[arin-ppml] Reclamation of Number Resources
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Jul 14 07:36:52 EDT 2022
In message <9CDE9492-A18E-4BAF-A0F8-DD0FCCDA4050 at arin.net>,
John Curran <jcurran at arin.net> wrote:
>If you wish that we investigate this matter, please submit a report of the
>suspected Internet number resources fraud as per this process https://
>www.arin.net/reference/tools/fraud_report/
Thank you John, but I must decline that generous invitation for the following
three good and compelling reasons:
1) I cannot, in all honesty and good conscience, report something as
"fraud" where the set of pertinent facts, as I have elaborated them,
*do not* suggest that there has been any fraud, deceit, or
misrepresentation of any kind, at least not on the part of the member
organization in question.
The facts of this case, as I have laid them out, indicate only that
the member organization represented by the handle SL-206 incorporated
itself, most likely in an entirely legal and above board manner, in
Nevis & St. Kitts, as it had a perfect right to do, under law. The
known facts further indicate that this organization then applied to
ARIN for membership, which was apparently granted. Where in these
facts do you find even any hint of fraud or deception on the part
of the member with respect to ARIN? I confess that I see none.
How then, in all good conscience, can I reasonably report the
organization known as 1337 Services LLC to ARIN as a suspected
perpetrator of "fraud" and what "fraud" would that be, exactly?
In short, your invitation to me to file a formal "fraud" report makes
no sense in the context of this case.
The known facts do suggest that ARIN's own internal processes for
vetting new membership applications may at the time (12-11-2012) have
been inadequate to detect instances where a prospective new member
had no discernable significant connection to the ARIN region. That
failing on ARIN's part however does not imply the existance of any
attempt at fraud, deceit, or misrepresentation on the part of the
applicant organization. For all I know, and for all the publicly
available facts show, this organization was entirely truthful and
forthcoming when it applied for its ARIN membership, and the fault,
if any, must be laid at the doorstep of ARIN, given the known facts
of this case.
2) I could perhaps just be mis-remembering now, but it is my recollection
that the last time I inquired about the nature of any possible follow-up
which ARIN might undertake upon its conclusion of any investigation of
any case submitted via ARIN's fraud reporting form that neither the
original reporter, not the ARIN membership, nor the ARIN community,
nor the public at large would ever be informed of the results of any
inquiry that had been trigged by a fraud report submitted to ARIN.
If I am remembering that correctly then this deliberate policy of abject
opacity, especially in a case such as this, where ARIN itself may have
been at fault, is not only disheartening, e.g. to the original reporter
(me, in this instance) but it should, I believe, also be concerning to
the membership, all of whom should be entitled, I think, to honest and
open answers about past staff failures to enforce previously adopted
and formally ratified policies, and the reasons for any such failures.
Again, I will beg forgiveness from all who read these words if I am
simply mis-remembering, but it was and is my recollection that the
ARIN "fraud" reporting process is, in essence, and by design, a black
hole into which information may be tossed, but from which no information
whatsoever ever emerges. If true, this is, I believe, sub-optimal for
a number of reasons, not least because it fails to show due deference
to the memberhip's right to know how and even whether their ratified
policies are being taken seriously by ARIN staff.
It seems quite clear and apparent to me that a case such as I have
raised with respect to 1337 Services LLC (SL-206), if it were to be
handled in accordance with ARIN's current uniform "black hole"
information dispersal policy, would leave no one the wiser if in
fact this case all came down to a failure on the part of staff to
correctly and consistantly implement policy.
Although internally, and among yourself and ARIN staff, this convenient
ability to sweep staff mistakes under the carpet may appear to be a
"feature" rather than a bug, I hope that you will at least understand
why I and others might take a different view.
3) The case of 1337 Services LLC (SL-206), which I have gone to some lengths
to carefully research and document, raises a host of other questions and
concerns about ARIN's ability and willingness to enforce existing
ratified policies. It is my feeling that you, John, as CEO, should
openly address these concerns and questions, and not simply endeavor
to bury them all behind the opaque wall of silence that would seem to
be ARIN's formalized "fraud" reporting process.
Briefly, this case raises these questions:
a) Is it true or false that (as has now been suggested to me by multiple
personal sources) ARIN is altogether loath to enforce its written
and ratified policies against any member (except in cases involving
blatant fraud) out of a possibly well-founded fear of litigation of
the kind that has bedeviled and hobbled AFRINIC, it's staff, its
management, and its Board for in excess of two years now?
(I am obliged to note that the possibility of ARIN's reticence to
act against mere policy-violating members comes to me not only
via multiple personal sources, but also based upon what would
appear to be a historical pattern and practice as exemplified by
three past cases that I have personal knowledge of. [1])
b) How exactly did it come to pass that ARIN awarded a membership to
1337 Services LLC, which clearly is and was, even as of its ARIN
induction date (12-11-2012) doing business out of an incorporation
company's P.O. box on the Carabbean island of Nevis, and having no
other apparent business or physical connection to the ARIN region?
