This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] WHOIS (AS204224)
- Previous message (by thread): [anti-abuse-wg] WHOIS (AS204224)
- Next message (by thread): [anti-abuse-wg] WHOIS (AS204224)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Fri Nov 6 22:44:27 CET 2015
In message <563C8773.7000804 at yahoo.co.uk>, denis <ripedenis at yahoo.co.uk> wrote: >> It may seem like I am quibbling over a minor semantic point here, and >> perhaps I am, but I think that it is somewhat inaccurate to say that >> there's no relationship at all between RIPE / RIPE NCC and the entities >> whose data is in the data base. > >It is not a semantic point it is a legal point. (I am sure the RIPE NCC >legal team will correct me if I am wrong :) ) The RIPE NCC is the Data >Controller for this database. They manage the service and facilitate its >use by other parties. Some of the RIPE NCC members in some countries >satisfy their local laws by documenting every customer in the RIPE >Database. This results in hundreds of thousands of INETNUM/PERSON object >pairs created in the RIPE Database. > >The RIPE NCC has no relationship of any sort with these people. Their >personal information is in this database because they consented to it >being put their by someone they have signed a contract with. The RIPE >NCC has no knowledge of that contract or it's terms. Please excuse my feeble attempts to "drill down" as it were, and understand the facts and nuances of what you've just said. (I'll admit up front a substantial level of ignorance, if that will help to make clear that I _am_ attempting to understand, and not just simply being disagreeable.) On the one hand, you say that all these entities (both people and businesses) have consented to have RIPE NCC store and distribute their contact data. On the other hand you say that RIPE NCC has no knowledge of the terms and conditions of the contracts they have signed. Given that RIPE NCC is bound by European privacy laws, wouldn't it be fair to say that RIPE NCC is 100% confident of the content of at least one part of the contracts that all of these entities have individually signed, i.e. the part in which they consent to have RIPE NCC store and distribute their data? It would seem to be that case that RIPE NCC is a formal, legal, and an explicitly named third party in all those contracts. Is that statement innacurate? Haven't each and every one of these individual entities, in their contracts, granted certain rights to RIPE NCC as partial compensation for the number resources they are given? If not, then how can RIPE NCC get away with what appear to be rather massive and ongoing breaches of European privacy laws? If so however, then is it at all accurate to say that RIPE NCC has "no relationship" to all of these individual entities?? (It would appear that in fact RIPE NCC has direct contractual relation- ships with each and every one of them.) >Add to that all the possible language issues... I admit that the language issues are thorny, but not insurmountable. Are there no web sites that attempt to sell products throughout the European Common Market? How have they addressed the problem? >and I am not sure how you >will expect the RIPE NCC to validate all this personal contact data with >people who they have no relationship with and who may have never heard >of the RIPE NCC or RIPE. I'm sorry to be repeating myself, but I must again question both of the premises upon which your question is based, i.e. 1) that RIPE NCC is not, either explicitly or implicitly, a party to all of the individual end-used entity contract, and 2) that either some or all of those end-user entities have never even heard of RIPE NCC. (They _must_ have heard of it, because the name RIPE NCC must be present in all those contracts that all of them signed. If not, then who exactly did they grant the right to store and distribute their data to? Some mysterious unnamed overlord? Santa Claus?) >Anyone who receives an email from an >organisation they have never heard of, possibly in a language they don't >understand, asking to validate personal information...well you know how >that will be treated these days. Agreed. But as noted above, I am still having trouble understanding how you can assert that these end-user entities don't know of and/or have "no relationship with" RIPE NCC. I may not be a lawyer, but I still have trouble imagining that the lawyers at RIPE NCC would allow the technical people there to publish the data base... as they do... in the absence of a clear contractual relationship between (a) the end-user entities whose ``personal'' data it is and (b) RIPE NCC. Logically, it would seem that a contractual relationship does and must exist. Yet you are insistant that none does. I am having difficulty squaring this circle. >Also bear in mind a single data validation is quite pointless. What is >valid today may not be tomorrow. So you cannot trust data that was >validated yesterday. To have any benefit this data would have to be >routinely re-validated. If it can be done once, it can be done multiple times. Automation is your friend. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] WHOIS (AS204224)
- Next message (by thread): [anti-abuse-wg] WHOIS (AS204224)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]