[arin-ppml] Response to the ARIN counsel's assessment of 2014-1 (Out of region use)

Kevin Blumberg kevinb at thewire.ca
Mon Apr 13 02:06:00 EDT 2015


Milton,

All of the example net blocks that used in your examples below  appear to be routed to equipment in the RIPE region.

I would prefer that the RIPE porition is clarified as my understanding is that the IP allocations are to be used inside of the region.

On the RIPE website the following FAQ seems to contradicte your statements


Yes, you can become a member of RIPE NCC. However, keep in mind that the Internet number resources need be announced within the RIPE NCC's service region<https://www.ripe.net/lir-services/member-support/info/list-of-members/europe>.

I don't believe that your description of how allocations are handled in the RIPE region are accurate. Possible asking RIPE staff would be appropriate at this time.


From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of Milton L Mueller
Sent: April 12, 2015 4:53 PM
To: arin-ppml at arin.net
Subject: [arin-ppml] Response to the ARIN counsel's assessment of 2014-1 (Out of region use)

At ARIN 35 we will be discussing the fate of a proposal to formally allow out of region use of number resources. Attendees can review the text of the policy alongside a staff and legal assessment of it here:
https://www.arin.net/policy/proposals/2014_1.html

The following is my response to the legal assessment of the proposed out of region use policy by ARIN's Counsel. It is clear that Counsel opposes this policy but I am not sure we are getting an unbiased assessment of its true implications. In the spirit of open dialogue about policies that are supposed to be developed bottom up by the community, I offer this rejoinder:

Counsel states:
"ARIN is governed by ICANN ICP-2, which calls for establishment of a single RIR to serve each region."

Regional exclusivity is one of the more interesting and far-ranging issues raised by 2014-1. We need to have a clear and honest discussion of it. Counsel is claiming that ICP-2 requires all usage of numbers to be bound to exclusive RIR service regions But this claim has no basis in either ICP-2 itself nor in operational practice.
- The title of ICP-2 is "Criteria for Establishment of New Regional Internet Registries;" in other words it is about the establishment of NEW RIRs, not about the general model of number governance
- Even assuming that service regions shouldn't overlap, ICP-2 does not articulate or establish a policy regarding use of number resources outside of a RIR's service region.
- ICP-2 is not a law, and thus raises no legal issues;
 - ICP-2 is not even a global policy, as its development and adoption by the ICANN board antedates the global policy development process
 - It is routine for LIRs with transnational operations to rely on one RIR for most of their address resources rather than joining multiple registries in each of the service regions. Far from leading to "difficulty for co-ordination and co-operation" and "confusion for the community within the region," such practices make coordination easier and reduce confusion and overhead.

In this regard, let me quote a Feb 25, 2015 statement on PPML by Tony Hain:

"Back up and figure out what problem is being solved.  The primary reason RIR's became possessive about their territory was "absurd protection of their precious IPv4 allocations".  Rewind to the pre-RIR timeframe, and allocations were global, and use was global. The RIRs were brought in to simplify the process, not fragment it.  ... Are we trying to protect the RIR's claimed autonomy over geography, or simplify the process of distribution for a global resource? If it is the latter as it started out to be, the definition of "out of region" is off-planet. If it is the former, why do people continue to fight against NIR's? If you want absolute autonomy, you need somebody capable of protecting your defined geography, and that usually becomes police or military. Make up your collective mind about your stated objective and make policy fit that. As far as I know the stated objective is to facilitate allocations of a global resource, so trying to restrict what the recipient does with it would appear to be out of scope."

As Hain suggests, the regional nature of RIRs was intended to facilitate resource distribution, not fragment it; the real reason for assertions of territorial exclusivity is IPv4 scarcity and uneven runout among the RIRs. But 2014-1 probably will not be implemented until ARIN's free pool is gone.

Counsel asserts:
"This policy would allow entities with no real connection to the ARIN's service region to obtain, for example, increasingly scarce IPv4 resources"

"No real connection" = a major exaggeration. The current policy requires recipients of ARIN resources to be organizations with an existing customer relationship & agreement with ARIN and be "currently using at least the equivalent of a /22 of IPv4, /44 of IPv6, or 1 ASN within the ARIN service region, respectively." Some connection to the ARIN region is required.

Counsel asserts:
"...if the policy were adopted, ARIN could arguably become subject to the jurisdiction and laws passed by governments outside our service region. This may lead to ARIN being a litigant in courts of nations outside its service region and subject to their requirements and judgments. ARIN will need to accept greater legal expenditures and risks, as well as potentially larger costs in order to take this greater scope into consideration in ARIN's registry activities on an ongoing basis."