Was some staff member simply distracted or overworked? Were the
policies requiring a substantial connection to the region simply
more liberal back then? Was any ARIN staff member given or offered
any kind of inducement to accept the application of this particular
prospective member?
Whatever the cause of this past lapse of ARIN policy enforcement was,
I do not believe that it serves the community's interests to have
it simply swept under the carpet. Indeed, I believe that I have
made a prima facia case that we all should be told what really
happened, because even now, some nine years later, law abiding
users of the Internet may still be being negatively affected by
the end results of what appears to have been a less than adequate
enforcement of policy on ARIN's part.
c) If, as the known facts of this case, generously interpreted, would
seem to indicate, ARIN has in past years inadequately applied its
written and ratified policies in the case of 1337 Services LLC,
then it is, I think, altogether appropriate to wonder how many more
such cases from past years now lie, undiscovered, on ARIN's books.
If ARIN's internal protocols for vetting new membership applications
has, for any extended period of time, been quite as inadequate and
remiss as this case would suggest, then it is altogether believable
that there could be dozens or perhaps hundreds of other memberships
that ARIN staff has approved and granted to other organizations that
also lack any significant association with, or operations within
the ARIN region. And if that is the case, I think that the members
and the community have a right to know both how and whether ARIN
will now make efforts to ferret those out and/or to action them
appropriately, i.e. by terminating those improperly granted
memberships.
d) If ARIN is not, as of the present moment, adequately vetting new
membership applications to insure that them conform to polcy, as
written and adopted by the membership, then this fact is also
something that the membership arguably has a right to know. And
conversely, if ARIN staff is being cowed or otherwise induced, even
in the present day, to ignore policy, perhaps so as to avoid rocking
the boat and/or to avoid possibly engendering lawsuits, then this
also is a circumstance that I feel should be laid out on the table,
openly and honestly, for the benefit of the membership, and indeed
everyone.
For all of the foregoing reasons I shall not be submitting any formal "fraud"
report to ARIN in relation to 1337 Services LLC. That legal entity is not
guilty of even the slightest misrepresentation as far as I am aware. The
known facts of this case do however clearly indicate that that organization
has been granted ARIN membership, despite having no apparent meaningful
connection to the region. This fact is not something that the member is
obliged to answer for, as it was ARIN's decision to grant the membership,
apparently in violation of policy.
Regards,
rfg
P.S. John, you have cautioned me to be cognizant of the ARIN Mailing List
Acceptable Use Policy, and that it obliges me and all participants here to
avoid "making accusations of criminal conduct".
Your admonition to me in this regard is, I believe, both unwarranted and
improper, and it obliges me to ask the obvious and unavoidable question:
Wherein have I made any accusations of criminal conduct?
The answer is clear. I have made none against anyone, and quite certainly
not against 1337 Services LLC. Indeed, quite the opposite! As I have noted
at length above, there is -zero- indication, in and among the known facts of
this case that 1337 Services LLC has done anything untoward, illegal, or even
questionable. That organization merely incorporated itself within the ARIN
geographical region and then applied for an ARIN membership... both acts which
it has, and had, a perfect right to undertake, under law. (It is not their
fault if ARIN then failed to enforce its own policies restricting membership!)
That all having been said, I have indeed suggested that 1337 Services LLC
-may- possibly (and it would seem does) have some connection to one particular
European gentleman, however I think that I have been clear in my presentation
of the facts of this case that even that is somewhat speculative. More to
the point however, I have not besmirched even that gentlmean in any way,
other than to reference known public facts about his past interactions with
law enforcement and also to note that certain of what would appear to be
name servers under his control may (perhaps even entirely unbeknownst to
him) be providing DNS services to some domain names which themselves, in
turn, may or may not be involved in illegal acts. (I have no hard evidence
on this one way or the other. If I had had any such, then you can be sure
that I would have already mentioned it.)
None of this adds up to an accusation of certain criminality, made by me,
against anybody. Indeed, as I like to say, "My parents didn't raise no
dummies" and I hope that everyone will credit me with at least enough
intelligence to allow me to avoid sticking my own head into the noose of
a possible defamation lawsuit on the basis of anything other than a dead
certainty beyond a reasonable doubt. I have not done so and I will not
do so, either here, on this mailing list, or anywhere else for that matter.
I have endeavored to place only facts into evidence here. If others infer
some accusations based on those facts, then that is not something that I can
either control or take any responsibility for.
Footnotes:
[1]
http://voices.washingtonpost.com/securityfix/2008/04/a_case_of_network_identity_the_1.html
https://mailman.nanog.org/pipermail/nanog/2019-August/102791.html
https://mailman.nanog.org/pipermail/nanog/2020-January/105672.html
More information about the ARIN-PPML
mailing list