[arin-ppml] IPv4 SWIP requirements (?)

Ronald F. Guilmette rfg at tristatelogic.com
Sat May 27 19:58:22 EDT 2017

In message <0a860fd3-1673-0be0-d0dd-c1228cfce989 at linuxmagic.com>, 
Michael Peddemors <michael at linuxmagic.com> wrote:

>Allow the community at large to 'register' complaints, but instead of 
>having it sent to what for all intents and purposes can seem like a an 
>opaque resolution process, have such complaints registered as publicly 
>searchable 'tickets'.

I, for one, would vigorously come out in support of this, *if* I didn't
think that my doing so would immediately, inevitably, and irrevocably
doom this simple proposal to abject failure, if not also to near universal
condemnation.  (1/2 :-)

But seriously, as already noted by others, ARIN currently labors under
a fundamental lack of ability or means to meaningfully enforce various
existing and community-approved regulations, as already formalized and
codified in the NRPM.  Given that, it would seem to be a rather obviously
pointless exercise in silliness -either- for people to message ARIN to
request it to open "cases" or "tickets" -or- for ARIN to dedicate any
staff time or energy into researching the particulars of any such case
or tickets when, at the end of the day, they have no community-approved
means to do anything about it, regardless of the outcome of any such

In similar situtations, where the law and its enforcement become so
radically disconnected that the law itself falls into disrepute and
ridicule, there are usually one of two outcomes, i.e. either (a)
vigilantism or (b) public naming and shaming (or sometimes both).

I suspect that on this list, at least, there would be general agreement
with the proposition that vigilantism is actually -not- the preferable
outcome in this case.

In contrast however, the general idea of having a place where reports
which are sent to ARIN regarding possible violations of NPRM regulations
would be on public display would seem to have a number of advantages,
both for the community and for ARIN.

Firstly, it would arguably relieve and absolve ARIN from responsibility
for either the investigation of such reports, and/or from the responsibility,
legal and otherwise, which might otherwise accrue to ARIN as a result of
its publication of findings and/or its action or inaction with regards
to any given case.  Members of the ARIN community, and of the worldwide
Internet user base generally, including myself, can and do already 
investigate many issues that often touch on clear and apparent NRPM
violations, and we simply lack a proper forum to share the resulting
information with all interested parties.  (I suspect that everyone will
agree that the PPML is -not- actually the best or most appropriate place
to document the failings of this or that specific ARIN customer.)

If a public blog, or forum, or some such thing (which would be searchable
by IP address, or CIDR, or ASN, or WHOIS handle) was created by ARIN,
made a part of the ARIN web site, and then opened for public submissions
relating to purported NRPM violations, it seems entirely likely to
me that ARIN would then, and at virtually no cost, benefit from
obtaining relevant data about specific trouble spots from an entire
planet's worth of investigators... investigators who would then have
a means to coordinate, and to share and exchange information about
such trouble spots in an open forum.  And this kind of information,
from outside investigators, might in some cases rival or even surpass
what ARIN might be able to discover, via its own internal investigations.
(And in any case, it would certainly cost less, as ARIN would be getting
the information for free.)

Secondly, the community would benefit from more open communications
about the various direct ARIN customers who are simply not following
the community-endorsed (NRPM) rules.  Exactly such open communications,
even when not leading to formal ARIN actions (as I expect they wouldn't
in virtually all cases), would tend to have the effects of public naming
and shameing of the scofflaws, thus encouraging compliance with NRPM
mandates without resort to formal ARIN enforcement and/or its attendant
potential for sticky, annoying, time-consuming and expensive legal

In short, this seems like a win-win-win.

ARIN wins by getting off the hook for investigating and/or "actioning"
NRPM violations that it doesn't really have either the clear mandate or
the funding to either investigate or action anyway, and the community gets
more transparency, a kinder, gentler, and less expensive way to disipline
the scofflaws, along with a smaller legal liability footprint for ARIN.[1]
And lastly, troublemakers like me get a place to vent spleen and document
the specific non-NRPM-conformant actions of various ARIN direct and indirect
customers... politely, of course... while contributing to the community's
(and ARIN's) knowledge of who is, and who isn't following the rules.

As a friend of mine once said "The only thing wrong with that idea is that
*I* didn't think of it first."


P.S.  In addition to all of the other benefits noted above, the creation
of an open forum, were reports regarding NRPM violations could be publically
lodged, would benefit ARIN by being a clear refutation of the criticisms
that have occasionally been leveled at it, here and elsewhere, to the effect
that its internal processes are opaque, inscrutable, and non-transparent,
either deliberately or otherwise.  What could be more transparent than an
open public forum?

Note that I am -not- -not- -not- suggesting that any member of ARIN staff
would be or should be encouraged to -participate- in or on any such
hypothetical forum.   Nor am I suggesting for one second that ARIN should
deviate in the slightest from its historical and appropriate tight-lipped
approach to any and all matters that may implicate actual enforcement
actions, somewhere down the road.  But even without any active participation
by any ARIN staff, an open public forum for the open publication and
sharing of information about NRPM violations would signal to the world
ARIN's commitment to transparency, and specifically, transparency in the
service of the ARIN community and the rules it has adopted, democratically,
via the consent of the governed.

[1]  Note that just as with all ISPs and all operators of open web site
forums, ARIN would have blanket and absolute protection from legal
liability for anything that anyone outside of ARIN might post to any
such hypothetical blog, under the unambiguous and courtroom-tested
provisions of 47 USC 230(c)(1).

More information about the ARIN-PPML mailing list