[ripe-list] Confidentiality, or that lack thereof

Dear Ronald,

Thank you for your questions. As others have correctly noted, the RIPE NCC does have policies protecting the confidentiality of certain information provided by our members. Our duty in this department stems from the mandate given to us by the community in section 3.1 of the IPv4 policy [1], which we interpret as a broad duty to treat all information we receive from our members as confidential:

"Internet Registries (IRs) have a duty of confidentiality to their registrants. Information passed to an IR must be securely stored and must not be distributed wider than necessary within the IR. When necessary, the information may be passed to a higher-level IR under the same conditions of confidentiality."

Our treatment of confidential information is also described in section 5 of the RIPE NCC procedural document "Due Diligence for the Quality of the RIPE NCC Registration Data" [2], which states:

"The RIPE NCC maintains a duty of confidentiality towards the legal or natural persons that request Internet number resources. Information passed to the RIPE NCC is securely stored and will not be distributed further than is necessary."

Furthermore, in the RIPE NCC procedural document "Handling Requests for Information, Orders and Investigations from Law Enforcement Agencies” [3], we provide more clarity regarding what information we treat as confidential and what we can share with third parties (the document pertains to LEAs, but we apply this principle with any third party). According to this document:

"1. Requests for Information

The RIPE NCC distinguishes between the following two types of information:

• RIPE NCC member information that is publicly available
• RIPE NCC member information that is not publicly available, including members' personal and organisational information and any other non-public information

1.1. RIPE NCC Member Information that is Publicly Available

RIPE NCC member information that is public can always be accessed by third parties, including LEAs. Such publicly available information may be any information that is accessible through the RIPE NCC website, including information or records that are public on the RIPE Database at the time of the request.

1.2. RIPE NCC Member Information that is not Publicly Available

The RIPE NCC does not provide member information that is not publicly available to LEAs on a voluntary basis.
Non-publicly available member information will only be provided to LEAs, if a Dutch court order or other legally binding order is presented by a Dutch LEA."

Although it is not directly stated in this document, we consider publicly available information only the information that we make publicly available (i.e. publish) according to our mandate from the RIPE community and our legal obligations.

If, for example, an LEA asks for the legal address or the bank account of a member, we will not provide them with this information, even though it might be publicly available on that member’s website.

As mandated by the community's policies, our publicly available information about members is accessible on our website, the RIPE Database and other RIPE NCC maintained applications, while other information is kept confidential.

Regards,

Athina Fragkouli
Chief Legal Officer
RIPE NCC

[1] IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region:
https://www.ripe.net/publications/docs/ripe-733#31 <https://www.ripe.net/publications/docs/ripe-733#31> 

[2] Due Diligence for the Quality of the RIPE NCC Registration Data:
https://www.ripe.net/publications/docs/ripe-748#5--confidentiality-and-privacy-issues <https://www.ripe.net/publications/docs/ripe-748#5--confidentiality-and-privacy-issues> 

[3] Handling Requests for Information, Orders and Investigations from Law Enforcement Agencies:
https://www.ripe.net/publications/docs/ripe-675 <https://www.ripe.net/publications/docs/ripe-675> 



