[anti-abuse-wg] personal data in the RIPE Database

In message <5f2f5fec-15cd-a307-dac4-366dd76b672d at heeg.de>, 
Hans-Martin Mosner <hmm at heeg.de> wrote:

>> If you say yes to both, then I am compelled to point out there there is,
>> as far as I understand it, *no* requirement, within the RIPE region, at
>> present for there to be *any* correlation between what appears in any
>> public RIPE WHOIS record and the actual bona fides of the corresponding
>> member, the -actual- identity o which remain secret & hidden behind an
>> opaque wall of stony silence, backed up by RIPE's legal counsel.
>
>I can't really judge this, but I see why that is your point of view.

It isn't a point of view.  It's a simple fact and easy enough to verify.

Members are allowed to put any garbage they like into their WHOIS records.
Nobody will stop them, nobody will police them if they do this, and there
exists no policy, rule, procedure, or mechanism to correct the WHOIS
records if they contain absolute horse manure.

And if you or I suspect that someone has in fact put inaccurate garbage into
their WHOIS records, you can ask the ever helpful folks at RIPE NCC to let
you see the actual bona fides documents that the corporate entity in question
gave to RIPE NCC when it first became a RIPE member.  You can ask, and you
will be told to get lost, because that is considered to be "secret" and
"confidential" info.

Again, I'm talking about non-person CORPORATE entities here.

And again, I'm talking about corporate legal registration documents...
documents which SHOULD BE PUBLIC anyway due to EU Anti-Money Laundering
rules.

Yes, even the EU got tired of its own opacity when it came to shell
companies and other corporate entities years ago, and they developed sets
of "Anti Money Laundering Directives" that all of the EU member states were
*supposed* to enact as local national laws years ago, starting, I guess,
with 1AMLD, then 2AMLD, then 3AMLD, 4AMLD, and finally, in 2018, 5AMLD.

But just like with RIPE, the EU member states, having approved these new
transparency measures at the EU level were apparently loath to actually
implement them, as required, as national laws in a majority of the EU
countries.  The result was that as of the year 2020, 22 out of 27 EU
member states were still playing "hide the ball" with corporate registration
and ownership information.  This should be a scandalous embarassment, but
both the lethargic EU member countries and also RIPE have never been
accused of having anything approximating shame.

You can read the whole shameful story here:

https://www.globalwitness.org/en/campaigns/corruption-and-money-laundering/anonymous-company-owners/5amld-patchy-progress/

Of course this is just the EU/AML part.  For now I won't even go into
the story of the time law enforcement officers showed up at RIPE
headquarters in 2009 and started asking questions in connection with a
money laundering investigation they were working on... which apparently
involved RIPE itself.


Regards,
rfg