On Tue, 7 Jun 2022 at 03:32, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <CAKw1M3NsS=hc17FTV-2BUuOLpT7YxCRsKcPhfukWPsC0MrJrtA@mail.gmail.com> =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= <me@cynthia.re> wrote:
AFAIK the "org-name" attribute on the organisation object does get verified if the organisation is a LIR or an end user that has received resources directly from the RIPE NCC (through a sponsoring LIR). (and possibly a few other cases like legacy resource holders with service agreements) I believe there are also many policies that say that information should be accurate, and while this might not be actively verified for the most part, it is still policy in many cases.
Policy in the total absence of -any- validation or enforcement is vacuous. It is a NO-OP. It is a joke.
First of all some of the information in the ORGANISATION objects related to resources directly allocated or assigned by the RIPE NCC is maintained by the RIPE NCC. This data is accurately aligned with the internal registry data. As for the rest of the data in the ORGANISATION object and elsewhere in resource objects it is subject to ARCs, Assisted Registry Checks, performed by the RIPE NCC with the cooperation of the resource holder.
Part of the issue is that the RIPE NCC has some responsibility for this under the GDPR...
Or to be more accurate, RIPE NCC is -alleged- to have some responsibility for this, e.g. by yourself and by other privacy extremists.
This is really insulting language and bordering on a bullying attitude. This has to stop. It doesn't reflect the professional manner in which these matters need to be dealt with.
In point of fact however this opinion, on your part, has never been adjudicated in any court of law. And more to the point, GDPR has explicit carve outs for the sharing and/or publication of data as may be necessary for an entity to carry out its mission.
And as I said in the previous reply, the defined purposes of the RIPE Database do not cover publishing to the general public the bits of information the proposal is recommending to have restricted access.
Some of us, at least (who may, coincidently have been on the Internet since well before you were born), still maintain the "old school" view that it was, is, and remains an integral part of the mission of both domain name registrars and also Regional Internet Registries to promote, foster, and enable the smooth functioning of the Internet. We also believe that that continued smooth functioning can be either (a) enabled by openess and transparency or else (b) hobbled by pointlessly and unnecessarily fetishizing secrecy, specifically within WHOIS records.
Putting people's lives in danger by publishing their home address contrary to the defined purposes of the database is an issue that is neither unnecessary nor pointless.
If our interpretation of GDPR is the correct one, i.e. that RIPE and other such organizations have both a current and a longstanding/historical duty to *not* "hide the ball", then your claim that the GDPR obliges RIPE NCC to do anything in particular now which is different from what it has been doing for the past 20+ years is both meaningless and not at all supported by *any* legal findings. In short, this contention that GDPR is (suddenly?) forcing RIPE to do something today that it was not forced to do at any time last week, or indeed, at any time over the past 20 years is simply fallacious - an imaginary imperative that doesn't actually exist.
You are just repeating yourself from the last email...I answered this point already.
and it can be really difficult to do this correctly, but I think the legal team could explain those details better.
And I think that the legal team has also been sucked into the vortex of privacy paranoia and extremism, and that they will say whatever they want to say, regardless of whether their position has been endorsed or verified in a court of law or not.
In short, they are part of the problem. As I have previously noted RIPE is a *private* organization mostly composed of *private* member organizations, virtually all of which are loath to disclose anything to anybody ever. Thus, I would not be in the least surprised if you told me tomorrow that the RIPE legal team had come out in favor of making the entire WHOIS data base private and accessible to "law enforcement only, eyes only". The legal team doesn't have any incentive whatsoever pulling them in the direction of transparency. All of their incentives run in the opposite direction... i.e. *against* any and all openness & transparency, even if that means degrading the ongoing smooth functioning of the Internet.
More unprofessional comments...which actually says nothing
I run a hobby network and have an ASN and a /48 of PI assigned to me from RIPE NCC (through a sponsoring LIR) and also know many other people who are in a similar situation. Many people who do this are uncomfortable with having to publish their home address in the RIPE database...
I have two responses:
1) Why don't you get a P.O. box if you are really that worried about it?
The more PO Boxes the better...
2) So if I understand why you're saying, you are saying that because there exists some small, but finite and non-zero set of people who, like you, are "uncomfortable", then everybody else in the universe should bend over backwards, throw out 20+ years of precedent, and should hobble the public WHOIS data base, all just so that -you- won't be made to feel "uncomfortable". Is that what you are saying?
