2022-01 New Version Policy Proposal (Personal Data in the RIPE Database)
Dear colleagues, RIPE policy proposal 2022-01, "Personal Data in the RIPE Database" is now available for discussion again. The goal of this proposal is to allow the publication of verified Personal Data in the RIPE Database only when they are justified by its purpose. This proposal has been updated following the last round of discussion and is now at version 2.0. Some of the differences from version 1.0 include: - Publishing only country and region for natural persons - Making the current postal address publication optional for all - Allowing for the publication of different types of addresses in the future You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2022-01 As per the RIPE Policy Development Process (PDP), the purpose of this four week Discussion Phase is to discuss the proposal and provide feedback to the proposer. At the end of the Discussion Phase, the proposer, with the agreement of the WG Chairs, will decide how to proceed with the proposal. The PDP document can be found at: https://www.ripe.net/publications/docs/ripe-710 We encourage you to review this proposal and send your comments to db-wg@ripe.net before 15 July 2022. Kind regards, Angela Dall'Ara Policy Officer RIPE NCC
In message <579e6eed-f28e-bf83-f111-a69b2be9a04d@ripe.net>, Angela Dall'Ara <adallara@ripe.net> wrote:
RIPE policy proposal 2022-01, "Personal Data in the RIPE Database" is now available for discussion again.
The goal of this proposal is to allow the publication of verified Personal Data in the RIPE Database only when they are justified by its purpose.
I object to the policy proposal for reasons that I have laid out at some length on the Anti-Abuse Working Group's mailing list. Not that it matters. I'm sure that neither my vote nor those of the other folks who have also expressed reservations about this proposal won't count, and that the backers of this misguided proposal will declare consensus come hell or high water anyway. Nobody is asking for this, and nobody is demaning that RIPE hide valuable WHOIS data that has always been visible since the beginning of time, except for a couple of people who are harboring misplaced fetishes for privacy over transparency. Their time would be better invested in solving actual problems, rather than imagined ones. As I have said on the Anti-Abuse Working Group's mailing list, any member concerned about concealing their mailing address either (a) is up to no good or else (b) may easily and cheaply achieve the desired goal FOR THEMSELVES by renting a cheap P.O. box. (Any member who is unable to locate a supplier of cheap rental P.O. boxes local to them is probably too incompetent to qualify as a RIPE member anyway.) Regards, rfg
Hi Ronald On Fri, 17 Jun 2022 at 09:46, Ronald F. Guilmette via db-wg <db-wg@ripe.net> wrote:
In message <579e6eed-f28e-bf83-f111-a69b2be9a04d@ripe.net>, Angela Dall'Ara <adallara@ripe.net> wrote:
RIPE policy proposal 2022-01, "Personal Data in the RIPE Database" is now available for discussion again.
The goal of this proposal is to allow the publication of verified Personal Data in the RIPE Database only when they are justified by its purpose.
I object to the policy proposal for reasons that I have laid out at some length on the Anti-Abuse Working Group's mailing list.
If you want to 'justify' publishing the home addresses of natural persons in this open, public database then propose a change to the purposes of the database to argue a case for doing so.
Not that it matters. I'm sure that neither my vote nor those of the other folks who have also expressed reservations about this proposal won't count, and that the backers of this misguided proposal will declare consensus come hell or high water anyway.
Nobody is asking for this, and nobody is demaning that RIPE hide valuable WHOIS data that has always been visible since the beginning of time, except for a couple of people who are harboring misplaced fetishes for privacy over transparency. Their time would be better invested in solving actual problems, rather than imagined ones.
Let me quote some of the points from your rants on the Anti Abuse mailing list: "This prompts a rather obvious question: Do there exist any policies, rules, or regulations which would prevent a natural person from using any one of the several techniques I have listed above to obfsucate their actual physical location when they generate their RIPE organization WHOIS record? And more to the point, is it true or false that, as I have previously asserted, any member can put literally any inaccurate garbage they want into their public-facing RIPE WHOIS records with no consequence whatsoever?" So you are supporting various means "to obfuscate their actual physical location" and then in the very next sentence complaining about "inaccurate garbage" in the database. Your own arguments are contradictory. "Shoulda natural-person who actually WANTS to be directly contacted for any and all issues relating to their RIPE number resources have that opportunity closed out" There are contacts referenced in the database that allow contact "for any and all issues relating to their RIPE number resources". I doubt any member would like Ronald to visit them at their home to rant on their doorstep.
As I have said on the Anti-Abuse Working Group's mailing list, any member concerned about concealing their mailing address either (a) is up to no good or else (b) may easily and cheaply achieve the desired goal FOR THEMSELVES by renting a cheap P.O. box.
or (c) enter false data into an unverified, unchecked, mandatory field they don't want to fill in. (Any member who is
unable to locate a supplier of cheap rental P.O. boxes local to them is probably too incompetent to qualify as a RIPE member anyway.)
By making this unverified, unchecked field optional the less incompetent members can choose to enter a correct address or no address instead of false data, as recommended by the RIPE Database Task Force. cheers denis proposal author
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
I have already and on multiple occasions made my views known regarding the currently pending proposal to have RIPE NCC perform a unrequested and blanket redaction of all natural person snail-mail address information from the RIPE data base. Nontheless, I will now attempt to briefly recap my objections to this proposal, and then, in a separate email to follow, I will attempt to repsond directly to some of the points made most recently by the main proponent of this proposal, denis. In brief, I am opposed because: *) This change, if adopted, would materially damage transparency in a manner that is unambiguously detrimental to the interests of law enforcement, private anti-abuse researchers, and the community as a whole. This change, if implemented, would be of benefit primarily and perhaps even exclusively to cybercriminals and other types of Internet miscreants. *) Any member who wishes to have his, or her, or its actual physical address concealed in the public-facing WHOIS data base can effect that exact change for themselves, easily and cheaply, without any assistance or intervention of the part of RIPE NCC. This can be accomplished by renting a P.O. box and/or by any number of other and similar means, as I have previously noted. The very fact that nobody, or essentially nobody has, to date, elected to hide their physical address via such means itself supports the validity of my next point. *) Essentially nobody is asking for this change. This proposal is an example of the tail waging the dog, i.e. a tiny, vocal, and otherwise insignificant but noisy minority dictating a poor policy choice which, if adopted, the entire RIPE community (and indeed the entire planet) will have to pay the price for, forever after -- that price being not only the effort needed on RIPE NCC's part to implement this change, but more importantly the price of a loss of transparency, and the short and long term implications of that. (I expect that if this scheme of forced and unrequested redactions is adopted, it will not be the last such change, and that the ultimate endpoint actually desired by those opposed to transparency will be that the entire RIPE WHOIS data base will eventually be placed under lock and key, never again to be seen by anyone not possessing a formal legal warrant. This, of course, would be an absolute disaster for the community of actual network operators, as differentiated from armchair privacy warriors.) *) Contrary to the ill-informed and fuzzy legal musings of the lone two proponents of this proposal, there exists no legal basis for such a change to the public facing data base. The postulated legal mandate regarding the content of the data base (or, more accurately, on the absence of content) simply does not exist, and no such legal mandate has existed at any time since GDRP came into full effect, way back in May 2018, over four full years ago now. If any such legal mandate had in fact existed, then we all would have known about it long before now. If there either is or was any actual legal basis or compelling legal motivation for this policy change, then this total obfsucation of natural person mailing addresses would have been implemented already, and some time ago. But as we here in the real world all know, there are no actual GDPR policemen banging on RIPE's door and demanding this dramatic departure from literally all historical practice, both in the RIPE region and in all orther regions -- historical practice that dates back even well more than 20 years, since before even the formation of ARIN in 1997. Regards, rfg
Ronald On Sun, 19 Jun 2022, 11:50 Ronald F. Guilmette via db-wg, <db-wg@ripe.net> wrote:
I have already and on multiple occasions made my views known regarding the currently pending proposal to have RIPE NCC perform a unrequested and blanket redaction of all natural person snail-mail address information from the RIPE data base.
