[arin-ppml] Of interest?

Ronald F. Guilmette rfg at tristatelogic.com
Fri May 17 14:57:50 EDT 2019 

In message <5EEBAC20-184A-42DC-9C8B-5A15B8197B84 at arin.net>, 
John Curran <jcurran at arin.net> wrote:

>We will review the extent that business addresses and POC are checked
>against state registrations, and see if changes are necessary there

Thank you John, for at least having the courtesy and decency to admit
that there quite clearly *is* a problem here.

But I want to be clear.  I'm not asking you/ARIN to "review" anything
or to "see" if changes are necessary.  The fact that ARIN is quite clearly
*not* checking to see if applicants for membership are even legally
registered in the states or provinces where they purport to be located
quite obviously *is* a problem, and in the present context it is a
glaring one.  This whole epic $10 million dollar Micfo goof up could
have been stopped in its tracks, at the outset, 4+ years ago, when it
was just getting off the ground, if ARIN has just done these ridiculously
simple and cost-free online 30 second checks on each of the bogus shell
companies involved.

But you're obviously reluctant to have your "investigators" do this one
trivially easy thing.  So I guess that I have no choice but to try to
draft a formal proposal on the matter and formally submit it.  That's
a pity.  I hoped that it wouldn't need to come to that, and that the
obvious reasonableness and desirability of doing these simple checks 
would be enough to cause you and your staff to make it happen.  But
apparently not.  So I'll go the formal mandate route.  I shouldn't have
to, but I will.

>much as we've seen with the requiring of notarized documents and
>government issued identification, a determined perpetrator can still
>readily adapt to such a requirement if there is sufficient financial
>incentive involved.

Forgive me John, but that could be read as a lame excuse for doing
absolutely nothing at all in the way of proper vetting of new applicants.

I must reiterate again that,  as we all now know, from the court filings
in this present Micfo case, there are millions of dollars at stake here.
Given that context, it is quite certainly *not* acceptable to just shrug
and say "Oh well!  Boys will be boys, and criminals will be criminals,
no matter what we do."

For all of these Micfo sock puppet companies, ARIN quite evidently failed
to do even minimal due diligence, e.g. checking state level registrations,
before awarding these crooks millions of dollars worth of IPv4 space.
This isn't abmiguous, and it isn't even debatable.  I have posted the
evidence here.

It is thus now abundantly clear that whatever the bleep ARIN actually has
been doing, in the way of vetting new applicants, it all amounts to just
"security theater" when the rubber actually meets the road.  Yes, ARIN now
has in its possession several bogus/fradulent "notarized" documents, and
those will quite certainly help to put this particular perp in the pokey
for a long while (we hope) but that is cold comfort in the face of the
fact that ARIN could have actually -prevented- this whole disaster, and
this whole fraud, just by doing some simple and cost-free online checks
on these bogus companies, up front, before they were allowed into the club.


Regards,
rfg

More information about the ARIN-PPML mailing list