This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] ORG record vetting ?
- Previous message (by thread): [db-wg] ORG record vetting ?
- Next message (by thread): [db-wg] ORG record vetting ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Jul 30 06:11:21 CEST 2019
In message <d0b4503a-0a80-3eed-bbb1-9ec26e2deb7c at foobar.org>, Nick Hilliard <nick at foobar.org> wrote: >Ronald F. Guilmette via db-wg wrote on 29/07/2019 18:39: >> In that document section 1.1 (a) seem to the one one and only section >> relevant to my question: >> >> a. Proof of establishment/registration >> >> Normally, proof of establishment of a legal person can be registration >> with the national authorities (e.g., a recent extract from the Commercial >> Trade Register or equivalent document proving registration with the >> national authorities). When this is not available, other proof of >> establishment may be required (e.g., the law according to which the >> legal person was established). >> >> That last sentence is quite obviously an attempt... and a rather feeble one, >> in my personal estimation... to cleverly dance around the exact inconvenient >> question that I raised. "When this is not available..." Yes. When the >> entity -claims- to be incorporated in Malta, or Cyprus, or Liechtenstein, >> or Gurnesy, or the Isle of Man, or... then what happens, exactly? > >what happens, exactly, is what happens for an organisation from any >other country: the entity is required to provide registration documents >from legal authorities in those countries. Which can easily be forged. >This is usually checked against live online registers... Which, as I've already noted, simply do not exist for *many* countries in the RIPE region. >and usually requires back-up documentation >such as Letters of Good Standing from legal authorities. Which can also be trivially forged. >As the >countries that you mention have actual legal frameworks for handling >things like this, all will have appropriate authorities which can issue >enough identification documentation for the RIPE NCC to carry out due >diligence on the organisation in question. Yes. But how many will TRANSMIT such documents, upon request, direct from themselves to *any* non-LE requestor? Does RIPE NCC have its own MLATs (Mutual Legal Assistance Treaties) with nations in the RIPE region that routinely refuse informational requests from most other mere mortals? (If so, I'd like to inform the Vatican. I do believe that they would like to get on the privilege list also.) >Note that "due diligence" is about exercising a reasonable degree of >care. It's not about guaranteeing something 100%, because that isn't >possible in practice. It is self-evident from the facts I've already posted that RIPE NCC -cannot- say with any certainty that XYZ, while -claiming- to be incorporated in one of these corporate secrecy jurisdictions, is in fact incorporated in that place. So you need not have stated the obvious, which is that RIPE NCC actually cannot and does not do the kind of verifications of corporate identities that would be routine in, say, a corporate merger or acqusition. As regards to your assertion that NCC nontheless exercises a "reasonable degree of care", I can only say that one man's "reasonable" is another man's ridiculous silliness, and we certainly have no commonly accepted yardstick to judge "reasonableness" in this context. (I will endeavor in the near future to provide at least one concrete example where we can compare views on what isn't and isn't reasonable in this context.) >> I'm sorry >> to have to say it, but this notion of organization vetting in the RIPE >> region is so evidently riddled with loopholes that I personally feel that >> it is deserving of the same derision. > >If you're going to cast aspersions at the ripe ncc, please do yourself a >favour and back them up with evidence rather than supposition and >misunderstanding. I have not cast -any- aspersion. I have stated facts. Are you disagreeing with my assertion that there are national and/or local jurisdictions within the RIPE service region where there either is no national corpoprate registry in the normal sense and/or where there is one, but where nobody other than law enforcement may obtain any useful or meaningful data from it such as the names of actual directors? If so, it seems that some folks, at least, might agree more with me than with you on this point: http://registries.opencorporates.com/jurisdiction/at http://registries.opencorporates.com/jurisdiction/cy http://registries.opencorporates.com/jurisdiction/fi http://registries.opencorporates.com/jurisdiction/de http://registries.opencorporates.com/jurisdiction/gi http://registries.opencorporates.com/jurisdiction/gr http://registries.opencorporates.com/jurisdiction/gg http://registries.opencorporates.com/jurisdiction/hu http://registries.opencorporates.com/jurisdiction/is http://registries.opencorporates.com/jurisdiction/ir http://registries.opencorporates.com/jurisdiction/iq http://registries.opencorporates.com/jurisdiction/ie http://registries.opencorporates.com/jurisdiction/im http://registries.opencorporates.com/jurisdiction/it http://registries.opencorporates.com/jurisdiction/je http://registries.opencorporates.com/jurisdiction/jo http://registries.opencorporates.com/jurisdiction/kz http://registries.opencorporates.com/jurisdiction/xk http://registries.opencorporates.com/jurisdiction/kw http://registries.opencorporates.com/jurisdiction/kg http://registries.opencorporates.com/jurisdiction/lb http://registries.opencorporates.com/jurisdiction/li http://registries.opencorporates.com/jurisdiction/lt http://registries.opencorporates.com/jurisdiction/lu http://registries.opencorporates.com/jurisdiction/mk http://registries.opencorporates.com/jurisdiction/mt http://registries.opencorporates.com/jurisdiction/me http://registries.opencorporates.com/jurisdiction/nl http://registries.opencorporates.com/jurisdiction/pl http://registries.opencorporates.com/jurisdiction/pt http://registries.opencorporates.com/jurisdiction/qa http://registries.opencorporates.com/jurisdiction/sm http://registries.opencorporates.com/jurisdiction/sa http://registries.opencorporates.com/jurisdiction/es http://registries.opencorporates.com/jurisdiction/ch http://registries.opencorporates.com/jurisdiction/sy http://registries.opencorporates.com/jurisdiction/tj http://registries.opencorporates.com/jurisdiction/tr http://registries.opencorporates.com/jurisdiction/average_ae http://registries.opencorporates.com/jurisdiction/uz http://registries.opencorporates.com/jurisdiction/ps I say again, I have cast no aspersion upon either NCC nor anyone else. I have merely offered the observation that NCC simply -cannot- check out the legitimacy of corporate entities -or- any people claiming to represent thozse entities in cases where the host countries simply do not support that functionality. To put it another way, would you likewise accuse me of "casting aspersions" on you if I were to say that you would likely be unsuccessful if you tried to milk a bull? Or would I just be stating a rather obvious fact in that case? This kind of comment is not a reflection on the parties involved. It is instead just a rather obvious observation about the difference between the possible and the impossible. Regards, rfg
- Previous message (by thread): [db-wg] ORG record vetting ?
- Next message (by thread): [db-wg] ORG record vetting ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]