The RIPE NCC will not be redacting anything. And let's be clear, we are talking here about 'postal' addresses. Nontheless, I will now attempt to briefly recap my objections
to this proposal, and then, in a separate email to follow, I will attempt to repsond directly to some of the points made most recently by the main proponent of this proposal, denis.
In brief, I am opposed because:
*) This change, if adopted, would materially damage transparency in a manner that is unambiguously detrimental to the interests of law enforcement, private anti-abuse researchers, and the community as a whole. This change, if implemented, would be of benefit primarily and perhaps even exclusively to cybercriminals and other types of Internet miscreants.
There is no transparency in undefined, unverified data.
*) Any member who wishes to have his, or her, or its actual physical address concealed
'actual' is an interesting choice of wording. This 'actual' address is actually undefined to anyone but the person who entered it. in the public-facing WHOIS data base can effect
that exact change for themselves, easily and cheaply, without any assistance or intervention of the part of RIPE NCC.
This can be
accomplished by renting a P.O. box and/or by any number of other and similar means, as I have previously noted.
Similar means, ie entering false, meaningless free text data. Or a PO box which Europol considered a dead end in their video I referenced.
The very fact that nobody, or essentially nobody has, to date, elected to hide their physical address via such means itself supports the validity of my next point.
Many people do use a PO box or misleading addresses, as mentioned by Europol in their video.
*) Essentially nobody is asking for this change. This proposal is an example of the tail waging the dog, i.e. a tiny, vocal, and otherwise insignificant but noisy minority dictating a poor policy choice which, if adopted, the entire RIPE community (and indeed the entire planet) will have to pay the price for, forever after -- that price being not only the effort needed on RIPE NCC's part to implement this change,
Nothing more than their normal ARCs but more importantly the price of a loss of transparency, and
the short and long term implications of that.
Loss of false and misleading data.
(I expect that if this scheme of forced and unrequested redactions is adopted, it will not be the last such change, and that the ultimate endpoint actually desired by those opposed to transparency will be that the entire RIPE WHOIS data base will eventually be placed under lock and key, never again to be seen by anyone not possessing a formal legal warrant. This, of course, would be an absolute disaster for the community of actual network operators, as differentiated from armchair privacy warriors.)
Please stop these emotive, utter nonsense, slippery slope, scare mongering arguments.
*) Contrary to the ill-informed and fuzzy legal musings of the lone two proponents of this proposal, there exists no legal basis for such a change to the public facing data base. The postulated legal mandate regarding the content of the data base (or, more accurately, on the absence of content) simply does not exist, and no such legal mandate has existed at any time since GDRP came into full effect, way back in May 2018, over four full years ago now. If any such legal mandate had in fact existed, then we all would have known about it long before now.
I actually presented on this very point at a RIPE meeting a few years ago, shortly after the introduction of GDPR.
If there either is or was any actual legal basis or compelling legal motivation for this policy change, then this total obfsucation of natural person mailing addresses would have been implemented already, and some time ago. But as we here in the real world all know, there are no actual GDPR policemen banging on RIPE's door and demanding this dramatic departure from literally all historical practice, both in the RIPE region and in all orther regions -- historical practice that dates back even well more than 20 years, since before even the formation of ARIN in 1997.
I advocated this in my presentation a few years ago. Everything takes time to effect on the RIPE community. If the appropriate authorities were to study the RIPE Database purposes, content and operation in detail they would indeed be knocking on some doors...
'Historical' practise is no guarantee of 'for life'. cheers denis Proposal author
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
In message <CAKvLzuHZ_ncW4GS2ZNkv=1ico76KBM+URwQbG+r9AHnRy21qhw@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
The RIPE NCC will not be redacting anything. And let's be clear, we are talking here about 'postal' addresses.
Then I must have misunderstood. Who exactly wil be redacting the mailing addresses from the data base? You? Some committee? The GDPR fairy?
Many people do use a PO box or misleading addresses, as mentioned by Europol in their video.
Thank you for admitting that your proposal is both superfluous and unnecessary, and for confirming that anyone who wishes to not have their physical address published can already and easily arrange for that to be the case, even WITHOUT any help from the community, from NCC, or from the GDPR fairy.
but more importantly the price of a loss of transparency, and the short and long term implications of that.
Loss of false and misleading data.
So you are proposing ONLY to redact "false and misleading" data? Swell! I am all for that! But first maybe you ought to tell us who will make the determination of what data is false and mislading, and on what basis they will make that determination. Will someone be permitted to compare the public WHOIS data to the actual bona fides documents that NCC has on file for each member? And if so, who, exactly will be granted this kind of privileged access to NCC's store of actual bona fides documents? (I have previously asked to see one -individual- set of such documents for -one- lone and highly suspicious member, and I was shut down cold by RIPE legal. But I guess you are in a more exhaulted and privileged postion than I am.) Also, if your main idea is to eliminate false and misleading data from the data base, then why stop at just the snail-mail addresses of only the "natural person" members? Isn't what's good for the goose good for the gander also? Assuming so, then why aren't you proposing to eliminate ALL false and misleading data from the data base and for ALL categories of members? It would appear that your real goal is not to eliminate "false and misleading" data at all, but just simply to eliminate some small subset of data that is currently public and that you personally find offensive for some reason. Also, of course, as I have stated, I am very much in favor of eliminating ALL false and misleading data from the public WHOIS data base, provided that it is replaced with true and correct data. If you are proposing to do *that* for all WHOIS fields and for all members, then please propose *that* and I will support it wholeheartedly.
Please stop these emotive, utter nonsense, slippery slope, scare mongering arguments.
