Hi Sascha,

How would you feel if the cops published lists like:

-Sander Stefann -complaint for kiddiepr0n -anonymous submitter -being investigated ?

That sort of stuff sticks and never goes away even if it is subsequently found to be bullshit.

Sorry, but you are pulling this whole discussion out of context and proportion.

Nope, no way, not unless a violation is determined - akin to being found guilty in a court of law.

Also, the identity of the submitter MUST be published even in this case. No anonymity for snitches, the Stasi wasn't *that* long ago

Ok, and this even more so. I am ending this thread right now. Sander

Hi Sander, On Sat, Feb 16, 2013 at 11:44:24PM +0100, Sander Steffann wrote:

I didn't really expect everyone to agree to the current text. But I did not expect such language and comparisons on this list, and it shocked me. As one of the proposers I ask you to please participate in a constructive discussion here to see what is possible and desirable and what is not.

if you were under the impression I was attacking you personally, I apologize, that was not my intent. I am quite alarmed by the proposal though, and I don't think my comparisons are that off either, considering the area of resource management having become a lot more competitive, as opposed to, co-operative since ipv4 depletion. as for what is possible, I've thought more on it and have formend the opinion that the only thing out of it, I could accept, is publication of the fects if a complaint was upheld *and* resources removed for cause. The reason being that RIPE policy is often ambiguous and contradictory, so a policy violation might simply be the result of a mis-interpretation, difference of opinion or bureaucratic slip-up. Dragging that into the court of public opinion serves nobody, except perhaps a malicious complainant. cheers, Sascha Luck

Thank you, Sander

Sander, all, On Mon, Feb 18, 2013 at 07:55:22AM +0100, Sander Steffann wrote:

Thanks. Let's start focussing on the proposal again :-)

for the record, so that there's not only one voice against, I share Sascha's concerns. The proposal fails to assess the risk of 'sticking rumor' and also fails to explain what the exact goal is (actually, there might be two radically orthogonal ones) and why the proposed measures would support that goal.

Your comment is still focused on one aspect of the draft text, but you haven't responded yet to any alternatives I proposed. The last one was the one I sent on Saturday:

I want to suggest the following direction for this proposal: Change section 1 (1. Transparency on reported policy violations) to: - RIPE NCC publishes statistics on complaints/reports (number of complaints in each state: new, under investigation, etc) - RIPE NCC provides a way for the complainer and resource holder to see the progress, keeping the currently existing privacy options

And leave section 2 (2. Transparency on reclaimed resources) as it currently is. I haven't seen any objections to that part yet.

Please focus on this suggestion now. It is obvious that we are never getting consensus on the 'old' text :-)

I see two motivations in the PP: 1) alleged or perceived intransparency on 'complaint' handling at the NCC As curious as I might be myself, I fail to see why a complainant would deserve deeper insight into the state of investigation than anybody else or why this should happen in public. As an NCC oversight issue, a summary that will not identify any particular case, should be sufficient if it included start, end and duration. 2) "stopping abuse of these shared public resources" This really concerns me, but maybe by even only doubting I have already committed the abuse? We can surely discuss violations of allocation/assignment policies, especially the obtainment of resources by wilful submisison of wrong, forged or falsified information, but this is much different from any judgement about the use of tehse resources once they have been compliantly acquired. The NCC is not in the business of the latter. -Peter

Hi Sascha,

"policy violation" is likely to catch some honest mistakes or changed circumstances. I'd be in favour of publishing this only if the resources were reclaimed because of a conscious act (fraudulent registration, falsified (as opposed to merely incorrect) information)

The file lists recources returned to the NCC, so the file only lists policy violations if they lead to reclaiming the address space. (It only lists returned resources, and it will only mention a policy violation if that is the reason behind reclaiming them) I think it already matches what you say. If not: please explain what you want to see changed. Cheers, Sander

this proposal was alarmingly ill-advised. castigating sascha for being alarming does little except bring it to a personal level. randy

I just wanted to comment briefly on the proposal now under consideration. I would have interjected quite a lot of follow-up comments on all of the comments that have been made here so far about this, but I've been tied up on other critical projects for the past several days. I don't want anybody to get the idea that I don't care about the proposal at hand. I do, passionately, but I have rather a different take on it, I think, than what I've seen expressed by others so far. The point has been made that publishing (or re-publishing) baseless accusations is un-good. There probably won't be a lot of disagreement on that general point. But more generally I think it has to be recognized that when it comes to the dispersal of information... accurate or otherwise... the Internet is, and is likely to remain, very much the Wild Wild West, and in the final analysis, there is not all that much that can be done about most of the baseless slander that occurs on the Internet every day. I'll just cite two cases in point. The first is ripped from recent headlines: http://www.usatoday.com/story/news/nation/2013/02/06/go-daddy-sued-over-reve... The general opinion among legal experts... with which I concur... is that under current U.S. law GoDaddy, despite having itself hosted a web site featuring "revenge" nude photos of ex-girlfriends, is not in any way liable for that. The ladies who have been offended by the web site in question may indeed have suffered deep anguish, but they will need to seek redress for those grievances elsewhere. Second, I remember clearly that quite a number of years ago now I par- ticipated, along with countless others, in a USENET newsgroup called news.admin.net-abuse.email. Back at that time, one of the most colorful and unambiguously demented denizens of that newsgroup was a fellow going by the name of "Dr. Grubor". So anyway, long story short, Dr. Grubor, publically and in the neswgroup, called me a paedophile. Of course, there was no basis whatsoever for his accusation, and I was understandably outraged. I was preparing to initiate legal action over Dr. Grubor's outrageous slander, and would probably have done so if I had not realized, in sort order, that Dr. Grubor had already accused about 80% of the other newsgroup participants of being paedophiles, before he even got around to calling me one. Given this reality, and that fact that Dr. Grubor's only remaining shreads of credibility were with the small handful of other seriously ill newsgroup participants, in the end I thought better of wasting my time and money pursuing legal damages against a nutcase that no one of any importance took seriously anyway. All the above having been said, there are just two simple points I want to make. First, as illustrated by the above two anecdotes, it isn't really prag- matically possible, here in the "information age", to stop people from spreading hurtful material and/or bald faced lies about one, or about one's company. Second, whereas I agree completely that there should exist, somewhere, an unfiltered uncensored place where people can post what they know, or even what they believe they know about various Internet number resources (and by implication, about the entities to which those have been assigned) I am not persuaded that either RIPE or any other RiR either could be or should be either the sponsors or the adminitsrators of any such web site. Rather, I am coming around to the opinion that this kind of function necessarily must be performed by, and must be under the control of some- one or something that is distinctly _not_ connected, financially or otherwise, to any of the RiRs, to IANA, to ICANN, or to the U.S. Department of Commerce (from which, the authority and the responsibility of all of thes other entities ultimately devolves). I think that this whole discussion (and the proposal at hand) came up, at least in part, because not everyone believes that RIPE is actively policing the resources it is the ultimate steward of, without either fear or favor. Additionally, the completely lack of transparancy with respect to such policing certainly contributes mightily to fostering that exact viewpoint. However I doubt that asking, demaning, or directing RIPE itself to be more transparent about these matters is likely to provide an actual solution to the perceived credibility gap. A reference to foxes and henhouses may be appropriate here. If, at the direction of the membership, RIPE NCC began publishing _some_ information, would anyone ever feel 100% confident that they were publishing _all_ relevant infor- mation? I wouldn't, but then I am suspicious by nature. Separately, there is indeed a legal liability issue inherent in this whole idea that cannot just be swept under the carpet. I rather doubt that there is much in the way of a constituency, within the RIPE membership, that is eager for RIPE NCC to go around wlly-nilly, sticking its neck into the proverbial legal noose by publishing, or re-publishing potentially actionable defamations. Defending the indefensible, perhaps at considerable financial cost, is not something I see as being on either RIPE's or RIPE NCC's agenda anytime soon. Journalism, for better or worse, is just not within the fundamental purpose of these organizations, and I think that it will be hard to find many RIPE member organizations who are eager to have their annual fees increased in order to support a high-priced legal defense team. For the reasons given above, at the present moment I believe that it must necessarily fall to some outside and unrelated person, entity, or organization to publish, without fear or favor, negative information about Internet number resources and the parties to whom those have been assigned. I am currently contemplating whether or not I myself want to be that publisher. So far, I am not favorably disposed to getting involved. The problem is that quite a lot of work would be involved, I think, in order to do a proper job, and I actually had a number of other things that I wanted to do this lifetime. Maybe if I could find two or three willing and able volunteers to help in the construction and deployment of a simple web site... Regards, rfg