[arin-ppml] POC privacy
kkargel at polartel.com
Fri Oct 26 12:28:32 EDT 2012
The tech and abuse PoC's need to be public. They need to be real, accessible and responsive contacts. If they are not publically accessible they are useless. If you make them private just eliminate them.
I would go in the other direction completely and say that there needs to be a public reporting process where members of the public could easily report non-responsive Tech and Abuse contacts to ARIN and then ARIN could investicate and remove non-responsive contacts.
Admin PoC's also need to be public to accept legal communications.
If all contacts for a netblock are non-responsive then the netblock should be considered abandoned and reclaimed.
Think about it.. These are *CONTACTS* .. What good is a contact if you can't "contact" it..
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of Patrick Klos
Sent: Friday, October 26, 2012 10:30 AM
To: ARIN-PPML at arin.net
Cc: Klos Technologies Legal Folder
Subject: Re: [arin-ppml] POC privacy
Andrew Koch wrote:
Yesterday during the open mic at the policy meeting, Mike Joseph of
Google had planted an idea of making Admin and Tech contacts private.
Rather than being able to move all Admin and Tech contacts to being
private, I would be in favor of requiring one public POC of each type
be visible. However, additional POCs of those types could be marked
This would provide for the ability to move all but a select
representative or role account to receive communications into a
private status. These private POCs could continue to manage
resources. It also balances the concern that POCs may receive a large
bit of unwanted communications and the need to contact them.
As I think about this a bit further, creating a role POC and then
being able to link multiple ARIN Online accounts to that role POC is
already available. This would meet the ability to manage resources,
but not place personal details in the public database. So, I think
further information on the drivers of this are needed.
In some after-meeting discussions, another thought that was brought
forward was moving the ability to view certain POC data to a
restricted system. For example, in public whois, the resource would
link to a POC name, but the details (name, phone, email) would be only
accessible after logging into ARIN Online, or using REST with an API
These ideas of hiding POCs are ridiculous! What is the purpose of a "point of CONTACT" if you cannot use it to CONTACT someone?!?!
I constantly use POCs to try to notify resource owners that their resources (usually a server on their network) have been compromised and are behaving badly (i.e. hosting phishing sites or viruses/trojans). I don't get paid to do it - I do it because it needs to be done. If more obstacles are put in my way (i.e. requiring me to use various web interfaces and log in to get the details I need), I will have less and less time to help out the community.
What are people worried about that they feel their POC information should be "private"??
1. A little spam?!? I get so little spam on my POC email addresses, it's silly to worry about it!
2. What else? Privacy?? Businesses (legitimate ones, anyway) have no reason to hide themselves!
What good is a "private" POC? Who would ever got to use it if it's private???
Can someone come up with a single legitimate example of why they should have public Internet resources assigned to them, but their contact information should be hidden from the world??
Klos Technologies, Inc.
More information about the ARIN-PPML