Please explain. Are you offering the membership, the community, or the Internet-using public as a whole your personal guarrantee that you won't be back here in six months time arguing, based on the exact same "logic" that you are using now, that phone numbers are private data and that they also should be totally redacted from the data base? And are you offering a guarrantee that six months after that you won't be coming back yet again, and demanding that all email addresses be redacted from the public WHOIS? And if you *are* offering us all your personal guarrantee that this will absolutely and positively be your "last territorial demand in Europe" what are you willing to put up as collateral to back up this perssonal guarrantee? As I have already explained at length, the "logic" you are using today to support this present proposal to redact out snail-mail addreses is quite obviously applicable also to EVERY other data base field that contains Personally Identifiable Information (PII). You cannot either deny or dismiss this as "scare mongering" because it is an obvious fact. The clear implication is that you WILL be back, next week, next, month, or next year, arguing that phone numbers and email addresses are "PII" and that thus, those things also "must" all be redacted. This isn't wild-eyed speculation. It is the obvious and unavoidable implication of your present position. PII is PII. If publishing some of it is "bad", then publishing ANY of it is "bad".
*) Contrary to the ill-informed and fuzzy legal musings of the lone> two proponents of this proposal, there exists no legal basis for such a change to the public facing data base. The postulated legal mandate regarding the content of the data base (or, more accurately, on the absence of content) simply does not exist, and no such legal mandate has existed at any time since GDRP came into full effect, way back in May 2018, over four full years ago now. If any such legal mandate had in fact existed, then we all would have known about it long before now.
I actually presented on this very point at a RIPE meeting a few years ago, shortly after the introduction of GDPR.
Yes. And? My point stands, and your statement only reinforces it. Even four years after GDPR came into effect, and even several years after you made a presentation about this alleged "issue", there -still- are no GDPR police breaking down the door of RIPE headquarters and/or demanding that all PII be immediately removed from the data base. If there's any actual legal issue here, it seems to have engendered only yawns all around. And yet here you are, misrepresenting to everyone that this is a legal issue that really and truly needs to be urgently "solved" right now. Please forgive me for expressing a healthy bit of skepticism and incredulity. To be clear, it isn't me who is using "emotive, utter nonsense" to try to stampede people into making a bad policy choice. You're not even an attorney and yet you've trotted out this bogus "GDPR" argument to try to justify that which cannot otherwise be justified on the merits. You cannot make the case on the merits, so instead you've tried to scare all of the other non-attorneys here by using some vague references to GDPR without ever once noting any of the numerous exceptions and carve outs in that legislation which would (and that do) clearly allow RIPE to just keep on doing what it has been doing, not only for the past four years, but for the past twenty. Regards, rfg
Below I respond to denis' recent points made here regarding the pending proposal to have RIPE NCC obscure all natural person mailing addresses... whether those natural persons desire it or not. In message <CAKvLzuH8UJpJRVeKq5f3OfMLFGffWeoUmq+xvLdBLJ-u25ZZ=A@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
If you want to 'justify' publishing the home addresses of natural persons in this open, public database then propose a change to the purposes of the database to argue a case for doing so.
I do not believe that it is in any way incumbant upon me to "justify" what is, what has been, and what remains common practice in all regions. Rather, it is incumbant on those proposing a deviation from a widely-accepted system that has served the community well for 20+ years to justify a proposed departure from that existing norm and practice. In short, the burden of proof is on you, not me.
So you are supporting various means "to obfuscate their actual physical location" and then in the very next sentence complaining about "inaccurate garbage" in the database. Your own arguments are contradictory.
I am opposed to there being an -official- condoning and/or (even worse) an official -enforcement- of deliberate obfsucation of any fields of the WHOIS data base. If there are the occasional rare persons who can make an objectively supportable claim that they really need to have *both* number resources *and* also confidentiality of their physical address, then let those rare persons use a P.O. box number for their physical address or else let them apply specially and -individually- to RIPE NCC for some special dispensation from the default norm of entirely public WHOIS data. This is the difference in our positions. You would have secrecy and deliberate obfsucation be the new default and the new norm. I would prefer to maintain the existing and longstanding norm that obfsucation of contact information is offically -discouraged- rather than being officially -encouraged- (and perhaps even, as you would have it, universally -enforced-, whether any individual affected member even wants it or not). What gives you or anyone the right to take away a member's rights to have their true and actual mailing address in their own public WHOIS records? Because that is, after all, what you are proposing, right? You have not proposed to -ask- each affected member if they want to have their mailing address obscured or not, correct? You just want to impose this on -all- natural person members, in a top-down and dictatorial fashion, whether any given affected member likes it or not, right?
There are contacts referenced in the database that allow contact "for any and all issues relating to their RIPE number resources". I doubt any member would like Ronald to visit them at their home to rant on their doorstep.
OK, so why are you limiting this proposal to only natural person members? Are you suggesting that natural person members don't want me to visit their actual physical location, but companies who are RIPE members do? So now, why don't you re-submit this proposal and instead propose that *all* mailing address information, including even the country name, be redacted from the data base for *all* members? Because that's obviously where you really want to go with all this. So let's just cut to the chase and redact *all* mailing address inormation for *all* members. What's good for the goose is good for the gander also, right? So let's just bite the bullet and go directly to your real end goal which is to redact *all* physical address information, from all data base records. Makes perfect sense, based on your logic. And while we are at it, we might as well redact all phone numbers too, becuse I'm sure that you can make a compelling case that no natural person member wants to ever receive any phone calls directly from Ron Guilmette either, any more than they would want to have me visiting their physical address. OK, good! Now we are making real progress! So you agree that we should redact all physical address information for all members, regarding of whether they are natural persons or not, and likewise and based on the exact same logic, we should redact all of the phone numbers from all WHOIS records also, right? Email addresses should be the next to go, obviously. I mean who wants to have random people emailing them anymore, here in 2022? Because everybody or almost everybody has a "contact us" form on their web site, right? OK, good, so we can redact out all of the email addresses also, by your logic. Now we are at a point where there is so little left that we might as well just throw the whole remaining RIPE WHOIS data base behind a paywall and use it to generate more revenue for RIPE NCC so that annual member fees can then be reduced accordingly. This is the inescapable endpoint of the logic and world-view and value system underlying your proposal. So why waste time with half-measures? Are you just trying to sneak in the totality of the redactions that you really and ultimately want by proposing them little-by-little... a tiny step here, a tiny cut there... until you have achieved the total annihilation of the public data base via the political expedient of doing it slowly and via a thousand cuts... so slowly that nobody is even going to notice what's really going on until it is too late to do anything about it?
As I have said on the Anti-Abuse Working Group's mailing list, any member concerned about concealing their mailing address either (a) is up to no good or else (b) may easily and cheaply achieve the desired goal FOR THEMSELVES by renting a cheap P.O. box.
or (c) enter false data into an unverified, unchecked, mandatory field they don't want to fill in.
Whose fault is it that even now, the RIPE public WHOIS data base contains boatloads of unverified garbage? It is the community's fault, because the community has failed to adopt any rule requiring the public WHOIS data reflect known (to NCC) and objective reality. You can't have it both ways. You can't on the one hand decry, as I do, the fact that there are no rules in place which would force public WHOIS data to be accurate, and then in the same breath say that your "solution" to the problem of inaccurate data is simply for NCC to stop publishing -any- data. No. The way to fix the problem is to fix the problem. I propose, here and now, that upon reciept of any report or query, sent to RIPE NCC, which suggests that any WHOIS record may contain invalid or inaccurate data, that RIPE NCC should compare the data in the public WHOIS to the bona fide documents that NCC has on file for the relevant members, and if there is any notable discrepancy between the two, then NCC should manually substitute into the public WHOIS record the accurate and correct information, as obtained from NCC's own files. (Of course, I am sure that this proposal will receive the exact same genuine, fair, even handed, and thoughtful consideration as has every other proposal that I have put forward here, which is to say absolutely none. Apparently, only RIPE WG chairs and/or close friends thereof are allowed to ssuggest or submit any proposals in any RIPE WG, and if one isn't pals with the Right People, then one can go pound sand. This disgusting and blatant favoritism is, of course, why I mostly don't waste my time in any RIPE WGs anymore. Because what's the point? The die has already been cast.) The bottom line is here that your "solution" for bad published data is simply to stop publishing the data. This is the kind of "solution" I'd expect from a six year old. And this is the kind of thinking, logic, and world-view that must -inevitably- lead to taking the whole data base offline and making only selected excerpts of it available, and only to law enforcement, and only when they have a warrant issued, specifically, by a Dutch court. I say that because once you start down this road... the road of deliberately hiding stuff because of some imagined anti-privacy boogy-man... your appetite for ever more redactions will be insatiable and it will never be quenched until literally evrything is secret. This is quite clearly your vision of how things should evolve into the future. And your political plan, quite clearly, is to just get the community to go along with just taking many small steps, redacting more and more and more, little by little, until the data base has effectively disappeared like some sort of Cheshire Cat. My vision, in contrast, is for a future where every field in the WHOIS data bases of -all- RIRs is accurate and has been verified, where criminals and miscreants can no longer play silly buggers by deliberately putting garbage into their public-facing WHOIS records, and where those few and far between natural persons, if any, who can demonstrate a -legitimate- need for -both- number resources -and- also privacy of their physical addresses may request the latter from NCC, which would be emmpowered to grant special dispensation for any such cases on a case by case basis. What else can I say? Our values as well as our ultimate goals are quite clearly at odds. I just wish that my world view had at least a fighing chance, but that's pretty clearly not going to happen. Not in this WG and not in this region anyway. Regards, rfg
Ronald Many of your comments are insulting and unprofessional. Much of what you've written below is utter nonsense. Some of your most emotive nonsense I've simply cut out. As the proposal author I feel compelled to keep reinforcing the truth over you nonsense. Your style is totally contrary to the stated aims of RIPE to be a diverse and inclusive community. On Sun, 19 Jun 2022, 13:42 Ronald F. Guilmette via db-wg, <db-wg@ripe.net> wrote:
Below I respond to denis' recent points made here regarding the pending proposal to have RIPE NCC obscure all natural person mailing addresses... whether those natural persons desire it or not.
The RIPE NCC does not enter or maintain the data in question and will not be obscuring anything.
In message <CAKvLzuH8UJpJRVeKq5f3OfMLFGffWeoUmq+xvLdBLJ-u25ZZ= A@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
If you want to 'justify' publishing the home addresses of natural persons in this open, public database then propose a change to the purposes of the database to argue a case for doing so.
I do not believe that it is in any way incumbant upon me to "justify" what is, what has been, and what remains common practice in all regions. Rather, it is incumbant on those proposing a deviation from a widely-accepted system that has served the community well for 20+ years to justify a proposed departure from that existing norm and practice.
In short, the burden of proof is on you, not me.
As an armchair lawyer you have totally failed. GDPR does require the purposes of the database to justify the processing of personnel data. The current defined purposes do not do this for this data.
So you are supporting various means "to obfuscate their actual physical location" and then in the very next sentence complaining about "inaccurate garbage" in the database. Your own arguments are contradictory.
I am opposed to there being an -official- condoning and/or (even worse) an official -enforcement- of deliberate obfsucation of any fields of the WHOIS data base.
So voluntary obfuscation is ok? If there are the occasional rare persons who can make an
objectively supportable claim that they really need to have *both* number resources *and* also confidentiality of their physical address, then let those rare persons use a P.O. box number for their physical address or else let them apply specially and -individually- to RIPE NCC for some special dispensation from the default norm of entirely public WHOIS data.
Some telecom companies enter hundreds of thousands of customer details into the RIPE Database including personal names and addresses. These people, in reality, have probably never heard of the RIPE Database or the RIPE NCC. These are the very people GDPR is intended to protect.
This is the difference in our positions. You would have secrecy and deliberate obfsucation be the new default and the new norm. I would prefer to maintain the existing and longstanding norm that obfsucation of contact information is offically -discouraged- rather than being officially -encouraged- (and perhaps even, as you would have it, universally -enforced-, whether any individual affected member even wants it or not).
What gives you or anyone the right to take away a member's rights to have their true and actual mailing address in their own public WHOIS records?
Again you simply don't understand the issue. "their true and actual". This address is 'defined' in the database documentation as "The postal address of a contact related to the organisation". That can be anyone based in any location in the world, as Europol have discovered. They find several addresses for the same organisation in different parts of the world. This postal address, as defined, really had no meaning to anyone besides whoever entered the data. Because that is, after all, what you are proposing, right? You have not
proposed to -ask- each affected member if they want to have their mailing address obscured or not, correct? You just want to impose this on -all- natural person members, in a top-down and dictatorial fashion, whether any given affected member likes it or not, right?
Including those hundreds of thousands of telecom customers who don't even realise their personal details are so openly exposed. This isn't only about members but end users as well.
There are contacts referenced in the database that allow contact "for any and all issues relating to their RIPE number resources". I doubt any member would like Ronald to visit them at their home to rant on their doorstep.
OK, so why are you limiting this proposal to only natural person members? Are you suggesting that natural person members don't want me to visit their actual physical location, but companies who are RIPE members do?
By making this postal address field optional companies can also choose not to enter an address.
So now, why don't you re-submit this proposal and instead propose that *all* mailing address information, including even the country name, be redacted from the data base for *all* members?
It will be optional. Because that's obviously where you
really want to go with all this. So let's just cut to the chase and redact *all* mailing address inormation for *all* members. What's good for the goose is good for the gander also, right? So let's just bite the bullet and go directly to your real end goal which is to redact *all* physical address information, from all data base records. Makes perfect sense, based on your logic.
We are talking about a specific, meaningless postal address. [Utter nonsense removed]
As I have said on the Anti-Abuse Working Group's mailing list, any member concerned about concealing their mailing address either (a) is up to no good or else (b) may easily and cheaply achieve the desired goal FOR THEMSELVES by renting a cheap P.O. box.
or (c) enter false data into an unverified, unchecked, mandatory field they don't want to fill in.
Whose fault is it that even now, the RIPE public WHOIS data base contains boatloads of unverified garbage?
