[arin-ppml] Member Existance Documentation (or the lack thereof)

Ronald F. Guilmette rfg at tristatelogic.com
Thu Jul 28 15:13:56 EDT 2022


[[ Changing the Subject: line now because I want to veer off in a somewhat
   different direction ]]

In message <CAMDXq5PdLW4Ug00F-H5Wp2ZRaK4atdVj3u2eN4J-VeWrESAYjQ at mail.gmail.com>, 
Martin Hannigan <hannigan at gmail.com> wrote:

>> But seriously, what basic bona fides does ARIN require these days just
>> in order to open a membership, totally independent of any resource
>> allocations?
>>
>> For a corporate entity?
>
>You'd have to ask them, but presumably...

Why?  Why should I have to ask them?  Why isn't the answer to this simple and
obvious question spelled out, either the NPRM or in the RSA agreements, or even
just on the ARIN web site?

It is my hope, of course, that the answer to this simply question hasn't been
deliberately burried as a sort of backhanded way of allowing ARIN staff to vet
new applicants based on their personal senses of smell, rather than on the basis
of objective and publicly-known criteria.

I did a lot of reading about this topic last night and I have to say that it was
an extraordinarily eye opening experience!  The stuff I read raises far more
questions than it answers.

In the first place, the procedures that ARIN has in place appear to have been
designed to make it impossible to create an ARIN membership without simultaneously
making the implicit assertion (via a signed RSA) that the organization making the
membership application will be desiring to receive number resources allocations.

Simple question: Why?

In the AFRINIC Region, for one, there is a special kind of RIR membership
available that is sort-of analogous to a United Nations "Observer Status".
You get to participate in members-only things, including members-only mailing
lists and... not sure about this...  perhaps even voting, but you _do not_
have any assigned number resources.

If this is available in the ARIN region, then my organization would like to
obtain ARIN Observer Member Status.  If such a category of membership is not
presently available in the ARIN region, then why isn't it?

Moving on to more topics...

I found the following astonishing statement on the MEMBERSHIP FAQ page of the
ARIN web site (https://www.arin.net/participate/oversight/membership/faq/):

    "Your organization does not need to be an ARIN Member to apply for
    resources from ARIN..."

I read this, and I'm like "WAIT!  WHAT???"  I'm not even sure now what the
purpose of an ARIN membership is if a membership isn't even needed in order to
get ARIN number resources.  I do hope that someone will enlighten me.  The only
answer that comes immediately to mind is that maybe some organizations just want
resources and are perfectly happy to do without any voting rights.  But even
that doesn't make a lot of sense to me.  Why would anyone NOT want to have a vote??

Now we come to my most important point.

Quoting again from the MEMBERSHIP FAQ page:

     Is my organization eligible to become an ARIN General Member?

        Your organization must also have a name that legally exists.

What does that even mean?  Does the name "127.0.0.1" legally exist?  It is not
_illegal_, as far as I know!

My name is "Ronald Fredrick Guilmette".  That name exists.  Legally.  It is on both
my birth certificate amd my driver's license, as well as in many other places
connected to me, such as financial institutions, property records, etc.  (Of course,
it could be argued that "Ronald Fredrick Guilmette" is not in any meaningful sense
"organized", but that's besides the point.)

I want to know, precisely, what will cause ARIN to assert that a given name _does_
"legally exist" and conversely, what will cause it to assert that a given name _does
not_ "legally exist".  Of course I'd also like to know both how and, more importantly,
*when* ARIN makes its determination(s) that a given name does or does not "legally
exist".

It would appear, based on facts that I've previously posted here, that ARIN does
not vet the continued existance of its member organizations on any kind of an
ongoing basis, but rather only as a "one-off" at the beginning of the member's term
of membership.  But I will, of course, be happy to be corrected if I'm wrong about
that.

In my state (California) a sole proprietor may legal forgo any registration with
the state and may opt instead to just obtain the legal right to use a so-called
"Fictitious Business Name".  Rights to use such names are issued by California
counties, and sole proprietors are required to have one in each county within which
they do business.

These "FBNs" are, in effect, a legal form of a "DBA" or Doing-Business-As kind of
a thing.  These names _do_ "legally exist" under law within the State of California.

So this raises the obvious question:  May a California sole proprietor who is
verifiably in possession of properly-issued Fictitious Business Name from his
county become an ARIN General Member, and if not why not?  Maybe I just missed
it, but I'm not finding a crisp answer to this question anywhere in the NRPM or
the RSA or on the ARIN web site.

I hope that everyone will forgive me.  I am not just being penatic here just for
the sake of being pedantic.  This all relates back to what I would have hoped
would be a simple question with a simple answer: "What basic bona fides does
ARIN require these days just in order to open a membership?"

From where I am sitting, and based upon the admittedly limited amount of searching
and reading I've done, the answer seem to be "none".  But that answer itself
raises a whole host of questions.

Being naive, as I admittedly am, I would have thought that ARIN would require from
each  prospective new applicant (for either membership or resources) at least as
much documentation of the real existance of the applying organization as I need
to show in order to just simply get my suit coat back from the dry cleaners.  But
based upon my reading of the available public documents, this seems not to be the
case, or at least not always.

A friend recently related to me his account of a prior interaction he had with
ARIN.  Based on what he told me, it would appear to be the case that, in many
cases, ARIN may be doing its own "open source" research to determine if new
membership/resource applicants are or are not propely registered within their
own country, home state, or province.  This is crtainly easy enough to do for
organizations that are incorporated within the U.S. and Canada.  All of the data
is easily and instantly accessible online.

In contrast, verifing even just the bare existance of a legal entity that is
registered in certain opaque Caribbean jurisdictions is altogether and by
design problematic.  Many countries in that region have no public corporate
registries, either online or otherwise.  So this begs the question:  If a
purported new applcant for ARIN membership or resources is allegedly incorporated
in any such opaque jurisdiction, how does (or how can) ARIN verify this alleged
incorporation?  It would appear that it can't.  Not unless it has developed
a super-human X-ray vision capability that allows it to see into the secret
government files of these opaque nations... a capability that none of us mere
mortals possess.

Given all that, I have to assume that ARIN has, at the very least, had the
good sense to require from any new "opaque jurisdiction" applicant (for either
membership or resources) a copy of their government-issued basic corporate
registration document(s).  If not, then I think that it could be fairly said
that current and past ARIN procedures for vetting new membership/resource
applicants is providing even less security to the ARIN community, and to the
worldwide Internet user community than the dry cleaner's shop on the corner.
(The dry cleaner at least requires a ticket before he'll let you have your coat!)

The more reasonable and more generous assumption however is that ARIN _does_
require and also _has_ required from new "opaque jurisdiction" applicants
copies of their government-issued basic bona fides document(s).  But assuming
so, then why shouldn't ARIN save itself a lot of time and bother and just
require _all_ new applicants to either upload a scan of their government-issued
business licences or alternatively, allow them to snail-mail in a photocopy thereof,
even if the new applicant is located in the U.S. or Canada?  Then ARIN wouldn't be
obliged to go rummaging around on the Internet to find out if any purported new
applicant organization is real of fake.

For anybody who wants to lighten ARIN's day to day workload, this would seem to
be a big win, no? 



Regards,
rfg


More information about the ARIN-PPML mailing list