Ronald
On Sun, 19 Jun 2022, 11:50 Ronald F. Guilmette via db-wg, <
db-wg@ripe.net> wrote:
I have already and on multiple occasions made my views known regarding the
currently pending proposal to have RIPE NCC perform a unrequested and blanket
redaction of all natural person snail-mail address information from the RIPE
data base.
The RIPE NCC will not be redacting anything. And let's be clear, we are talking here about 'postal' addresses.
Nontheless, I will now attempt to briefly recap my objections
to this proposal, and then, in a separate email to follow, I will attempt
to repsond directly to some of the points made most recently by the main
proponent of this proposal, denis.
In brief, I am opposed because:
*) This change, if adopted, would materially damage transparency in a
manner that is unambiguously detrimental to the interests of law
enforcement, private anti-abuse researchers, and the community as a
whole. This change, if implemented, would be of benefit primarily
and perhaps even exclusively to cybercriminals and other types of
Internet miscreants.
There is no transparency in undefined, unverified data.
*) Any member who wishes to have his, or her, or its actual physical
address concealed
'actual' is an interesting choice of wording. This 'actual' address is actually undefined to anyone but the person who entered it.
in the public-facing WHOIS data base can effect
that exact change for themselves, easily and cheaply, without any
assistance or intervention of the part of RIPE NCC.
This can be
accomplished by renting a P.O. box and/or by any number of other
and similar means, as I have previously noted.
Similar means, ie entering false, meaningless free text data. Or a PO box which Europol considered a dead end in their video I referenced.
The very fact that nobody, or essentially nobody has, to date, elected
to hide their physical address via such means itself supports the
validity of my next point.
Many people do use a PO box or misleading addresses, as mentioned by Europol in their video.
*) Essentially nobody is asking for this change. This proposal is an
example of the tail waging the dog, i.e. a tiny, vocal, and otherwise
insignificant but noisy minority dictating a poor policy choice
which, if adopted, the entire RIPE community (and indeed the entire
planet) will have to pay the price for, forever after -- that price
being not only the effort needed on RIPE NCC's part to implement this
change,
Nothing more than their normal ARCs
but more importantly the price of a loss of transparency, and
the short and long term implications of that.
Loss of false and misleading data.
(I expect that if this scheme of forced and unrequested redactions is
adopted, it will not be the last such change, and that the ultimate
endpoint actually desired by those opposed to transparency will be
that the entire RIPE WHOIS data base will eventually be placed under
lock and key, never again to be seen by anyone not possessing a formal
legal warrant. This, of course, would be an absolute disaster for
the community of actual network operators, as differentiated from
armchair privacy warriors.)
Please stop these emotive, utter nonsense, slippery slope, scare mongering arguments.
*) Contrary to the ill-informed and fuzzy legal musings of the lone two
proponents of this proposal, there exists no legal basis for such
a change to the public facing data base. The postulated legal mandate
regarding the content of the data base (or, more accurately, on
the absence of content) simply does not exist, and no such legal
mandate has existed at any time since GDRP came into full effect,
way back in May 2018, over four full years ago now. If any such
legal mandate had in fact existed, then we all would have known
about it long before now.
I actually presented on this very point at a RIPE meeting a few years ago, shortly after the introduction of GDPR.
If there either is or was any actual legal basis or compelling legal
motivation for this policy change, then this total obfsucation of
natural person mailing addresses would have been implemented already,
and some time ago. But as we here in the real world all know, there
are no actual GDPR policemen banging on RIPE's door and demanding
this dramatic departure from literally all historical practice, both
in the RIPE region and in all orther regions -- historical practice
that dates back even well more than 20 years, since before even the
formation of ARIN in 1997.
I advocated this in my presentation a few years ago. Everything takes time to effect on the RIPE community. If the appropriate authorities were to study the RIPE Database purposes, content and operation in detail they would indeed be knocking on some doors...
'Historical' practise is no guarantee of 'for life'.
cheers
denis
Proposal author