The very fact that some data is unverified means it is not checked. So no one knows of it is true or not. We take it on trust that entered data is correct. It is the community's fault, because the
community has failed to adopt any rule requiring the public WHOIS data reflect known (to NCC) and objective reality.
You cannot verify I'll defined, free text data.
You can't have it both ways. You can't on the one hand decry, as I do, the fact that there are no rules in place which would force public WHOIS data to be accurate, and then in the same breath say that your "solution" to the problem of inaccurate data is simply for NCC to stop publishing -any- data.
No. The way to fix the problem is to fix the problem.
I propose, here and now, that upon reciept of any report or query, sent to RIPE NCC, which suggests that any WHOIS record may contain invalid or inaccurate data,
Again you simply don't understand what you are talking about. BY DEFINITION this free text postal address is of A contact RELATED to the organisation. Good luck proving any address entered into this field is false. that RIPE NCC should compare the data in the public WHOIS
to the bona fide documents that NCC has on file for the relevant members, and if there is any notable discrepancy between the two, then NCC should manually substitute into the public WHOIS record the accurate and correct information, as obtained from NCC's own files.
Again you don't understand. The RIPE NCC does not hold on file details of all contacts related to member organisations. Even if they did, they are not allowed to publish confidential details held in a non public record into a public database without consent.
(Of course, I am sure that this proposal will receive the exact same genuine, fair, even handed, and thoughtful consideration as has every other proposal that I have put forward here, which is to say absolutely none. Apparently, only RIPE WG chairs and/or close friends thereof are allowed to ssuggest or submit any proposals in any RIPE WG, and if one isn't pals with the Right People, then one can go pound sand. This disgusting and blatant favoritism is, of course, why I mostly don't waste my time in any RIPE WGs anymore. Because what's the point? The die has already been cast.)
This is just purely insulting...
My vision, in contrast, is for a future where every field in the WHOIS data bases of -all- RIRs is accurate and has been verified,
That is simply not possible for all data fields. cheers denis Proposal author
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
In message <CAKvLzuFA0y8mOzPiiy4tHBCRUNUBbQgJc-DD54E-S+0TW=StiA@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
Many of your comments are insulting and unprofessional. Much of what you've written below is utter nonsense.
Since this is directed at me, very personally, I claim the right of reply. If we're going to talk about discourtesy and unprofessionalism, then by all means let's do that. Denis, you have been uncourteous, unprofessional, and dismissive of me and all of the several informal proposals that I have floated on this list from the beginning. Not a single one of those proposals has ever received even any reasoned debate nor any fair hearing here, much less an actual show of hands. Nontheless, I have noticed that each proposal that -you- have authored and/or that -you- have a personal interest in has somehow managed to always float to the top of the stack for the group's consideration. Now why would that be, exactly? Where I come from "professionalism" involves a bit more than just being slavish, subserviant, and deferential towards those in positions of authority. It also entails the avoidance of even the apperance of a conflict of interest. Apparently, that particular aspect of professionalism has not yet migrated over to your side of the pond. And thus we have a situation where the chaiman of a RIPE Working Group is also and simultaneously an active and vocal advocate for his own pet propoosals, even as he is dismissing others out of hand that don't appeal to his personal predilections and preferences. This is not the kind of even-handed "neutral referee" role that I personally would have hoped for or expected of a Working Group chair, and it does not comport with "professionalism" in any of the senses in which I understand that word. For my own part, I confess that I am blunt and direct in my style of making my points. This is something that I am not at all prepared to apologize for. I call a spade a spade, and this alone rubs a lot of people the wrong way. But I have not and do not argue in bad faith, or in favor of any position or proposition which I do not fully believe in. When I am direct, it is typically because I see the Right Answer as being both obvious and unavoidable. I am no longer surprised that persons I have argued against often wish to take issue not with the substance of my arguments, but with the manner of my presentation. So be it. What I can say, and what I do say, by way of defense in the present context, is that I have no ulterior motive, no hidden agenda, that I have earnestly and with candor stated my true position, and that unlike you, denis, I have no immediately apparent conflict of interest when it comes to the ordering of, or the consideration of proposals pending before this Working Group. Regard, rfg
Ronald Throughout this and other discussions you constantly use unprofessional language and personal insults and make unsubstantiated accusations. You don't call a spade a spade, you call a spade a "privacy fetishist" and an "extremist". Personally I don't care what you call me. But if you turn one person away from this discussion because of what you say, that is bad news for this community. I know that IS the case with this privacy discussion. Now you are using the classic double bluff tactic of accusing your opponents of doing what you are doing as a deflection tactic. If you feel I have been unprofessional in my approach to you then by all means raise a code of conduct issue. I will happily defend my position. Otherwise please try to conduct this discussion in a professional manner without the personal insults and accusations. denis On Mon, 20 Jun 2022, 05:56 Ronald F. Guilmette via db-wg, <db-wg@ripe.net> wrote:
In message <CAKvLzuFA0y8mOzPiiy4tHBCRUNUBbQgJc-DD54E-S+0TW= StiA@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
Many of your comments are insulting and unprofessional. Much of what you've written below is utter nonsense.
Since this is directed at me, very personally, I claim the right of reply.
If we're going to talk about discourtesy and unprofessionalism, then by all means let's do that.
Denis, you have been uncourteous, unprofessional, and dismissive of me and all of the several informal proposals that I have floated on this list from the beginning. Not a single one of those proposals has ever received even any reasoned debate nor any fair hearing here, much less an actual show of hands. Nontheless, I have noticed that each proposal that -you- have authored and/or that -you- have a personal interest in has somehow managed to always float to the top of the stack for the group's consideration. Now why would that be, exactly?
Where I come from "professionalism" involves a bit more than just being slavish, subserviant, and deferential towards those in positions of authority. It also entails the avoidance of even the apperance of a conflict of interest.
Apparently, that particular aspect of professionalism has not yet migrated over to your side of the pond. And thus we have a situation where the chaiman of a RIPE Working Group is also and simultaneously an active and vocal advocate for his own pet propoosals, even as he is dismissing others out of hand that don't appeal to his personal predilections and preferences.
This is not the kind of even-handed "neutral referee" role that I personally would have hoped for or expected of a Working Group chair, and it does not comport with "professionalism" in any of the senses in which I understand that word.
For my own part, I confess that I am blunt and direct in my style of making my points. This is something that I am not at all prepared to apologize for. I call a spade a spade, and this alone rubs a lot of people the wrong way. But I have not and do not argue in bad faith, or in favor of any position or proposition which I do not fully believe in. When I am direct, it is typically because I see the Right Answer as being both obvious and unavoidable.
I am no longer surprised that persons I have argued against often wish to take issue not with the substance of my arguments, but with the manner of my presentation. So be it.
What I can say, and what I do say, by way of defense in the present context, is that I have no ulterior motive, no hidden agenda, that I have earnestly and with candor stated my true position, and that unlike you, denis, I have no immediately apparent conflict of interest when it comes to the ordering of, or the consideration of proposals pending before this Working Group.
Regard, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
In message <CAKvLzuE=GYLG9dD-A6+teEF9UG-p+CJVqbfEJYW4VJuzq6qZjw@mail.gmail.com
, denis walker <ripedenis@gmail.com> wrote:
Throughout this and other discussions you constantly use unprofessional language and personal insults and make unsubstantiated accusations.
You don't call a spade a spade, you call a spade a "privacy fetishist" and an "extremist".
It *is* extremist to propose to destroy 20+ years of smooth functioning precedent, all just for the sake of one or two malcontents and/or due to some misunderstandings of what GDPR actually requires. I am still stunned that you ever proposed this! Don't law enforcement and private security researchers already have a hard enough time without you prosing to dismantle and take away one of the few tools we have left??
If you feel I have been unprofessional in my approach to you then by all means raise a code of conduct issue. I will happily defend my position.
So you DO NOT think that you have a conflict of interest, even when you are pushing -your- pet proposals to the top of the stack, and even while you are either ignoring or denigrating mine? And you think that being the Working Group chair -and- an advocate for -just- your own proposals is altogether right and proper?
Otherwise please try to conduct this discussion in a professional manner without the personal insults and accusations.
I haven't insulted anybody. I have spoken the truth. Your personal biases are not permitting you to see the difference. I ask again: Where is the crowd of people who have requested this attempt to further hobble the data base? Bring forth this multitude and let us all talk to them! You can't, because it's just you and one small member. That's the tail wagging the dog, and yes, I call it extremism because you are proposing to dismantle a whole system (WHOIS) that has already been honed and refined over 20+ years and that remains a productive and useful tool, not just in the RIPE region but in -all- regions. Regards, rfg
In message <CAKvLzuFA0y8mOzPiiy4tHBCRUNUBbQgJc-DD54E-S+0TW=StiA@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
The RIPE NCC does not enter or maintain the data in question and will not be obscuring anything.
Alright then. Who exactly ARE you proposing to assign the task of redacting the snail-mail address fields to?
As an armchair lawyer you have totally failed. GDPR does require the purposes of the database to justify the processing of personnel data. The current defined purposes do not do this for this data.
I see. So I am a rank amateur while you however are licensed to dispense legal opinions. Would it be inappropriate then for me to ask to see a copy of -your- law license? More to the point, even if you were correct in your assesment of applicable GDPR provisions... and I do not by any means conceed that you are... then might it not also and likewise be successfully argued that GDPR requires RIPE to redact all natural person phone numbers, email addresses, and even their names? And if that is true, then why aren't you proposing THAT even more extensive set of (forced) redactions?
I am opposed to there being an -official- condoning and/or (even worse) an official -enforcement- of deliberate obfsucation of any fields of the WHOIS data base.
So voluntary obfuscation is ok?
As a practical matter, it hadly matters whether *I* think it is OK or not. As you yourself noted, it is being done, right now, by many parties, whether you or I like it or not, and regardless of whether it is officially condoned or not. People who felt some need for such "privacy" have already implemented their own "self serve" WHOIS privacy without any prompting or encouragement from any of us. I personally view this as a problem, but as long as RIPE has zero rules and zero procedures which would prevent members from putting whatever they like into their WHOIS records, people are going to do whatever they like. So really, the only question before us now is: Do we want to "officially" encourage this sort of thing, or do we want to officially discourage this sort of thing. I want the latter, while you want the former.
Some telecom companies enter hundreds of thousands of customer details into the RIPE Database including personal names and addresses.
Really? Name two.
These people, in reality, have probably never heard of the RIPE Database or the RIPE NCC. These are the very people GDPR is intended to protect.
Wait! In the scenario you've just described... which I have yet to be persuaded is even something that's actually going on... if the natural persons who had their names, email addresses, phone numbers, and street addresses exposed as a result of the (alleged) actions of these (alleged) telecoms were to actually sue somebody for these blatant affronts to their privacy rights, then who would they sue? RIPE? Or those wayward and careless telecoms that, in the first instance, dispensed all this personal information in clear violation of GDPR? It seems to me that in the scenario as you've described it, it is the telecoms alone that would be clearly and solely at fault for the eggregious spilling of PII in clear contravention to the edicts of GDPR, and that RIPE would bear -zero- liability or responsibility for the unnecessary transmittal or publication of private data. Consider an analogy: I run a dry cleaning shop in Hamburg. You are my friend. One day I let you into my back office and let you copy down the names and addresses of many, most, or all of my customers. You then go back home to the U.S.A. or to Zimbabwe, or at any rate to some jurisdiction where GDPR does not apply. You then put all those names and address on your public web site? Who is liable for this "leak" of PII, under GDPR? Me or you? I am really looking forward to seeing your list of EU telecoms that are doing bulk transfers, willy nilly, of customer PII, into the RIPE data base.
What gives you or anyone the right to take away a member's rights to have their true and actual mailing address in their own public WHOIS records?
Again you simply don't understand the issue. "their true and actual". This address is 'defined' in the database documentation as "The postal address of a contact related to the organisation". That can be anyone based in any location in the world, as Europol have discovered.
Sounds like a definite problem to me! So lets fix that. Let's require *at least* the REAL name and address of each member to be present in that member's public WHOIS record. Every new member has to submit some identifying documents at the time they first become members, right? If it is a corporation, then a copy of the formal and legal incorporation document(s) must be submitted as part of the application process. If it is person, then either a copy of that person's passport or some other form of government-issued identification document must be submitted as part of the new/prospective member's application for membership, right? So we take this "real" member name & address info, copy it off those bona fide documents, and stick the same data into the member's public-facing WHOIS record. Is this just, like, too simple, or what? As I have said, if there are natural person journalists, or activists, or other folks who have other issues pertaining to lifestyle or whatever, and who can make at least a prima facia case that they need to have both (a) number resources AND also (b) privacy of their PII, then allow NCC to accept their requests to be exempt from publication of their PII on a case by case basis. For everybody else however, what you see (in the public WHOIS) is what you get, i.e. the real names and the real addresses. Problem solved! And everybody's happy. The only people who could be against this are people intent on committing fraud or some other kind of nefarious skulduggery on the Internet WHILE USING THEIR ASSIGNED NUMBER RESOURCES.
So now, why don't you re-submit this proposal and instead propose that *all* mailing address information, including even the country name, be redacted from the data base for *all* members?
It will be optional.
Wait... WHAT??? Could you please repeat that? I want to make sure that even the people way in the back heard that. So your -actual- proposal is to make *all* WHOIS information for *all* classes of RIPE members "optional"??? Take your time. If you misspoke, then by all means, please rephrase so as clarify what you really meant to say. Regards, rfg
* Ronald F. Guilmette [Mon 20 Jun 2022, 07:03 CEST]: [..]
Consider an analogy: I run a dry cleaning shop in Hamburg. You are my friend. One day I let you into my back office and let you copy down the names and addresses of many, most, or all of my customers. You then go back home to the U.S.A. or to Zimbabwe, or at any rate to some jurisdiction where GDPR does not apply. You then put all those names and address on your public web site? Who is liable for this "leak" of PII, under GDPR? Me or you?