Questionable. As long as ARIN permits its number resources to be used outside of the region, as it currently does, the same risk exists regardless of whether 2014-1 passes or not. Note that even ARIN's Counsel states that he supports allowing network operators headquartered in ARIN's region to make use of ARIN-registered resources out of the North American region. Such cases would pose the same jurisdictional risks, if indeed those risks are significant. Thus it is unclear how 2014-1 changes anything in this regard. Note also that a RIPE policy in place for the past 2 and a half years has not led to any such problems.

RIPE-NCC is currently allocating /22s from the 185.0.0.0/8 block without needs assessment and have given out hundreds since 2012. The receipant of the /22 is required to become a RIPE NCC member, but the recipient can be based anywhere. Over a dozen US companies not based in the RIPE region have availed themselves of this policy. Here are a few examples, with links to the Whois:

US          185.46.120.0      01/31/2014 IHNetworks, LLC https://apps.db.ripe.net/search/lookup.html?source=ripe&key=ORG-ILI4-RIPE&type=organisation
US          185.47.84.0        02/10/2014 KVH Industries, Inc https://apps.db.ripe.net/search/lookup.html?source=ripe&key=ORG-KII1-RIPE&type=organisation
US          185.51.4.0           03/20/2014 Latisys-Denver, LLC https://apps.db.ripe.net/search/lookup.html?source=ripe&key=ORG-LL159-RIPE&type=organisation
US          185.52.0.0           03/27/2014 RamNode LLC https://apps.db.ripe.net/search/lookup.html?source=ripe&key=ORG-RL171-RIPE&type=organisation
US          185.52.136.0      04/01/2014 Peak Web LLC https://apps.db.ripe.net/search/lookup.html?source=ripe&key=ORG-PWL4-RIPE&type=organisation

I believe in evidence-based policy. In many respects, RIPE-NCC is permitting out of region membership and out of region use. Can Counsel identify any of the purported problems taking place because of RIPE's openness to members from other regions? Has RIPE been a litigant in the US or has a national government threatened it with "political oversight" because of these actions?

Counsel asserts:
"[T]he policy fails to recognize that ARIN is not likely to able to perform the function contemplated in the policy with certain countries," such as Cuba, Iran and North Korea.

ARIN is barred from doing business with those countries with or without this policy. Any applicant for resources from those countries could simply be denied.

Counsel asserts:

"ARIN may be subject to significantly greater political oversight by national governments in its service region that will wish to evaluate why ARIN alone of the 5 RIRs is assuming a duty to service all of the world's community. It may be argued by governments in ARIN's region that this is a potential breach of ARIN's fiduciary obligations to its own region, and to examine whether it is consistent with ARIN's non-profit status and other corporate documents."

Incomplete, factually wrong in part, and speculative. It is incomplete because Counsel provides no legal reason why allowing out of region use would threaten ARIN's nonprofit status. Factually wrong because ARIN is not alone - note the RIPE-NCC case above. The argument about government reaction is speculative and non-legal. Essentially the claim is that governments (not the number resource-using community) won't like this policy and will punish ARIN for passing it by asserting some unspecified kind of "political oversight." Based on context I can think of only one government that would be in a position to assert "political oversight" over ARIN, and that is the U.S. government. Yet the US is firmly committed to private sector-led, multistakeholder internet governance. There is no legislation proposing to regulate ARIN on the horizon and no major private sector stakeholder lobbying group demanding it.

I think, therefore, that Counsel has it exactly backwards: if we reject this policy solely because of fear of the US government, ARIN and its board will be breaching their fiduciary obligations to pass number resource policies that are fair and impartial, technically sound, and supported by the community.

Counsel asserts:

"the policy will lead to an increase in fraudulent applications from out of region requestors, and issuance of resources to those who fraudulently file, since ARIN is not as well positioned to successfully discover such fraud by out of region requestors."

This is a legitimate concern. But I see no reason why staff cannot deny resources to entities that cannot produce adequate evidence for their claims. Other tweaks to be policy could be conceived that might address this issue, bearing in mind that two previous attempts to define thresholds were not acceptable to the community. Further, the incentive for most fraudulent applications comes from IPv4 scarcity, which has a very limited time horizon.

Conclusion
The choice is clear: are IP numbers a global resource to be allocated and assigned on the basis of technical efficiency, or are RIRs here to fragment the number distribution process into mutually exclusive territories? Will this policy be adopted or not based on its merit and community support, or on vague threats about governmental repercussions? I look forward to seeing you at ARIN 35 to further air these issues.

Milton L Mueller
ARIN Advisory Council member but speaking only for myself
Laura J. and L. Douglas Meredith Professor
Syracuse University School of Information Studies
http://faculty.ischool.syr.edu/mueller/
Internet Governance Project
http://internetgovernance.org<http://internetgovernance.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20150413/4b66585e/attachment.htm>


More information about the ARIN-PPML mailing list