[arin-ppml] WhoWas Service Now in ARIN Online Announcement

[Owen DeLong]

On Mar 28, 2012, at 1:27 PM, admin at directcolocation.com wrote:

> I do agree that it is not a bad thing but I do not see how it is a fair
> approach for a new service being applied to the whois at this date
> forward, if you were in the business of LAW then it would appear that it
> was a law that was being implemented and now would effect you on anything
> you have done in the past vrs now that you know making sure that you
> govern yourself accordingly.
> 

I completely disagree.

Nothing being published by ARIN today is anything that ARIN did not
publish in the past. In the past anyone could have archived what was
published and so there is no new exposure from ARIN making it
available today.

It is a convenient and useful tool and I really don't believe it is a
case of ex post facto as you describe it.

> I am not a lawyer but I think they call this ex post facto in the fact you
> cannot punished for something you did in the past.

ARIN isn't punishing anyone. They are simply re-publishing data that
they once published some time ago. Once you give someone your data
and permission to make that data public, the data is public. It seems
beyond illogical to me for you to think that ARIN should somehow be
enjoined from publishing it again at a later date as a historical reference.

> The problem I see is in this case is that as we all know the anti spammers
> are not held accountable by any law or in some cases we do not know who
> they are and or where they are, so if the  have this information at there
> disposal.
> 

I think it is absurd to make ARIN responsible for all possible uses by any third
party of any data that ARIN publishes. ARIN has placed a reasonable AUP
around the data and requires authenticated access and active agreement
to said AUP prior to access.

> Could it put ARIN a position of some kind of liability from a potential
> law suite for providing this information based on private business models
> and who one chooses to do business with based on the legal side of the
> quote can spam act as all spammers will calm they follow.

Huh? ARIN is publishing again data ARIN previously published with full
permission of the provider of the data. There has never been an expectation
of or procedure for one to revoke their permission to publish said data.

I just can't figure out how to apply what you are saying to the current context.

> The problem could be perceived is that the network operator is being
> punished here by unregulated anti spammer groups and thus harming the
> business income of that operator by the act of ARIN providing access to
> this information to unregulated anti spammer groups, vrs the operators
> business income being harmed because of the actions of ARIN providing the
> unregulated groups access to the info.

If the information was published previously, how is publishing it again
an issue here? The alleged unregulated anti-spammer groups of which
you appear to be so afraid had access to the data already in the past.

> Again I am not a lawyer, but this should be considered, because anti
> spammers, like spammers hide themselves. With out the ability to regulate
> the anti spammers and hold them accountable for there actions of the use
> or mis use of this service, while there is some legislation in the can
> spam act that has holds the spammers to some accountability.

Given that it requires an ARIN-online account and agreement to an AUP to
access the data, I'm not sure how you can claim that a user of this data could
hide, but, even if they can, since it's public data, I'm just not sure what the
issue could be.

> I would venture to say in our law suite happy world that some sharp lawyer
> might just challenge the use of this service harming an operators business
> income and go after the provider of information that caused the harm in
> this case ARIN.

You can sue anyone for anything at any time regardless of whether there
is any legal basis to do so or not. Such is the nature of our system. However,
to me, this is the moral equivalent of the following scenario:

1.	Library makes book Q available for lending.
2.	Library takes book Q off the shelves for several weeks/months/years.
3.	Library again makes book Q available for lending.
4.	Some data in book Q is somehow used by party Z to harm the
	income of business XX.
5.	Business XX sues the library for placing book Q back on the shelf.

Unless I'm missing something, this is just plain absurd.

> I guess we should consider if any of the other RIR's are doing the same
> service because that would negate this concern.

If they aren't yet, they should definitely be encouraged to do so. However,
they operate in entirely different regulatory frameworks with which I am
completely unfamiliar. Given some of the stranger things about German
privacy laws and pseudo-laws, RIPE might have some issues, for example.

> I am sure they would try to site that as a difference in single out of
> ARIN if it came down to that extreme situation.

I think you mean cite, but, ARIN has often been an innovator among the
RIRs, so the fact that we're doing something the other RIRs may not be
doing yet really doesn't strike me as all that material to the discussion.

> Also do you know if the service will be used on IPV6 whois so as this goes
> forward we will be able to have that information there also or is just on
> the IPV4 whois

I believe it covers all ARIN whois data current and historic.

Again, entirely public data that has been published in the past and is
being published again. Nothing proprietary, nothing about business
relationships that hasn't been disclosed publicly in the past, no new
information, and nothing that the provider of the data did not consent
to disclosing.

Owen