Ronald
Many of your comments are insulting and unprofessional. Much of what you've written below is utter nonsense. Some of your most emotive nonsense I've simply cut out. As the proposal author I feel compelled to keep reinforcing the truth over you nonsense. Your style is totally contrary to the stated aims of RIPE to be a diverse and inclusive community.
On Sun, 19 Jun 2022, 13:42 Ronald F. Guilmette via db-wg, <
db-wg@ripe.net> wrote:
Below I respond to denis' recent points made here regarding the pending
proposal to have RIPE NCC obscure all natural person mailing addresses...
whether those natural persons desire it or not.
The RIPE NCC does not enter or maintain the data in question and will not be obscuring anything.
In message <CAKvLzuH8UJpJRVeKq5f3OfMLFGffWeoUmq+xvLdBLJ-u25ZZ=A@mail.gmail.com>
denis walker <ripedenis@gmail.com> wrote:
>If you want to 'justify' publishing the home addresses of natural
>persons in this open, public database then propose a change to the
>purposes of the database to argue a case for doing so.
I do not believe that it is in any way incumbant upon me to "justify" what
is, what has been, and what remains common practice in all regions. Rather,
it is incumbant on those proposing a deviation from a widely-accepted system
that has served the community well for 20+ years to justify a proposed
departure from that existing norm and practice.
In short, the burden of proof is on you, not me.
As an armchair lawyer you have totally failed. GDPR does require the purposes of the database to justify the processing of personnel data. The current defined purposes do not do this for this data.
>So you are supporting various means "to obfuscate their actual
>physical location" and then in the very next sentence complaining
>about "inaccurate garbage" in the database. Your own arguments are
>contradictory.
I am opposed to there being an -official- condoning and/or (even worse) an
official -enforcement- of deliberate obfsucation of any fields of the
WHOIS data base.
So voluntary obfuscation is ok?
If there are the occasional rare persons who can make an
objectively supportable claim that they really need to have *both* number
resources *and* also confidentiality of their physical address, then let
those rare persons use a P.O. box number for their physical address or else
let them apply specially and -individually- to RIPE NCC for some special
dispensation from the default norm of entirely public WHOIS data.
Some telecom companies enter hundreds of thousands of customer details into the RIPE Database including personal names and addresses. These people, in reality, have probably never heard of the RIPE Database or the RIPE NCC. These are the very people GDPR is intended to protect.
This is the difference in our positions. You would have secrecy and
deliberate obfsucation be the new default and the new norm. I would
prefer to maintain the existing and longstanding norm that obfsucation of
contact information is offically -discouraged- rather than being officially
-encouraged- (and perhaps even, as you would have it, universally -enforced-,
whether any individual affected member even wants it or not).
What gives you or anyone the right to take away a member's rights to have
their true and actual mailing address in their own public WHOIS records?
Again you simply don't understand the issue. "their true and actual". This address is 'defined' in the database documentation as "The postal address of a contact related to the organisation". That can be anyone based in any location in the world, as Europol have discovered. They find several addresses for the same organisation in different parts of the world. This postal address, as defined, really had no meaning to anyone besides whoever entered the data.
Because that is, after all, what you are proposing, right? You have not
proposed to -ask- each affected member if they want to have their mailing
address obscured or not, correct? You just want to impose this on -all-
natural person members, in a top-down and dictatorial fashion, whether any
given affected member likes it or not, right?
Including those hundreds of thousands of telecom customers who don't even realise their personal details are so openly exposed. This isn't only about members but end users as well.
>There are contacts referenced in the database that allow contact "for
>any and all issues relating to their RIPE number resources". I doubt
>any member would like Ronald to visit them at their home to rant on
>their doorstep.
OK, so why are you limiting this proposal to only natural person members?
Are you suggesting that natural person members don't want me to visit their
actual physical location, but companies who are RIPE members do?
By making this postal address field optional companies can also choose not to enter an address.
So now, why don't you re-submit this proposal and instead propose that *all*
mailing address information, including even the country name, be redacted
from the data base for *all* members?
It will be optional.
Because that's obviously where you
really want to go with all this. So let's just cut to the chase and redact
*all* mailing address inormation for *all* members. What's good for the
goose is good for the gander also, right? So let's just bite the bullet
and go directly to your real end goal which is to redact *all* physical
address information, from all data base records. Makes perfect sense,
based on your logic.
We are talking about a specific, meaningless postal address.
[Utter nonsense removed]
>> As I have said on the Anti-Abuse Working Group's mailing list, any
>> member concerned about concealing their mailing address either (a) is
>> up to no good or else (b) may easily and cheaply achieve the desired
>> goal FOR THEMSELVES by renting a cheap P.O. box.
>
>or (c) enter false data into an unverified, unchecked, mandatory field
>they don't want to fill in.
Whose fault is it that even now, the RIPE public WHOIS data base contains
boatloads of unverified garbage?
The very fact that some data is unverified means it is not checked. So no one knows of it is true or not. We take it on trust that entered data is correct.
It is the community's fault, because the
community has failed to adopt any rule requiring the public WHOIS data
reflect known (to NCC) and objective reality.
You cannot verify I'll defined, free text data.
You can't have it both ways. You can't on the one hand decry, as I do,
the fact that there are no rules in place which would force public WHOIS
data to be accurate, and then in the same breath say that your "solution"
to the problem of inaccurate data is simply for NCC to stop publishing
-any- data.
No. The way to fix the problem is to fix the problem.
I propose, here and now, that upon reciept of any report or query, sent to
RIPE NCC, which suggests that any WHOIS record may contain invalid or
inaccurate data,
Again you simply don't understand what you are talking about. BY DEFINITION this free text postal address is of A contact RELATED to the organisation. Good luck proving any address entered into this field is false.
that RIPE NCC should compare the data in the public WHOIS
to the bona fide documents that NCC has on file for the relevant members, and
if there is any notable discrepancy between the two, then NCC should manually
substitute into the public WHOIS record the accurate and correct information,
as obtained from NCC's own files.
Again you don't understand. The RIPE NCC does not hold on file details of all contacts related to member organisations. Even if they did, they are not allowed to publish confidential details held in a non public record into a public database without consent.
(Of course, I am sure that this proposal will receive the exact same genuine,
fair, even handed, and thoughtful consideration as has every other proposal
that I have put forward here, which is to say absolutely none. Apparently,
only RIPE WG chairs and/or close friends thereof are allowed to ssuggest or
submit any proposals in any RIPE WG, and if one isn't pals with the Right
People, then one can go pound sand. This disgusting and blatant favoritism
is, of course, why I mostly don't waste my time in any RIPE WGs anymore.
Because what's the point? The die has already been cast.)
This is just purely insulting...
My vision, in contrast, is for a future where every field in the WHOIS data
bases of -all- RIRs is accurate and has been verified,
That is simply not possible for all data fields.
cheers
denis
Proposal author