This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
- Previous message (by thread): [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
- Next message (by thread): [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sascha Luck [ml]
lists-ripe at c4inet.net
Thu Sep 27 17:29:26 CEST 2018
All, On Thu, Sep 27, 2018 at 03:10:46PM +0200, Marco Schmidt wrote: > Dear colleagues, > A new RIPE Policy proposal, 2018-05, "Publication of Legal +Address of > Internet Number Resource Holder", is now available for +discussion. I really wish these announcements included the text of the proposal to make it easier to address it without having to copy&paste the meat of the proposal into the response. as for the proposal: - this proposal ignores completely the fact that not all resource holders are companies. - publishing the "legal" address details of natural persons likely conflicts with the GDPR for the EU and quite possibly with national data protection regs in the non-EU service region. - The "legal registered address" of a company will only rarely have anything to do with the location of their network management. In fact it often is no more than a lawyer's or accountant's office. This is even more true where a business has many locations for network administration. I'll address arguments as they pertain to legal persons exclusively below as I think the civil rights of *natural* +persons override any and all arguments you could make here. specific arguments: > To make it more difficult for malicious actors to hijack block +of > IP addresses and therefore play a preventive role in protecting > the community against malicious actors; Please provide reasoning how this would be achieved. I see no logical route to this assertion. > Assisting businesses, consumer groups, healthcare organizations > and other organisations combating fraud (some of which have > mandates to electronically save records) to comply with +relevant > legal and public safety safeguards; Please provide exactly which legal requirements and public safeguards require a central, PUBLIC, database of all resource holder address details. > Competent authorities to serve legal process to the party > responsible for the resources; Competent authorities already have a route to this information via the RIPE NCC or via national companies' reg offices. > To reduce delays in serving legal process, avoiding lost leads > and evidence. "Delays" such as having to procure a warrant for this data or having to look a business up in the national companies' office databases? > The RIPE Database is made for technical troubleshooting and not > for legal purposes. > Counter-argument: In the wake of large-scale cyber incidents, > there is a strong need to enhance cross-border cooperation > related to preparedness. Responding to cybersecurity incidents > may take many forms, ranging from identifying technical +measures > which may entail two or more entities jointly investigating the > technical causes of the incident (e.g. malware analysis) or > identifying ways through which organisations may assess whether > they have been affected (e.g. indicators of compromise), to > operational decisions on applying such measures and, +ultimately, > to be able to reach out across different jurisdictions in a +fast > fashion. Every national registry has different rules, languages > and formats. The availability of the data clustered in one DB > with one format will help for troubleshooting. Again, I cannot see the logic behind the assertion that a PUBLIC database of legal registered company addresses, insofar as it doesn't already exist in most jurisdictions, solves any problem related to technical troubleshooting. I'm sure in only the tiniest minority of cases will the lawyer or company secretary this address points to be able to, or even know whom to ask for, help with technical troubleshooting. > The information will become out of date if the RIPE NCC can't > ensure current accuracy. > Counter-argument: Information is the lifeblood of organisations > such as the RIPE NCC. Impure data is like impure blood > �\200\223 +not > good for the system. The quality of data held in IT systems +will > deteriorate unless steps are taken to maintain its accuracy and > consistency. This is not an argument, it is merely a re-statement of the position that data quality is important. Also, while everyone who knows me will know that I am the last person to demand political correctness in debate; I do question the need for the language and rhetoric of "Mein Kampf" in a policy proposal. > Therefore, it is of utmost importance to keep data +qualitatively > accurate. Poor data quality can lead to organisations taking > decisions based on inaccurate or out-of-date in-formation, > potentially with expensive consequences. see above, not an argument, just restatement. > The achievements don't justify the needed efforts/costs. > Counter-argument: Network and information systems and services > play a vital role in society. Their reliability and security +are > essential to economic and societal activities and in particular > to the functioning of modern societies and economies. A culture > of security is being shared across sectors which are vital for > our economy and society and will have to comply with the +security > and notification requirements being discussed in the RIPE NCC > service region. Again, the "counter-argument" is a boiler-plate politcal +statement and does not address the the effort/cost argument against. For the avoidance of doubt, the above constitutes opposition to this proposal. Kind Regards, Sascha Luck > We encourage you to review this proposal and send your comments +to > <ncc-services-wg at ripe.net> before 26 October 2018. Hereby done.
- Previous message (by thread): [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
- Next message (by thread): [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]