Ronald

On Sun, 19 Jun 2022, 11:50 Ronald F. Guilmette via db-wg, <db-wg@ripe.net> wrote:
I have already and on multiple occasions made my views known regarding the
currently pending proposal to have RIPE NCC perform a unrequested and blanket
redaction of all natural person snail-mail address information from the RIPE
data base. 

The RIPE NCC will not be redacting anything.  And let's be clear, we are talking here about 'postal' addresses.

Nontheless, I will now attempt to briefly recap my objections
to this proposal, and then, in a separate email to follow, I will attempt
to repsond directly to some of the points made most recently by the main
proponent of this proposal, denis.

In brief, I am opposed because:

    *)  This change, if adopted, would materially damage transparency in a
        manner that is unambiguously detrimental to the interests of law
        enforcement, private anti-abuse researchers, and the community as a
        whole.  This change, if implemented, would be of benefit primarily
        and perhaps even exclusively to cybercriminals and other types of
        Internet miscreants.

There is no transparency in undefined, unverified data. 


    *)  Any member who wishes to have his, or her, or its actual physical
        address concealed

'actual' is an interesting choice of wording. This 'actual' address is actually undefined to anyone but the person who entered it. 

in the public-facing WHOIS data base can effect
        that exact change for themselves, easily and cheaply, without any
        assistance or intervention of the part of RIPE NCC.
  This can be
        accomplished by renting a P.O. box and/or by any number of other
        and similar means, as I have previously noted.

Similar means, ie entering false, meaningless free text data. Or a PO box which Europol considered a dead end in their video I referenced. 


        The very fact that nobody, or essentially nobody has, to date, elected
        to hide their physical address via such means itself supports the
        validity of my next point.

Many people do use a PO box or misleading addresses, as mentioned by Europol in their video. 


    *)  Essentially nobody is asking for this change.  This proposal is an
        example of the tail waging the dog, i.e. a tiny, vocal, and otherwise
        insignificant but noisy minority dictating a poor policy choice
        which, if adopted, the entire RIPE community (and indeed the entire
        planet) will have to pay the price for, forever after -- that price
        being not only the effort needed on RIPE NCC's part to implement this
        change,

Nothing more than their normal ARCs

but more importantly the price of a loss of transparency, and
        the short and long term implications of that.

Loss of false and misleading data. 


        (I expect that if this scheme of forced and unrequested redactions is
        adopted, it will not be the last such change, and that the ultimate
        endpoint actually desired by those opposed to transparency will be
        that the entire RIPE WHOIS data base will eventually be placed under
        lock and key, never again to be seen by anyone not possessing a formal
        legal warrant.  This, of course, would be an absolute disaster for
        the community of actual network operators, as differentiated from
        armchair privacy warriors.)

Please stop these emotive, utter nonsense, slippery slope, scare mongering arguments. 


    *)  Contrary to the ill-informed and fuzzy legal musings of the lone two
        proponents of this proposal, there exists no legal basis for such
        a change to the public facing data base.  The postulated legal mandate
        regarding the content of the data base (or, more accurately, on
        the absence of content) simply does not exist, and no such legal
        mandate has existed at any time since GDRP came into full effect,
        way back in May 2018, over four full years ago now.  If any such
        legal mandate had in fact existed, then we all would have known
        about it long before now.

I actually presented on this very point at a RIPE meeting a few years ago, shortly after the introduction of GDPR.


        If there either is or was any actual legal basis or compelling legal
        motivation for this policy change, then this total obfsucation of
        natural person mailing addresses would have been implemented already,
        and some time ago.  But as we here in the real world all know, there
        are no actual GDPR policemen banging on RIPE's door and demanding
        this dramatic departure from literally all historical practice, both
        in the RIPE region and in all orther regions -- historical practice
        that dates back even well more than 20 years, since before even the
        formation of ARIN in 1997.

I advocated this in my presentation a few years ago. Everything takes time to effect on the RIPE community. If the appropriate authorities were to study the RIPE Database purposes, content and operation in detail they would indeed be knocking on some doors...

'Historical' practise is no guarantee of 'for life'.

cheers
denis 
Proposal author


Regards,
rfg

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg