[arin-ppml] Draft Policy ARIN-2017-5: Equalization of Assignment Registration requirements between IPv4 and IPv6

John Curran jcurran at arin.net
Mon Jul 17 06:09:03 EDT 2017


On 17 Jul 2017, at 1:04 AM, hostmaster at uneedus.com<mailto:hostmaster at uneedus.com> wrote:

John,

I think this is the FCC ruling he speaks of, and it does seem to shut down public disclosures of most of what is contained in SWIP/WHOIS without customer consent.  This has been the rule for regular phone calls for a long time, called CPNI. Until today I did not realise the FCC extended this to the internet. It also appears that even someone with a contract with ARIN could require ARIN to restrict their data from third party disclosure, as it states that private contract provisions cannot override the right to insist on privacy.

http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf

It looks like static and even dynamic IP addresses and MAC addresses are considered protected information. IP addresses are the bread and butter of ARIN. Domain names are protected, thus Email addresses are protected since they contain a domain name, and they have also ruled that name, address and telephone numbers are protected as well.  They even talk of DNS lookups being protected.

It kinda looks like the FCC has made a large part of SWIP/WHOIS unlawful with this order unless ARIN has been given consent by each holder of the information, even if they are a current member under contract.

Albert -

    The FCC is well aware of the Internet Numbers Registry System and
    our processes for management of IP addresses, and their recent Open
    Internet/Title II reclassification order specifically acknowledges that the
    Title II change of broadband services does not assert their jurisdiction
    over the assignment or management of IP addressing  -

"This definitional change to our regulations in no way asserts Commission jurisdiction over the assignment or management of IP addressing by the Internet Numbers Registry System.”  (Reclassification Order  ¶ 391, note 1116)
    <http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0403/FCC-15-24A1.pdf>

    The Order makes plain that the use of “public IP addresses” from the
    Internet Numbers Registry System are an element used in the provision
    of broadband Internet services, and there already exists specific CPNI
    exception  that a carrier may permit access to customers’ CPNI when
    necessary for provision of the telecommunications service.

    If ISPs can provide Internet services without use of IP addresses, then
    then permitting access to that customer information would not meet the
    limited exception, but that does not appear to be practical (and particularly
    not with respect to the IP address blocks which are routed on the public
    Internet, as being discussed in some variations of this draft policy)

    ISP’s who have a concern in this area should obtain their own legal advice,
    but compliance with community-developed registry policy is a prerequisite
    for access to the public IP addresses, and our review notes that such access
    is a necessary and required element for the provision of Internet services
    and thus should fall without the limited CPNI exception that is provided.
    (If somehow you can provision Internet services without the use of public
    IP address, then availability of the “necessary for provision” exception would
    not be the case, but then again, you also would not need to worry about
    access to or compliance with the Internet Number Registry System…)

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers










-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20170717/b5204708/attachment.html>


More information about the ARIN-PPML mailing list