Re: Privacy, Broadband, & the Database
=> I'm writing for your opinions, suggestions, and comments regarding updating => the RIPE database with assignments made for broadband (xDSL) customers. As => you may or may not be aware, ADSL is now being offered in the UK, which => has very strict data protection laws. We offer ADSL services as a NATted = =IP addresses and data related to them is international resource. =I don't think you should apply any law in UK when we talk about =RIPE(.int) resources. But that doesn't mean the people *collecting* customer related info *and transferring that data to somewhere abroad* would be exempt from local laws. Quite the opposite holds true for many (most?) countries... =I assume we are still supposed to maintain single nic-hdl per person. =What's the plan now, if my LIR would need to refer to the same contact =person? It doesn't make sense to direct any calls to your LIR, if the =problem lies at customer network at our LIR's addresses. It depends on the level of "responsibility" and functionality granted to and exercised by that end site. As I've said in a private mail already, we should ask the question about the usefulness of "assigning" (in the good old sense) very small amounts of addresses to sites which are tied in to the services of their provider anyway. I guess most of the ADSL, dial-up, cable-TV connection assignments sh/could be reviewed from that point of view. => phone: +44-845-272-0444 => remarks: Phone is Demon Internet Helpdesk = =The same rule should apply to all assignments. If a (home) network =contact person doesn't want to be 'listed', s/he can try to live =without real network and buy NAT from a provider. That's a very valid point. =If people think RIPE db contains too much sensitive information, =I would rather see the query results restricted somehow. For example =operators (LIRs) could have full query access, and the others =could merely receive pointers to the LIR for further information. This idea happens to pop always now and then, again and again. the last time I heard a proposal along those lines was at the Brisbane APNIC meeting. I then asked the following question: "So you are going to collect information, but you are going to hide it. Fair enough. Have you thought about criteria and/or mechanisms to disclose that information, either to entites with a "valid" interest and/or to law enforcement?" I did not receive a useful answer. Just as a virtual poll - would anyone in the RIPE region care to propose criteria and/or mechanism? Wilfried. _________________________________:_____________________________________ Wilfried Woeber : e-mail: Woeber@CC.UniVie.ac.at UniVie Computer Center - ACOnet : Tel: +43 1 4277 - 140 33 Universitaetsstrasse 7 : Fax: +43 1 4277 - 9 140 A-1010 Vienna, Austria, Europe : RIPE-DB: WW144, PGP keyID 0xF0ACB369 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Problems with windows? re-boot! Problems with unix? be root!
On Wed, Nov 29, 2000 at 01:25:30PM +0100, Wilfried Woeber, UniVie/ACOnet wrote:
=> I'm writing for your opinions, suggestions, and comments regarding updating => the RIPE database with assignments made for broadband (xDSL) customers. As => you may or may not be aware, ADSL is now being offered in the UK, which => has very strict data protection laws. We offer ADSL services as a NATted = =IP addresses and data related to them is international resource. =I don't think you should apply any law in UK when we talk about =RIPE(.int) resources.
But that doesn't mean the people *collecting* customer related info *and transferring that data to somewhere abroad* would be exempt from local laws. Quite the opposite holds true for many (most?) countries...
It depends on the level of "responsibility" and functionality granted to and exercised by that end site. As I've said in a private mail already, we should ask the question about the usefulness of "assigning" (in the good old sense) very small amounts of addresses to sites which are tied in to the services of their provider anyway. I guess most of the ADSL, dial-up, cable-TV connection assignments sh/could be reviewed from that point of view.
The name and address info in the RIPE database needs to contain the person (or organisation) responsible for a certain amount of IP space, in my opinion. So, if an ISP wants to be responsible for the IP space it hands out to customers, then the ISP should be free to fill in their own name and address. This gives ISPs the freedom to fill the RIPE db with names and addresses of customers (that saves them the hassle of dealing with for example abuse coming from that site), or putting their own name in it (meaning they have to respond actively to for example abuse reports, which is the ISP's job anyway).
I then asked the following question: "So you are going to collect information, but you are going to hide it. Fair enough. Have you thought about criteria and/or mechanisms to disclose that information, either to entites with a "valid" interest and/or to law enforcement?"
I did not receive a useful answer.
Just as a virtual poll - would anyone in the RIPE region care to propose criteria and/or mechanism?
Leave it as is. The current mechanism is fine, offering the information to virtually anyone. Keeping any information "private" to all LIRs is not going to be easy, and it's impossible to guarantee the data is never leaked. -- #!perl -pl # This kenny-filter is virus-free as long as you don't copy it $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):('m',p,f)[map{((ord$&)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet
On Wed, 29 Nov 2000, Jan-Pieter Cornet wrote: [skip] JC> > It depends on the level of "responsibility" and functionality granted to JC> > and exercised by that end site. As I've said in a private mail already, JC> > we should ask the question about the usefulness of "assigning" (in the JC> > good old sense) very small amounts of addresses to sites which are tied JC> > in to the services of their provider anyway. I guess most of the ADSL, JC> > dial-up, cable-TV connection assignments sh/could be reviewed from that JC> > point of view. Moreover, I think that if (and only if) ISP is ready to be responsible to its customer network toubleshooting (and I think many, if not most of them actually are ready), AND real network holder is private person, then ISP person MAY be used as network admin-c, possibly with approprate comments: fields. Using Customer's name and ISP's address/phones in one object is not appropriate, as for me... Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
At 12:25 PM 29/11/2000, Wilfried Woeber, UniVie/ACOnet wrote:
=The same rule should apply to all assignments. If a (home) network =contact person doesn't want to be 'listed', s/he can try to live =without real network and buy NAT from a provider.
That's a very valid point.
I don't agree. There should not have to be a tradeoff between IP address and privacy... you should not be forced to use NAT simply to protect your phone number. I think that the original solution of listing the provider is a good real-world workaround. -- Alex French Consultant, Technical Services E: afrench@vianetworks.com VIA NET.WORKS, Inc. T: +353 86 818 8118
participants (4)
-
Alex French
-
Dmitry Morozovsky
-
Jan-Pieter Cornet
-
Wilfried Woeber, UniVie/ACOnet