A 20+ year precedent that didn't fully comply with the data protection laws of the day. What we are proposing now is to bring the database into line with current laws. When Cynthia said 'uncomfortable' I think she was being polite. Some are seriously concerned. And yes Ronald, some do make other arrangements. But those arrangements involve cost in terms of money and inconvenience. It also means the police end up chasing people at the wrong location because they have used the address of another LIRs office. You go on and on about the inconvenience to researchers and investigators like yourself, but you ignore the other side of the coin. After all the investigations the police need to take action. For that they need an actual, real, correct address. So in the end, your constant theme of promoting the use of PO Boxes delays the police action.
If so, then I'd like to suggest that you consider moving to sunny Florida. I think that you might fit in nicely there.
Although you may not have heard about it, the Governor of that state recently signed into law a new state statute which makes it now illegal for teachers in that state to say the word "gay".
The justification for this new law was that that word makes some small minority of the parents in the State of Florida "uncomfortable".
My point of course, is that this is how the dictatorship of the minority begins. You are "uncomfortable" so everyone else must change what they are doing.
And how shall we resolve the matter if, hypothetically, the discomfort of you and your friends someday makes me and my friends "uncomfortable"?
Let me say it again. Publishing the home address of a natural person holding resources to the general public is not covered by the defined purposes of the RIPE Database. Therefore the GDPR does not permit such action. So either we change the way we publish this piece of data or we change the purposes. Either can be done, but the latter would need justification. Why do we need to publish it now when we didn't need to publish it for the last 20+ years, to use one of your arguments.
Sure, I could go and get a PO box for ~650/year and just let the RIPE NCC have that address instead but that seems a bit silly to me when instead the address could just be hidden from the public.
So basically, your argument comes down to: "I don't want to be mildy inconvenienced, so instead I wish the rest of the planet to just arrange things so as to suit my personal maximal convenience." Is that about the size of it?
No it comes down to it is unlawful unless we change the purposes.
Well, at least you're being open about your viewpoint on this. I do applaud you for that.
I just want to say that assuming PO boxes are illegitimate is kinda odd and also varies by country I would think.
I never said P.O. boxes were "illegitimate". Please don't put words in my mouth. In fact I said something that arguably is the exact opposite, i.e. that all or nearly all domain name registrars allow the use of P.O. boxes in domain name WHOIS records, AND that as far as I know, so do all Regional Internet Registries.
yes lets have more PO Boxes.
On the other hand I do not know any natural person who either physically lives in or who physically works in a P.O. box. (In general, the boxes are too small to fit a whole human.)
My point here is mostly just that such a policy doesn't make a lot of sense to me, I am not sure if you are suggesting that such a policy should exist or not, but I think it would be a bad idea to implement such a policy.
I honestly can't even tell what you are arguing either for or against... only that you are arguing.
That's how I feel reading much of your emails
Are you in favor of making it harder to serve people with legal papers? If so, why would you do that and who would be the beneficiaries of that?
It is not really about preventing it, it is more just if that potential benefit outweighs the privacy implications.
In your opinion.
and your reverse argument is your opinion
And thus you bring the conversation back to a point I've already made, i.e. that many of you Europeans have become privacy fanatics and extremists, so much so, in fact, that, as I noted, you can't even know if the person who just moved in next door to you is a serial sexual predator or not, because you Europeans have elected to value privacy *above* freedom of speech, freedom or the press, transparency in public affairs, and the public's right to know. And if, for example, the former finance minister of Bulgaria who was fired & put in prison for embezzling public funds is nowadays running an ISP in, say, Moldova, and if that is hosting mostly crypto-currency scams, nobody will ever be the wiser or know that the proprietor of th ISP in question himself has a checkered past.
In case I have been anything less than clear, please allow me to say this very plainly
Devil forbid that you have been anything less than clear. -- I do not agree with the way you folks in Europe nowadays
value privacy -above- transparency. It is causing obvious disasters and I have every faith and confidence that in the fullness of time you'll all come to your senses and realize that you've swung the pendulum too far, and that your collective over-reaction to the scandals of Facebook et al is causing you, and coincidentally, the rest of the planet, more
So Ronald is on one side and the rest of the planet is on the other side...
harm than good. (This -always- happens when extremists are allowed to dictate policy. See also: Maximilien Robespierre -- "The Incorruptable".)
cheers denis proposal author
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg