[arin-ppml] private whois record

[Chris Engel]

> Respectfully, that's a specious argument. My contact information has
> been published multiple places in the whois system for going on 20
> years. Very little that shouldn't reach me gets through the spam
> filter and I can count on one hand the number of times I've been
> called based on the whois information by someone who had no business
> calling.
> 
> Then too, timeliness is a factor. Whether it's "you're attacking my
> network, please stop" or "You stole my photo; I'm hopping mad and
> ready to sue," it's important that an intermediary not exacerbate the
> situation with delay, confusion and general non-responsiveness.
>

All I can say, Bill, is that your experience is in direct contrast to my own and to that of many of the clients I work with.  Any publically listed contact information will be routinely abused for all sorts of purposes that have absolutely nothing to do with the listing. The more prominent the brand, the greater the degree of abuse.  This does not absolve an organization wishing to operate on the public internet from the responsibility to publish public contact information.  However any insistence that they not be allowed to delegate that responsibility to resources that are most cost effective in dealing with it and to put appropriate screening in place to separate legitimate requests from illegitimate one goes too far. At that point you are starting to dictate to the private organization how best to structure it's own internal processes, which goes beyond your prerogative.  The only thing which legitimately falls within your prerogative is to insure that the OUTCOME of that process is that a legitimate complaint gets addressed in a timely fashion and to have an accessible method for determining who to hold legally responsible if it doesn't.


> It has been discussed. Every couple of years since the .com and .net
> registries started allowing it.
> 
> The short version is that culturally speaking, folks in North America
> place a much higher stock in process transparency than folks in Asia
> tend to. Corrupt practices have trouble standing the light. We are
> suspicious approaching paranoid about public secrets and try to allow
> them only when it would be exceedingly destructive not to. When it's
> appropriate that information be reported at all then, everything else
> being equal, it's also appropriate for that report to be public. Trial
> records. Real estate taxes. Presidential birth certificates. And the
> identities of address holders.
> 
> Regards,
> Bill Herrin


There are some individuals and even organizations (battered women's shelters, etc.) that have legitimate privacy concerns about cyber-stalking and other forms of abuse.  In those cases, as Bill already mentioned, it IS possible to create a legal entity (DBA, Trust, etc.) that is not necessarily reflective of the individuals real name or the organizations actual business purpose. All that's really important that a block is tied back to some legal entity which has legitimate means for contact and who can be held responsible for said block.  All you really need to know is that block x.x.x.x is held by "The ACME Group" and here is functional contact information for them for abuse reports or if you need to seek legal recourse against them.  You don't necessarily need to know that "the ACME Group" is really a DBA for the Detroit Battered Women's Shelter and the Admin is Sally May who went to Grover Cleveland High School....and here's her direct dial so you can harass her.

Concerns for Privacy and Accountability need to be balanced in a sensible fashion.  As there are legitimate concerns for both.



Christopher Engel