<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Ownership of RIPE Database


  > "Wilfried Woeber, ACOnet" woeber@localhost writes:
  > 
  > a) try to avoid discussing these issues as long as it seems to be
  > feasable; however if the question has been raised in the public, you
  > really have to make a move.  Otherwise decisions are made be other
  > bodies, not necessarily to your comfort. 

Rob and I have tried *very* hard to do just that and to convince the
RARE CoA that this was prudent at the Innsbruck meeting. They have
decided otherwise and the matter is now really raised.

  > b) As we (RIPE!?) are apparently forced to act, my proposal is along the
  > lines of Fidonet, X.400-MHS and/or the Free Software Foundation/GNU
  > etc.: Have the RIPE-NCC with the endorsement of RIPE and/or RARE (?)
  > hold the Copyright.  Then formally charge the holder of the copyright to
  > provide the information freely, within the limits of the usual
  > restrictions (not for profit, must not be restricted or altered if
  > passed on, every copy must carry these tags, etc.)

This seems to be a good idea but there must be a safeguard that the
copyright holder complies with the rules and the community must be
satisfied that this is likely to work. The NCC as such has no formal 
legal standing of its own and neither does RIPE. Of course RARE feels
they are the right legal body. Does RIPE agree?

  > c) when it comes to the protection of personal data, then we are in deep
  > ...  It still remains open what data is really personal/private and thus
  > subject to protection! 
  > 	(Your healt record probably is private [though not part of an entry
  > 	in the database], affiliation of a networkmanager, address of your
  > 	office and telefone number probably is NOT personal ==> nonissue]) 
  > 
  > I think there is currently no European solution for this.  Maybe we have
  > to formally move the DB to a country where this is not (yet) a problem? 
  > Or we, once again, go along the RIPE Community Route as a kind of
  > "association". Everybody joining (personally or as the representative of
  > an organisation), explicitely agrees to have this data made publicly
  > available, even if this means that I have to sign a paper at a RIPE
  > Meeting. 

If it has to be paper than we are in deep. We have thousands of person records.
This means funding another person at the NCC just to keep track of that.

  > d) The "German Situation": While I do not know anything in detail, my
  > general feeling is, that requests for privacy/keeping within a closed
  > usergroup are _wrong_ as well as technically _misleading_.  I could for
  > example tell you stories about "keeping addresses secret" and at the
  > same time they are listed in official directories (eg.  PSPDN X.25
  > :-)... 
  > 
  > Every organisation that feels a need for such type of privacy eventually
  > has to set up it's own network and cut _all_ links to other networks. 
  > And thus it becomes an _nonissue_.  We should try to make this clear.  I
  > think there is no real way of _sharing infrastructure_, _collaboratively
  > managing or trouble shooting_ and at the same time keeping _private or
  > hidden_ addresses, etc. 

Fully agree "security thru obscurity" does not work in our environment.

We'll talk to the RARE lawyers next week about all this. Maybe we will have
some more considered legal opinion then. 

  > ...my 10 pennis worth, Wilfried.

My shilling's worth.

Daniel



<<< Chronological >>> Author    Subject <<< Threads >>>