> On 26 Aug 2021, at 21:22, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> 
> In message <48758939-BB53-43FF-8855-49C1AF18B017 at v6x.org>, 
> =?utf-8?Q?Andreas_H=C3=A4rpfer?= <ah at v6x.org> wrote:
> 
>> I really have no idea where this discussion is heading, I am not a lawyer,
>> etc. etc, but let me play "devil's advocat" and be a bit provocative :-)
> 
> That's fair.
> 
>> * My ad-hoc assumtion for any organization would be that any partner/
>> member/customer information is confidential unless the affected parties
>> have agreed to make it public.
>> 
>> viz. https://www.ripe.net/publications/docs/ripe-733#31
> 
> I note again that you are citing a Section (3.1) of a document that relates
> to the IP address allocation process.  The title of the document is "IPv4
> Address Allocation and Assignment Policies for the RIPE NCC Service Region".
> 
>    3.1 Confidentiality
> 
>    Internet Registries (IRs) have a duty of confidentiality to their
>    registrants. Information passed to an IR must be securely stored and
>    must not be distributed wider than necessary within the IR. When
>    necessary, the information may be passed to a higher-level IR under
>    the same conditions of confidentiality.
> 
> I would argue that BY DEFINITION the above assurances relate to information
> provided as part of a justification for IPv4 address space, and that they
> thereore do not apply to information submitted to RIPE NCC, much earlier,
> as part of the package of information that RIPE NCC requires in order to
> transform a prospective new member into an actual RIPE member.  That trans-
> formation, of a prospective member into an actual one, is clearly a separate
> and different process, and one to which the confidentiality commitment
> expressed in the above quoted passage cannot reasonably be construed to
> apply.
> 
>> Jurisdiction, at least, is easy.  RIPE-673 (initially quoted by
>> you but outdated) and all it's successor documents until the current
>> RIPE-745 state in the very last section:
>> 
>> Article 11 - Governing Law
>> 
>> 11.1 All agreements between the RIPE NCC and the Member shall be
>> exclusively governed by the laws of the Netherlands.
> 
> We agree.
> 
> Please note that The Netherlands does itself operate a *public* national
> corporate registry, one from which anybody anywhere in the world can fetch
> basic incorporation documents, albeit subject to a small fee per document.
> (I myself have used this web-based public service on multiple occasions in
> order to obtain various Dutch incorporation documents.)
> 
> It would seem that the jurisdiction of The Netherlands has no problem with
> the notion of making basic incorporation documents public.  Why then should
> RIPE deviate from that admirable national standard?  (That transparency
> with respect to basic incorporation documents is not by any means unique
> to the Netherlands, by the way.  Rather, this rudimentary transparency is
> the widely-accepted norm throughout essentially the entire civilized world.)
> 
>>>  *)  Isn't the publication of WHOIS information a quite apparent and obvious
>>>      violation of this purported "duty of confidentiality"?  Or whould that
>>>      be more accurately referred to as "the exception that proves the rule"?
>>> 
>>>      Could there be other and as-yet unenumerated exceptions to the 
>>>      general rule?
>> 
>> I would not consider this an exception.  What goes into WHOIS and/or
>> into the RIPE database is well documented and can be known in advance
>> by anyone applying for resources.
> 
> What are you saying, exactly?  Are you claiming that members, e.g. ones
> allegedly incorporated in some of the world's more opaque jurisdictions,
> such as Belize, etc., have either some expectation, or perhaps even some
> right to expect that even the bare minimum facts regarding their corporate
> existance shall be preserved as a deep dark secret, AND one which RIPE NCC
> is somehow obliged to become a co-conspirator in hiding from the world?
> 
> As noted above, the people and the government of The Netherlands don't
> appear to have any problem with making basic incorporation documents
> public.  Why then should RIPE?  Is RIPE attempting to emulate the ignoble
> example of FIFA by going out of its way to be opaque, and by so doing,
> either tacitly or consciously facilitating God only knows what?
> 
> Basic incorporation documents are neither "sensitive" nor relevant to
> the competitiveness of any given member.  As I have said, if you have
> incorporated as "XYZ Widgets" in the Duchy of Grand Fenwick, how does
> that information being public either hurt you or help your competitors?
> 
> Clearly it does neither, thus renderding any pointless and unnecessary
> secrecy about such basic documents on RIPE's part, nothing other than an
> additional tool in the toolboxes of bad actors, including some that, even
> as we speak, are attempting to bring down the entire edifice of the global
> system of Regional Internet Registries, including RIPE.
> 
> 
> Regards,
> rfg
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/ripe-list/attachments/20210827/4164256b/attachment.html>