This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[ripe-list] Confidentiality, or that lack thereof

Previous message (by thread): [ripe-list] Confidentiality, or that lack thereof
Next message (by thread): [ripe-list] Confidentiality, or that lack thereof

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Leo Vegoda leo at vegoda.org
Tue Aug 24 20:26:12 CEST 2021

On Tue, Aug 24, 2021 at 10:50 AM Ronald F. Guilmette
<rfg at tristatelogic.com> wrote:

[...]

>     3.1 Confidentiality
>
>     Internet Registries (IRs) have a duty of confidentiality to their registrants.
>     Information passed to an IR must be securely stored and must not be distributed
>     wider than necessary within the IR. When necessary, the information may be
>     passed to a higher-level IR under the same conditions of confidentiality.
>
> There are muliple reasons why the text above fails to answer my question.
>
>     *)  The first sentence makes a quite sweeping and a quite generalized assertion
>         and yet provides exactly -zero- references to support the assertion.
>
>         From whence does this alleged "duty of confidentiality" arise?  From law?
>         If so, which law and in which jurisdiction?

The earliest reference I have found is in ripe-104, from 1993.

"IRs will keep records of correspondence and information exchanges in
conjunction with the registry function for later review and the
resolution of disputes. IRs will hold this information in strict
confidence and use it only to review requests and in audit procedures
or to resolve disputes."

[...]

>     *)  Isn't the publication of WHOIS information a quite apparent and obvious
>         violation of this purported "duty of confidentiality"?  Or whould that
>         be more accurately referred to as "the exception that proves the rule"?
>
>         Could there be other and as-yet unenumerated exceptions to the general rule?

I have always understood that the confidentiality requirement was
intended to apply to any business information supplied to justify an
allocation of resources and not the outcome, which is published in the
RIPE Database and elsewhere. I understood that the goal was to assure
the businesses operating networks that chatty staff would not gossip
about what those businesses planned but had not announced.

If you believe there is a need to add clarity, you are welcome to
start a discussion in the Address Policy WG.

Kind regards,

Leo Vegoda
Address Policy WG co-chair

Previous message (by thread): [ripe-list] Confidentiality, or that lack thereof
Next message (by thread): [ripe-list] Confidentiality, or that lack thereof

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-list Archives ]