Privacy, Broadband, & the Database
Hello all. (Apologies if you got a 'subscribe' message from me earlier. I wasn't thinking about Majordomo for some reason.) I'm writing for your opinions, suggestions, and comments regarding updating the RIPE database with assignments made for broadband (xDSL) customers. As you may or may not be aware, ADSL is now being offered in the UK, which has very strict data protection laws. We offer ADSL services as a NATted service (with one large entry in the RIPE database like for dial-up customers) and a non-NAT service that includes an IP assignment. Our concern is that a large percentage of our non-NAT ADSL customers are either home users or home businesses. Updating the RIPE database with an IP assignment requires an end-user Admin contact, and the person object requires a telephone number. Worst case scenario is that we update the database for a home business or a home user with the customer's telephone number, his teenage daughter enters a chat room, and you can imagine the rest... After brief consultation with the RIPE NCC Hostmasters, we have begun updating the database with our role object as Tech Contact and the customer as Admin contact. For the phone number, we are using our own, noting as much in a 'remarks' field. For example: inetnum: 62.49.8.64 - 62.49.8.79 netname: PYAR-ADSL descr: DEMON ADSL CUSTOMER country: GB admin-c: PY84-RIPE tech-c: DHG5-RIPE status: ASSIGNED PA notify: hostmaster@demon.net mnt-by: AS2529-MNT changed: hostmaster@demon.net 20001115 source: RIPE <snip DHG5-RIPE> person: Phil Yarranton address: GB phone: +44-845-272-0444 nic-hdl: PY84-RIPE remarks: Phone is Demon Internet Helpdesk notify: hostmaster@demon.net mnt-by: AS2529-MNT changed: hostmaster@demon.net 20001115 source: RIPE However, I'm not sure that is the best option, and could lead to inconsistency. At what point do we determine (and should we determine?) if an obvoius business customer is home-based or office-based? Should we have one set of rules for the database for leased line & ISDN customers and another for ADSL? Or one set for business customers (regardless of home-based or office-based) and another for home users? Looking forward to your comments. :-) Sam Bradford ----------------------------------------------------------------- sam bradford, senior hostmaster sam.bradford@demon.net Demon Internet / Thus plc . hostmaster@demon.net Tel: +44-845-272-0666 . . http://www.demon.net/ Fax: +44-20-8371-1285 t h u s http://www.thus.net/
On Wed, Nov 22, 2000 at 03:21:50PM +0000, Sam Bradford wrote:
I'm writing for your opinions, suggestions, and comments regarding updating the RIPE database with assignments made for broadband (xDSL) customers. As you may or may not be aware, ADSL is now being offered in the UK, which has very strict data protection laws. We offer ADSL services as a NATted
IP addresses and data related to them is international resource. I don't think you should apply any law in UK when we talk about RIPE(.int) resources.
home users or home businesses. Updating the RIPE database with an IP assignment requires an end-user Admin contact, and the person object requires a telephone number. Worst case scenario is that we update the database for a home business ... After brief consultation with the RIPE NCC Hostmasters, we have begun updating the database with our role object as Tech Contact and the customer as Admin contact. For the phone number, we are using our own, noting as much in a 'remarks' field. For example:
I assume we are still supposed to maintain single nic-hdl per person. What's the plan now, if my LIR would need to refer to the same contact person? It doesn't make sense to direct any calls to your LIR, if the problem lies at customer network at our LIR's addresses.
phone: +44-845-272-0444 remarks: Phone is Demon Internet Helpdesk
The same rule should apply to all assignments. If a (home) network contact person doesn't want to be 'listed', s/he can try to live without real network and buy NAT from a provider. If people think RIPE db contains too much sensitive information, I would rather see the query results restricted somehow. For example operators (LIRs) could have full query access, and the others could merely receive pointers to the LIR for further information. -- Vesa Ruokonen - Internet Services, Telia Finland
On Wed, Nov 22, 2000 at 03:21:50PM +0000, Sam Bradford wrote:
I'm writing for your opinions, suggestions, and comments regarding updating the RIPE database with assignments made for broadband (xDSL) customers. As you may or may not be aware, ADSL is now being offered in the UK, which has very strict data protection laws. We offer ADSL services as a NATted
IP addresses and data related to them is international resource. I don't think you should apply any law in UK when we talk about RIPE(.int) resources.
I am afraif I would have to disagree with this. There are several examples that national law (in my case Norwegian Law) applies to my activites on the internet as long as I am a citizen of a country conducting business in that country. (even tough my serveres or my data may be somewere else.) My understanding of norwegian privacy laws I would be required to ask for explicit permission from the individuals to publish this data on the internet, and I am not allowed to publish such information if the individual refuses. (I assume that this is slightly different for information related to companies, but this is strictly speaking nothing I have checked with any lawyers.) So if I were to offer home networks with routable addresses to the consumer market I would not be able to runmy business unless I am alowed not to register private persons as contacts persons in the RIPE database. My common sensebased approach to this is that an ISP should be able to registere theese addesses with admin-c tech-c just as they register dialup modem addresses. Thet we have changed the service from offering a dial on demand for one Ip address to a permanent connection with a couple addresses should not _change_ this policy. (Thats what I personaly did when we launched CATV Internet services in 96/97) If anyone feels that is impossible under the current policy, I propose we change that policy to allow ISPs to respect their customers right to privacy. I do not think we should force ISPs to offer NAT based products trough policy. -hph
What's the plan now, if my LIR would need to refer to the same contact person? It doesn't make sense to direct any calls to your LIR, if the problem lies at customer network at our LIR's addresses.
In my opinion, for 99% of the consumer market you would have to talk to the ISP of the customer to have any technical or user behaviour problem fixed rather than the customer itself. You may want to have a look at what your national law says about tracing phone calls and how that can be done. In my country the general rule is for the police to get a court order to do so. The current practice in tracing end users trough logs and servers is the same. I personaly can't see the real difference for tracing people on the Internet. I know that there has been a real big difference here, but we have to realize that Internet is becoming an important part of our society so I belive it is important that we act responsibly with regards to peoples right to privacy. -hph
participants (3)
-
Hans Petter Holen
-
Sam Bradford
-
Vesa Ruokonen