<div dir="auto"><div>Hi William<div dir="auto"><br></div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 22 Jul 2022, 12:50 William Weber via db-wg, <<a href="mailto:db-wg@ripe.net">db-wg@ripe.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>As cybercriminal i wholeheartedly support the idea of removing all personal data from the RIPE DB.</div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Sound bites may sound good but add little to a discussion. </div><div dir="auto"><br></div><div dir="auto">A large part of the business data in the RIPE Database is legally identifiable and linked to personally identifiable people. </div><div dir="auto"><br></div><div dir="auto">No one is suggesting to remove ALL personal data. Names of natural people holding resources will still be included in the database as that is a fundamental part of the registry. "FULL" postal address details of natural people holding resources should not be published as it is quite likely their home address. The full address will still be held by the RIPE NCC, or resource holders. </div><div dir="auto"><br></div><div dir="auto">Cheers</div><div dir="auto">denis </div><div dir="auto">Proposal author</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>That would make my life so much easier.</div><div><br></div><div>--</div><div>William</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 22, 2022 at 12:00 PM <<a href="mailto:db-wg-request@ripe.net" target="_blank" rel="noreferrer">db-wg-request@ripe.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send db-wg mailing list submissions to<br>
<a href="mailto:db-wg@ripe.net" target="_blank" rel="noreferrer">db-wg@ripe.net</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://mailman.ripe.net/" rel="noreferrer noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:db-wg-request@ripe.net" target="_blank" rel="noreferrer">db-wg-request@ripe.net</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:db-wg-owner@ripe.net" target="_blank" rel="noreferrer">db-wg-owner@ripe.net</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of db-wg digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: IRT object postal address (denis walker)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 21 Jul 2022 15:41:58 +0200<br>
From: denis walker <<a href="mailto:ripedenis@gmail.com" target="_blank" rel="noreferrer">ripedenis@gmail.com</a>><br>
To: "Ronald F. Guilmette" <<a href="mailto:rfg@tristatelogic.com" target="_blank" rel="noreferrer">rfg@tristatelogic.com</a>><br>
Cc: Database WG <<a href="mailto:db-wg@ripe.net" target="_blank" rel="noreferrer">db-wg@ripe.net</a>><br>
Subject: Re: [db-wg] IRT object postal address<br>
Message-ID:<br>
<<a href="mailto:CAKvLzuE%2BRoNgGXL8TU3r4E5dOtOd3uweB9UzFJhgnOmpBruU%2Bg@mail.gmail.com" target="_blank" rel="noreferrer">CAKvLzuE+RoNgGXL8TU3r4E5dOtOd3uweB9UzFJhgnOmpBruU+g@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
Ronald<br>
<br>
(For those who don't read long emails...) The bottom line is that this<br>
proposal recommends to remove postal addresses of contacts, not<br>
publish the 'full' postal address of natural persons holding<br>
resources, replace personal data with business data and generally<br>
bring the contents of the RIPE Database into line with the defined<br>
purposes.<br>
<br>
---<br>
Now to answer Ronald's points...<br>
<br>
You have your own (hidden) agenda Ronald, which is fine. But don't<br>
expect everyone to fall into line behind you. Most people know your<br>
tactics. Repeat the same nonsense and conspiratorial theories over and<br>
over and over again until people believe they must be true. You lock<br>
onto a phrase or even a word and create an entire fear mongering story<br>
around it. Then keep asking the same irrelevant questions and<br>
demanding answers. This is not how to have a professional discussion,<br>
it is a Trump/Johnson style campaign.<br>
<br>
Let's kill off some of your fear stories. I am NOT against<br>
accountability, NOT helping cybercriminals, NOT proposing anonymity,<br>
NOT obfuscating half the database, NOT proposing secrecy and NOT<br>
avoiding transparency.<br>
<br>
As for GDPR, the only person obsessed with it is you Ronald. It is not<br>
even mentioned in the proposed policy text. You use it to confuse all<br>
discussions on the content of the database. GDPR is only one of the<br>
factors concerning the content of the RIPE Database. There are defined<br>
purposes for the database. As the RIPE Database Task Force pointed<br>
out, we should minimise the amount of data needed to fulfil those<br>
defined purposes. That is the overriding principle governing what<br>
should go into the database and what remains in the database.<br>
<br>
Most people did accept that in order to resolve internet operational<br>
issues (one of the main purposes of the database) no one is going to<br>
visit or post a letter to a contact in the RIPE Database. Therefore<br>
contacts don't need postal addresses. Whilst you may feel there is a<br>
need for a postal address for a contact for an IRT object, as Nick<br>
said, the opinions of CSIRT teams are more relevant.<br>
<br>
You have said yourself many times that the database is full of<br>
garbage. When you demand irrelevant data and force people to enter<br>
information they prefer not to provide which is not even covered by<br>
the database purposes, you increase the chances of some people<br>
entering false or misleading information. The only 'crusade' I am on<br>
is to bring the contents of the RIPE Database into line with the<br>
minimum information required to fulfil the defined purposes of the<br>
database and any legal requirements. We can have a healthy discussion<br>
on interpretations of that minimum information, but we should not be<br>
arguing over the principle. Forcing people (with mandatory attributes)<br>
to enter 'interesting' but not relevant information leads to a corrupt<br>
and diluted database that is less useful to anyone. Even optional<br>
