minimum of thirty days to respond, and if
> they exceed the minimum they get the hammer dropped on them? You mean
> maximum?
I agree this needs some wordsmithing.

I think the intent is:

	1.	They get at least 30 days to respond. (ARIN can allow longer).
	2.	If no response is received after at least 30 days, ARIN can
		"drop the hammer" as you put it at any time thereafter.

>> providing reverse DNS services to that organization. If progress of
>> resource returns or record corrections is not visible within sixty
>> (60) days after correspondence with ARIN began, ARIN will cease
>> providing reverse DNS services for the resources in question. At any
>> time after ninety (90) days have passed, ARIN may initiate resource
>> revocation as allowed in paragraph 12.5. ARIN shall negotiate a longer
>> term with the organization if ARIN believes the organization is
>> working in good faith to substantially restore compliance and has a
>> valid need for additional time to renumber out of the affected blocks.
> It's expensive and complex to respond to section 12 audits. This
> increases that expense for member orgs. It gives the Corporation too
> much leeway to do harm to its members, more than the substantial
> amount that we already allow through "discretion". Discretion also
> results in unpredictability. Policy should be as predictable as
> possible. That "discretion" could result in significant litigation and
> additional potentially unnecessary legal expenses. [2]
I'm not sure that this term member means what you think it means.

The vast majority of resource recipients from ARIN are not ARIN members.

This does not increase the expense of a section 12 audit. It might make
one more likely, but, it does not increase the cost of performing one.

The discretion given here is to allow ARIN to be kinder to an organization
that appears to be trying to cooperate with policy. I do not understand
how you think that ARIN is more likely to get sued for being more patient
with a cooperative organization.

> These audits take time and people. Some of these audits also "appear"
> to be being conducted with what might be questionable[1] "probable
> cause" as a result of tip-line like  fraud reporting activity. A
> majority of the fraud reports seem to be false positives. Revocation
> is the ultimate hammer and ARIN already has that power.
Since the vast majority of fraud reports are dismissed as out of scope
without conducting a section 12 audit, your false positive claim is
both accurate and meaningless.

Of those not out of scope that did result in section 12 actions,
I count 6 that resulted in appropriate and necessary policy action
(not false positives) and 5 that were found to be false positives.

Last time I looked, 5 < 6, so, the majority of the section 12 audits
listed in your referenced URL are not false positives.

> Not in favor of this proposal. Section 12 is already ripe for abuse.
> ARIN should never shut off reverse unless a network is revoked since
> the possible collateral damage is too high and will likely cause
> problems for many others depending upon who gets crunked with this
> proposal. I would support a cap on answer-days to the path of
> revocation, but this proposal appears to be overkill based on the
> current data points that we have demonstrating a real problem (none).
I have no problem with updating the policy to revoke the resources
rather than merely terminate DNS. I think that the author considered
suspending DNS as a kinder, gentler first step towards revocation.

It sounds like you feel that revocation should be the immediate
action, instead. Perhaps this viewpoint explains the idea that ARIN
could get sued for being nice as well.


> Best,
> -M<
> 1. https://www.arin.net/resources/fraud/results/third_quarter_2010.html
> 2.  https://www.arin.net/about_us/corp_docs/budget.html
> In 2010, ARIN budgeted .5M for legal expenses. ARIN has recently
> suggested that some proposals may interfere with fee reductions for
> members. The 2011 budget is not posted and I have no idea what that
> number will be or what the corporation thinks performance to that
> number will be).
> _______________________________________________
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list