[arin-ppml] 8.2 Transfers at ARIN

[David Huberman]

In the context of an 8.2 transfer request discussion, John Curran posted:

> To elaborate a bit, it's important to remember that in the circumstances where someone
> is attempting to hijack resources (which looks quite similar to those attempting to
> update resource records but unable or unwilling to provide supporting documentation),
> there's another party that could be potentially harmed if ARIN does not take reasonable
> and proper care in processing the request.

Without question, and ARIN's many years of anti-fraud efforts and organization-wide
commitment to fighting these scammers deserve a standing ovation.  Leslie and her team
have fought the good fight for years, and have prevented and stopped huge amounts of
fraud. Thank you Leslie and ARIN!!

But there has to be a better way for the 95%+ of requestors who ARE telling the truth;
whose asserted transactions (company A merged into company B) really did happen, and
they just want to update Whois records. To give a real-world example of the kinds of things
I'm talking about ...

I work for a public corporation.  I cleaned up some of our records this fall.  (I'm still working
on it, actually.)  For one M&A transaction, I provided a signed, notarized Secretary Statement
from a high-ranking Officer of my corporation stating unequivocally that the Corporation owns
all the assets of the former entity.  That letter was rejected as insufficient.

I can deal with that rejection, as I'm a full-time IPAM person.  But the same response is given
to small shops where the requestor is also the sole network engineer, and performing all ops 
functions, and probably all in-house IT, too.  And those processes are way too much for the 
little guy, in my experience.  And that's why I'm here.

I'm not trying to pick on anyone with that example.  I've stated very clearly in this thread that it's
a combination of POLICY and procedure which I believe is standing in the way of 90+%
approval and completion rates (where the only requests not approved are the ones where
the requestor is being lazy and doesn't respond to simple queries, and requests that are
submitted in bad faith).    But the example is apt, I believe.  The process is much too onerous
for the 95% of 8.2 requestors who are acting in good faith, in my opinion.

I'd like to introduce policy language which prompts staff review of transfers which will, in
many cases, require no submission of legal documentation by the requestor where possible.
I don't know what the language looks like, but I'm actively thinking it through. It would 
really help if this dialogue was responded to, and continued, with more than just the 
regular commenting crew.  If you're a network operator, a broker, or anyone with a vested
interest in helping ARIN get better, please jump in and let's discuss options for helping our RIR
reach new heights to help the operator community!

David R Huberman
Microsoft Corporation
Senior IT/OPS Program Manager (GFS)