attributes that are not relevant, dilute the important information.<br>
<br>
You can wish for any information you like to be in the RIPE Database<br>
Ronald, but if it is not essential for the defined purposes, it is not<br>
going to be there. Feel free to propose your own policies to change<br>
the purposes of the database and store certified photos of all<br>
contacts and their families if you believe that is necessary for your<br>
use of the database...or set up your own database.<br>
<br>
cheers<br>
denis<br>
proposal author<br>
<br>
On Thu, 21 Jul 2022 at 06:01, Ronald F. Guilmette via db-wg<br>
<<a href="mailto:db-wg@ripe.net" target="_blank" rel="noreferrer">db-wg@ripe.net</a>> wrote:<br>
><br>
> In message <<a href="mailto:CAKw1M3MEHHC63%2BBfS7P365F0Cw6hcGuOKKq0ZaTS%2BevtdiZDoQ@mail.gmail.com" target="_blank" rel="noreferrer">CAKw1M3MEHHC63+BfS7P365F0Cw6hcGuOKKq0ZaTS+evtdiZDoQ@mail.gmail.com</a>><br>
> =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= <<a href="mailto:me@cynthia.re" target="_blank" rel="noreferrer">me@cynthia.re</a>> wrote:<br>
><br>
> >> *) Why is the hiding of information even a priority?<br>
> ><br>
> >Hiding information is good from a privacy standpoint so you have to<br>
> >weigh the benefit of having the data public against the privacy<br>
> >implications of publishing it. (and consider any potential legal<br>
> >issues/requirements)<br>
><br>
> Transparency is good from an accountability standpoint. And in my opinion,<br>
> we have far far too little accountability on the Internet. Practically<br>
> every day now one can find stories about "hackers" and "cybercriminals"<br>
> and everyone just shrugs and goes back to work as if this is the way that<br>
> thing have to be, or that they are supposed to be.<br>
><br>
> My position is simple: If youy want to be anonymous, then get yourself a<br>
> pseudonym account on Twitter, or Facebook, or YouTube, or whatever, and<br>
> then blast away. Or alternatively, get yourself a domain name with all<br>
> of the WHOIS data redacted and then arrange wweb site hosting for that,<br>
> either on one IP of one hosting company, or several. But somewhere up<br>
> the chain there needs to be accountability, always. It is *not* a God-<br>
> given right to have an IP address block or an ASN. It is a privilege.<br>
> And that special privilege should be reserved for those who are willing<br>
> to be held accountable for what goes on upon their networks.<br>
><br>
> You and Denis are trying to _remove_ accountability from the equation, and<br>
> I remain steadfast in asserting that this will only benefit criminals.<br>
><br>
> >> *) Are these deliberate obfsucation steps still being justified on the<br>
> >> basis of GDPR, or do you now accept as fact that GDPR is irrelevant in<br>
> >> the context of the RIPE data base, and that it does not currently compel<br>
> >> RIPE to make any changes to the public WHOIS data base whatsoever?<br>
> ><br>
> >Denis has already mentioned in an email regarding 2022-01 that he will<br>
> >not address any more GDPR issues until there has been a legal review<br>
> >as many of us are not lawyers.<br>
><br>
> I'm sure that I saw someone post here quite recently that he had checked with<br>
> RIPE legal already, and had already been assured that RIPE is _not_ facing<br>
> any current or imminent legal jeopardy with the status quo as it now exists,<br>
> either in relation to GDPR or in relation to any other applicable law or<br>
> regulation. If you need me to do so, I will find that posting in the archives<br>
> and I'll copy it here.<br>
><br>
> >While I can't speak for Denis, you have not convinced me that GDPR is<br>
> >somehow irrelevant<br>
><br>
> I don't see how or why it should be incumbant upon either me or anyone else<br>
> to persuade either you or Denis that no change needs to be made. You and he<br>
> are putting forward and supporting this proposal for a _change_ in the<br>
> current status quo. It is thus necessary for you folks to make a persuasive<br>
> case that a change _is_ needed, rather than for me or anyone else to make a<br>
> case that it isn't.<br>
><br>
> >> *) If the goal is to hide information, then why not just take the entire<br>
> >> RIPE WHOIS data base offline and hide the whole thing behind some sort of<br>
> >> permission-wall that can only be pierced with a legal warrant?<br>
> >><br>
> >> (That last question is, of course, the essential point, since that endpoint<br>
> >> seems rather clearly to be the direction in which this is all headed.)<br>
> ><br>
> >This question is not really an "essential point" in my opinion as<br>
> >there is a big difference between hiding postal addresses and hiding<br>
> >abuse email addresses and route(6) objects.<br>
><br>
> You are doing just what Denis has done so far in relation to this whole<br>
> thing... You are evading the question. If transparency is "bad" and<br>
> secrecy is "good" then why not take that general principal to its final<br>
> and logical conclusion? Why not just take the whole WHOIS data base<br>
> offline entirely?<br>
><br>
> It's a simple question. I'd like to see either you or Denis answer it,<br>
> rather than evade it.<br>
><br>
><br>
> Regards,<br>
> rfg<br>
><br>
> --<br>
><br>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: <a href="https://mailman.ripe.net/" rel="noreferrer noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
-- <br>
<br>
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: <a href="https://mailman.ripe.net/" rel="noreferrer noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
<br>
<br>
------------------------------<br>
<br>
End of db-wg Digest, Vol 131, Issue 14<br>
**************************************<br>
</blockquote></div></div>
-- <br>
<br>
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: <a href="https://mailman.ripe.net/" rel="noreferrer noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
</blockquote></div></div></div>