[anti-abuse-wg] personal data in the RIPE Database

In message <CAKvLzuFUgogEdxKa00eyC0WpW9Q1YOo+bijSvZvh6PEyPp6U5w at mail.gmail.com>
denis walker <ripedenis at gmail.com> wrote:

>The bottom line is that there are honest, law abiding people who are,
>or would like to be, resource holders but are exposed to considerable
>personal danger by making their name and address public. We must take
>the personal privacy issue seriously...

These are exactly the central fallacies that have driven and that are
driving so much of the GDPR-inspired "privacy" fanaticism that's coming
out of Europe these days.

Who exactly are these unspecified "law abiding people" and what is it,
exactly, that is preventing them from taking measures on their own
(such as renting a P.O. box) to protect themselves and their privacy?

I do not dispute for a moment that there are many people, most notably
journalists, many of whom I have had the pleasure to work with (and even
some inside of Russia) whose freedom & lives could be endangered by
publication of their exact whereabouts.  And yet this current proposal
was not, as far as I know, generated by any of *them*.  *They* already know
all about the many readily available ways at their disposal to avoid having
their exact whereabouts published.  (And God help us all if they ever have
to rely on the good graces of RIPE to protect their locations!)

Perhaps even more to the point, I'd like to see any actual Venn Diagram
which would show us the -actual- (as opposed to postulated, by the 
privacy fear-mongers) overlap between the set of people who need any
kind of anonymity and/or protection of their location info and the set
of people who ALSO provably *need* to have RIPE number resources.

Oh!  Nevermind!  Conveniently, some kind soul on the Internet has already
generated & published this exact Venn Diagram:

https://www.amcharts.com/docs/v4/wp-content/uploads/sites/2/2020/02/image-768x377.png

So this is really the first-order fallacy:  The assertion, without a single
shred of supporting proof offered, that there exists some tiny minority of
people who both (a) need either anonymity or else secrecy as regards to
their actual physical address, and who also (b) need to have RIR number
resources.

If we are to believe this alarmist point of view, even, as it is, backed up
by zero actual evidence, then we must accept on blind faith that there
are some journalists or other "activists" who need to get their stories
out to the public but who cannot use *any* form of existing social media
to do that, and who cannot even do it via some shared or dedicated web
hosting arrangement.  No no!  We must believe that there are, somewhere
out there, activists and/or journalists who both (a) have reason to fear
for their physical safety and who also (b) really need at least an ASN or
a /24 or else they will be as good as gagged, for all practical purposes.

This is clearly nonsense on the face of it.  We are blessed to live in an
era where communication... even mass communication... has never been easier
OR more widley available.  And yet the contention is that edgy activism and/or
journalism will be entirely wiped from the map if the person who wants to
distribute a controversial newsletter cannot get hold of an entire /24.
Rubbish.

It is this exact sort of illogical thinking that has led to a situation,
in Europe, where you now can't even know if the new neighbor who just
moved in next door to you is a previously convicted serial pedophile.
You aren't allowed to know because your newspapers are no longer allowed
to print even just the names of convicted serial sexual predators, much
less their photographs.

Why any of you folks in Europe ever thought that this would be a good idea
is, I confess, beyond me.  You have placed this newfound fetish for "privacy"
above the competing societal values of free speech, freedom of the press,
transparency in public affairs, and the individual citizen's right to know.
So now you have to live with the downsides of those value choices.  But
those obviously dubious value choices DO NOT have to spill over into the
public RIPE WHOIS data base.  And they will only do so if the same inability
to judge fairly the cost/benefit ratio is sold to the membership at large
by the privacy extremists.

And now, at last, we come to the second absurd fallacy driving this debate.
I quote:  "We must take the personal privacy issue seriously..."

Simple question:  Why?  Who says we do?

Did the EU Council pass a resolution while I was sleeping which has rendered
RIPE legally responsible for the privacy of its members or their physical
addrsses?  If so, I didn't get the memo.

Seriously, who exactly is "we" and when did "we" become legally, ethically,
or morally responsible for hiding the physical addresses of members who
could, as I have noted above, quite easily take care of this on their own?
Was RIPE actually responsible for hiding physical addresses for all of
the past 20 odd years of its existance, but for some strange reason we are
only finding out about it now?

Again, I think not.  Nothing has changed, morally, eithically, or legally,
about RIPE's responsibilities to its members since last week.  Any suggestion
to the contrary is just an expression of a political viewpoint, not a
statement of any actual fact.

Also, and more importantly, the old saying is "God helps those who help
themselves."  Members, if there even are any, who fall into the unique
overlapping categories of those who are (a) concerned for their physical
safety and also (b) unable to communicate AT ALL without their own private
/24, can today, and could, at any time over the past 20 years, rent a P.O.
Box and use that as their "physical address".  If anyone can disprove that
statement, I'm all ears.  If, on the other hand, I am right about that,
then I will simply reiterate again that the proposal to redact addresses
from the RIPE data base is a solution in search of a problem.


Regards,
rfg