Privacy, Broadband, & the Database

On Wed, Nov 29, 2000 at 01:25:30PM +0100, Wilfried Woeber, UniVie/ACOnet wrote:
> => I'm writing for your opinions, suggestions, and comments regarding updating
> => the RIPE database with assignments made for broadband (xDSL) customers. As
> => you may or may not be aware, ADSL is now being offered in the UK, which 
> => has very strict data protection laws. We offer ADSL services as a NATted
> =
> =IP addresses and data related to them is international resource.
> =I don't think you should apply any law in UK when we talk about
> =RIPE(.int) resources.
> 
>   But that doesn't mean the people *collecting* customer related info *and
>   transferring that data to somewhere abroad* would be exempt from local
>   laws. Quite the opposite holds true for many (most?) countries...
> 
>   It depends on the level of "responsibility" and functionality granted to
>   and exercised by that end site. As I've said in a private mail already,
>   we should ask the question about the usefulness of "assigning" (in the
>   good old sense) very small amounts of addresses to sites which are tied
>   in to the services of their provider anyway. I guess most of the ADSL,
>   dial-up, cable-TV connection assignments sh/could be reviewed from that
>   point of view.

The name and address info in the RIPE database needs to contain the
person (or organisation) responsible for a certain amount of IP space,
in my opinion.

So, if an ISP wants to be responsible for the IP space it hands out to
customers, then the ISP should be free to fill in their own name and
address. This gives ISPs the freedom to fill the RIPE db with names
and addresses of customers (that saves them the hassle of dealing with
for example abuse coming from that site), or putting their own name
in it (meaning they have to respond actively to for example abuse reports,
which is the ISP's job anyway).

>   I then asked the following question:
>   	"So you are going to collect information, but you are going to
> 	hide it.  Fair enough.  Have you thought about criteria and/or
> 	mechanisms to disclose that information, either to entites with 
> 	a "valid" interest and/or to law enforcement?"
>   
>   I did not receive a useful answer.
> 
>   Just as a virtual poll - would anyone in the RIPE region care to propose
>   criteria and/or mechanism?

Leave it as is. The current mechanism is fine, offering the information
to virtually anyone. Keeping any information "private" to all LIRs is
not going to be easy, and it's impossible to guarantee the data is never
leaked.

-- 
#!perl -pl	# This kenny-filter is virus-free as long as you don't copy it
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):('m',p,f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;				   # Jan-Pieter Cornet