[arin-ppml] Regarding unauthorized changes (Re: Policy question)

Ronald F. Guilmette rfg at tristatelogic.com
Fri Sep 21 16:56:47 EDT 2012

In message <B4DC4A48-F782-41FC-86E7-5E76D19260F3 at sonn.com>, 
Steven Noble <snoble at sonn.com> wrote:

>Sent from my iPhone
>On Sep 20, 2012, at 7:39 PM, Jimmy Hess <mysidia at gmail.com> wrote:
>> For example, if an organization fires their employee who is also their
>> Administrative POC, but ARIN is not informed.    The former
>> administrative POC is no longer authorized within the organization to
>> make changes.
>> If that person,  still listed as a POC for the resource, comes to
>> ARIN,   and requests unauthorized changes,  such as a change of
>> address,  or deletion of  other contacts, and they are executed,
>> because ARIN was never informed that the contact is no longer
>> authorized.....
>> Will ARIN revert those changes, and replace the Admin POC with the new
>> one,  when provided a suitable attestation by the officers of the
>> organization?
>If said employee was to do that they would probably be in violation of quite a
>few laws...

I am not a lawyer, but actually, I suspect that only one ``law'' is being
violated in this and other such similar cases, i.e. common law fraud.

And this brings the discussion back around full circle to my original
question, which was about whether or not ARIN routinely makes referrals
to law enforcement when it notices cases that seem, rather unambiguously,
to involve blatant fraud.

John C. has affirmed that such a policy is in place, and I, for one, certainly 
hope that ARIN does make such referrals.

Over time, I have seen many many cases of fraud, perpetrated against ARIN,
and thus, by implication, against all of us, the entire Internet community.
Whereas, as some here have suggested, it might perhaps be possible to make
some adjustments, here and there, in ARIN procedures to make this sort of
thing either less easy or less likely, I don't think that we or ARIN could
ever devise any system that would absolutely prevent all such possibilities...
not without those policies & procedures turning into a straightjacket for
all of the legitimate users of ARIN's services that is.

And this is why I believe that it is vitally important that ARIN should be
vigorous in seeking the active participation of law enforcement (and/or the
courts, e.g. with private civil suits) in all cases where ARIN has been
intentionally subjected to fraud.  To allow any one of these instances to
go entirely unpunished is to encourage the NEXT fraud against ARIN, and the
next one after that, and so on.

Unfortunately, I am not personally aware of any malefactor who is currently
serving time for having perpetrated a fraud against ARIN.  This is true
despite the fact that I am quite completely sure that there are a number
of entirely worthy candidates out there.

Any crime, without consequences, will be repeated, ad infinitum.


More information about the ARIN-PPML mailing list