You are. If this is an open question for you then in practice you don't know nearly enough about how GDPR works to have an opinion worth listening to in this matter. -- Niels. --
In message <YrEaVc7diIKX61MB@jima.tpb.net>, Niels Bakker <niels=dbwg@bakker.net> wrote:
* Ronald F. Guilmette [Mon 20 Jun 2022, 07:03 CEST]: [..]
Consider an analogy: I run a dry cleaning shop in Hamburg. You are my friend. One day I let you into my back office and let you copy down the names and addresses of many, most, or all of my customers. You then go back home to the U.S.A. or to Zimbabwe, or at any rate to some jurisdiction where GDPR does not apply. You then put all those names and address on your public web site? Who is liable for this "leak" of PII, under GDPR? Me or you?
You are. If this is an open question for you then in practice you don't know nearly enough about how GDPR works to have an opinion worth listening to in this matter.
THANK YOU! You have confirmed the exact point about GDPR that I was attempting to make. According to denis, there exist "some" (presumably that means more than one) telecom companies in the RIPE region who are in the inexplicable and unjustifiable habit of directly copying substantial amounts of the Personally Identifiable Information (PII) relating to their own customers directly into the RIPE WHOIS data base. (Note however that we are still waiting for denis to identify these alleged telecom companies. Until he does so, I personally will continue to question even the mere existance of any such reckless and profligate telecoms.) In any case, as denis would have us all believe, once these companies copy their customer PII into the RIPE WHOIS data base, then RIPE does exactly what it normally does, as a matter of routine, all day every day. It publishes its WHOIS data base in such a way that the entire world can view it, and thus the whole world becomes privy to the PII of the customers of these (alleged) telecom companies. denis contends that this makes RIPE responsible in some way, presumably legally, for the publication of the relevant PII and that thus it is RIPE that is violating GDPR... and on a grand scale. I disagree entirely, and apparently you do also. In such a scenario... even assuming that it actually exists at all, which itself requires a great leap of faith... it makes no sense at all to claim that RIPE would be in any way, legally, ethically, or morally, responsible for the GDPR violations represented by the publication of the telecom customers' PII in the RIPE data base. Rather, it would be the telecom companies that, in the first instance, "leaked" the PII (in an unnecessary and unjustifiable way) that would be the -only- parties that could, would, or should ever be held responsible for the unnecessary leakage/publication of their own customer PII. I thank you for confirming that anyone holding a different view on this rather simple and obvious point self-evidentally lacks a clear-eyed understanding of how GDPR actually works. Regards, rfg P.S. See also: *) "The Single-Publication Rule", and *) 47 USC 230(c)(1) Although both of the above are quite clearly applicable only in relation to U.S. litigation, I feel quite certain that GDPR also and similarly avoids unfairly assigning legal responsibility for any and all improper leakage of private and personal information to anyone other than the party or parties responsible for the leak in the first instance. Any other rule would make no sense and would result in endless floods of litigation against innocent third parties. Furthermore, my reading of GDPR suggests to me that (using GDPR terminology) in the scenario postulated by denis, the telecom companies would properly be construed to be the data "controller" and perhaps even the "processor", whereas RIPE could not reasonably be classified as being -either- a "controller" -or- even a "processor" of the telecoms' customers' PII, since it (RIPE) has not been explicitly or specifically contracted or directed by the telecoms for, or in relation to the processing of the customer PII at issue.
* Ronald F. Guilmette [Tue 21 Jun 2022, 08:14 CEST]: [..]
denis contends that this makes RIPE responsible in some way, presumably legally, for the publication of the relevant PII and that thus it is RIPE that is violating GDPR... and on a grand scale.
I disagree entirely, and apparently you do also.
You're misunderstanding the problem statement on two levels. RIPE NCC currently offers no way out of publishing information that people may want to keep private, for no legal basis, and denis's proposal (which I support) changes this. Furthermore, the analogy goes awry where the Hamburg store owner currently hangs customer lists in the shop window. -- Niels.
In message <YrGpxfGzwKmgokav@jima.tpb.net>, Niels Bakker <niels=dbwg@bakker.net> wrote:
* Ronald F. Guilmette [Tue 21 Jun 2022, 08:14 CEST]: [..]
denis contends that this makes RIPE responsible in some way, presumably legally, for the publication of the relevant PII and that thus it is RIPE that is violating GDPR... and on a grand scale.
I disagree entirely, and apparently you do also.
You're misunderstanding the problem statement on two levels. RIPE NCC currently offers no way out of publishing information that people may want to keep private...
I'm sorry to disagree, but that is just not accurate, as denis himself has previously noted: https://www.ripe.net/ripe/mail/archives/db-wg/2022-June/007467.html "Many people do use a PO box or misleading addresses, as mentioned by Europol in their video." And the methods via which some party could have a "way out of publishing information that people may want to keep private" are by no means limited to just using P.O. boxes, as denis has also previously noted. Specifically, as denis noted, any member may at any time (and many do): "enter false data into an unverified, unchecked, mandatory field they don't want to fill in." https://www.ripe.net/ripe/mail/archives/db-wg/2022-June/007463.html On the basis of denis's own prior statement therefore your assertion that parties need need a new way to acomplish the stated objective is demonstratably false. That in turn leads me to reiterate what I've already asserted, i.e. that the present proposal is a solution in search of a problem. Regards, rfg
* Ronald F. Guilmette [Wed 22 Jun 2022, 09:38 CEST]:
In message <YrGpxfGzwKmgokav@jima.tpb.net>, Niels Bakker <niels=dbwg@bakker.net> wrote:
* Ronald F. Guilmette [Tue 21 Jun 2022, 08:14 CEST]: [..]
denis contends that this makes RIPE responsible in some way, presumably legally, for the publication of the relevant PII and that thus it is RIPE that is violating GDPR... and on a grand scale.
I disagree entirely, and apparently you do also.
You're misunderstanding the problem statement on two levels. RIPE NCC currently offers no way out of publishing information that people may want to keep private...
I'm sorry to disagree, but that is just not accurate, as denis himself has previously noted:
https://www.ripe.net/ripe/mail/archives/db-wg/2022-June/007467.html
"Many people do use a PO box or misleading addresses, as mentioned by Europol in their video."
And the methods via which some party could have a "way out of publishing information that people may want to keep private" are by no means limited to just using P.O. boxes, as denis has also previously noted. Specifically, as denis noted, any member may at any time (and many do):
"enter false data into an unverified, unchecked, mandatory field they don't want to fill in."
https://www.ripe.net/ripe/mail/archives/db-wg/2022-June/007463.html
On the basis of denis's own prior statement therefore your assertion that parties need need a new way to acomplish the stated objective is demonstratably false.
That in turn leads me to reiterate what I've already asserted, i.e. that the present proposal is a solution in search of a problem.
