[arin-ppml] Draft Policy ARIN-2017-5: Equalization of Assignment Registration requirements between IPv4 and IPv6
jcurran at arin.net
Mon Jul 17 06:09:03 EDT 2017
On 17 Jul 2017, at 1:04 AM, hostmaster at uneedus.com<mailto:hostmaster at uneedus.com> wrote:
I think this is the FCC ruling he speaks of, and it does seem to shut down public disclosures of most of what is contained in SWIP/WHOIS without customer consent. This has been the rule for regular phone calls for a long time, called CPNI. Until today I did not realise the FCC extended this to the internet. It also appears that even someone with a contract with ARIN could require ARIN to restrict their data from third party disclosure, as it states that private contract provisions cannot override the right to insist on privacy.
It looks like static and even dynamic IP addresses and MAC addresses are considered protected information. IP addresses are the bread and butter of ARIN. Domain names are protected, thus Email addresses are protected since they contain a domain name, and they have also ruled that name, address and telephone numbers are protected as well. They even talk of DNS lookups being protected.
It kinda looks like the FCC has made a large part of SWIP/WHOIS unlawful with this order unless ARIN has been given consent by each holder of the information, even if they are a current member under contract.
The FCC is well aware of the Internet Numbers Registry System and
our processes for management of IP addresses, and their recent Open
Internet/Title II reclassification order specifically acknowledges that the
Title II change of broadband services does not assert their jurisdiction
over the assignment or management of IP addressing -
"This definitional change to our regulations in no way asserts Commission jurisdiction over the assignment or management of IP addressing by the Internet Numbers Registry System.” (Reclassification Order ¶ 391, note 1116)
The Order makes plain that the use of “public IP addresses” from the
Internet Numbers Registry System are an element used in the provision
of broadband Internet services, and there already exists specific CPNI
exception that a carrier may permit access to customers’ CPNI when
necessary for provision of the telecommunications service.
If ISPs can provide Internet services without use of IP addresses, then
then permitting access to that customer information would not meet the
limited exception, but that does not appear to be practical (and particularly
not with respect to the IP address blocks which are routed on the public
Internet, as being discussed in some variations of this draft policy)
ISP’s who have a concern in this area should obtain their own legal advice,
but compliance with community-developed registry policy is a prerequisite
for access to the public IP addresses, and our review notes that such access
is a necessary and required element for the provision of Internet services
and thus should fall without the limited CPNI exception that is provided.
(If somehow you can provision Internet services without the use of public
IP address, then availability of the “necessary for provision” exception would
not be the case, but then again, you also would not need to worry about
access to or compliance with the Internet Number Registry System…)
President and CEO
American Registry for Internet Numbers
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ARIN-PPML