The current proposal is also a solution to people entering wrong information, as denis has clearly stated. Bad information in the database should be avoided, it's worse than no data. I can't believe I have to spell it out like this. -- Niels.
In message <YrLp+ZTtuw+93KR/@jima.tpb.net>, Niels Bakker <niels=dbwg@bakker.net> wrote:
The current proposal is also a solution to people entering wrong information, as denis has clearly stated. Bad information in the database should be avoided, it's worse than no data.
Wow! I confess that I didn'rt read sections 4.0, 5.0, and 6.0 of this proposal (2022-01) till now. This is REALLY astonishing! For a proposal that is initially billed as one for which the need "arises from the need for the RIPE Database to avoid the publishing of unnecessary personal data" this proposal veers quite dramatically and vastly off-course in sections 4.0, 5.0, and 6.0 as it attempts to contstruct a whole new and never-before-seen regime to "verify" *all* WHOIS data... presumably for some value of "verify". Who exactly is going to be tasked with verifying 100% of the names, email addresses, phone numbers, and street addresses already present in the data base and what procedures and criteria will be used for this process? Will NCC be tasked to do this huge amount of work? Is there a a target completion date? 2029 perhaps? Even above and beyond the huge amount of work this proposal would create for -somebody-, the practical challenges all seem to be left as an exercise for the reader. How exactly does one "verify" a voice phone number? How exactly does one "verify" a mailing address? As should already be apparent I am 100% in favor of *all* of this kind of "verification", and indeed, I am very much looking forward to it all being done. But as noted above, there are a LOT of unanswered questions regarding how, when, and by whom this will all be done. And that is -before- we even get into the question of what the plan is to -force- existing members... not even to mention legacy holders... to have accurate WHOIS info if they just don't much feel like it. How can existing members be forced into this if their existing contracts do not already require it? And what will be the penality imposed upon any member who refuses to go along? Expulsion from RIPE and/or termination of their membership?? That is sure to be wildly popular among the membership... NOT! None of these questions are answered by the proposal. Again, all of these questions are left as an exercise for the reader. I don't see how this propsal can fly, given that it fails to even try to answer any of the obvious questions it raises. Furthermore, as I've said, sections 4.0, 5.0, and 6.0 of this proposal are quite clearly entirely unrelated to the goal of *removing* personal data from the data base. So really, what we have here is two entirely unrelated proposals... one for removal of some data and another for the verification of other data... glued together to make them superficially appear to be just a single proposal. I'm frankly not sure that it is even worth further discussion of this proposal until such time as it is broken into two propsals by its author... one for removal of personal data from WHOIS, which I remain adamantly opposed to, and a separate one for verification of WHOIS data, which I vigorously support. Regards, rfg
Hi Ronald Nice to read that you vigorously support parts of my policy proposal at least. On Thu, 23 Jun 2022, 10:39 Ronald F. Guilmette via db-wg, <db-wg@ripe.net> wrote:
In message <YrLp+ZTtuw+93KR/@jima.tpb.net>, Niels Bakker <niels=dbwg@bakker.net> wrote:
The current proposal is also a solution to people entering wrong information, as denis has clearly stated. Bad information in the database should be avoided, it's worse than no data.
Wow! I confess that I didn'rt read sections 4.0, 5.0, and 6.0 of this proposal (2022-01) till now.
This is REALLY astonishing! For a proposal that is initially billed as one for which the need "arises from the need for the RIPE Database to avoid the publishing of unnecessary personal data" this proposal veers quite dramatically and vastly off-course in sections 4.0, 5.0, and 6.0 as it attempts to contstruct a whole new and never-before-seen regime to "verify" *all* WHOIS data... presumably for some value of "verify".
The policy proposal is about processing personal data. That easily covers verifying that entered data is correct. It does not cover verification of 'all' data. Only the clearly specified data.
Who exactly is going to be tasked with verifying 100% of the names, email addresses, phone numbers, and street addresses already present in the data base and what procedures and criteria will be used for this process? Will NCC be tasked to do this huge amount of work? Is there a a target completion date? 2029 perhaps?
Not all these data elements are covered and not 100% of others either. As you pointed out, some of the data elements you mention above cannot be verified and that's why they are not covered.
Even above and beyond the huge amount of work this proposal would create for -somebody-, the practical challenges all seem to be left as an exercise for the reader.
How exactly does one "verify" a voice phone number?
How exactly does one "verify" a mailing address?
How data can or should be verified is an implementation issue. This policy proposal is concerned with establishing principles.
As should already be apparent I am 100% in favor of *all* of this kind of "verification", and indeed, I am very much looking forward to it all being done. But as noted above, there are a LOT of unanswered questions regarding how, when, and by whom this will all be done. And that is -before- we even get into the question of what the plan is to -force- existing members... not even to mention legacy holders... to have accurate WHOIS info if they just don't much feel like it. How can existing members be forced into this if their existing contracts do not already require it? And what will be the penality imposed upon any member who refuses to go along? Expulsion from RIPE and/or termination of their membership?? That is sure to be wildly popular among the membership... NOT!
This policy proposal, quite correctly, makes no mention of cancelling membership or de-registering any resources. Just as the abuse-c policy doesn't. It is about establishing the principles that will govern the way data is processed. Most RIPE policies don't define enforcement procedures. That is clearly outside the scope of defining principles. All members and contracted resources are already bound by agreements that require them to enter correct data into the database.
None of these questions are answered by the proposal. Again, all of these questions are left as an exercise for the reader. I don't see how this propsal can fly, given that it fails to even try to answer any of the obvious questions it raises.
Because that will be discussed along with any other implementation details.
Furthermore, as I've said, sections 4.0, 5.0, and 6.0 of this proposal are quite clearly entirely unrelated to the goal of *removing* personal data from the data base. So really, what we have here is two entirely unrelated proposals... one for removal of some data and another for the verification of other data... glued together to make them superficially appear to be just a single proposal.
This policy proposal is not specifically about removal of personal data. In the abstract it says: "This policy sets out the principles governing the publishing of personal data in the RIPE Database. These principles must be applied to all personal data published in the database by all data maintainers"
I'm frankly not sure that it is even worth further discussion of this proposal until such time as it is broken into two propsals by its author... one for removal of personal data from WHOIS, which I remain adamantly opposed to, and a separate one for verification of WHOIS data, which I vigorously support.
As I said above, this policy proposal is about establishing the principles by which personal data is processed. If these principles are accepted there will need to be quite a discussion to follow on how to implement these principles and what type of migration plan will be needed. It is quite clear no one will flick a switch and all these changes will happen over night. It is also clear that a migration plan will need to include many steps allowing time for members to adapt and adjust. Cheers denis Proposal author
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
In message <CAKvLzuEroujO_bor2DNwCA44cLPP_NVda3uQU1tYTQk69a3zfA@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
Nice to read that you vigorously support parts of my policy proposal at least.
I am only too happy to do so, provided that (a) at least some responses to the "who", "when", and "how" questions I have raised with respect to the VERIFICATION half of the proposal are provided _and_ edited into a subsequent draft of the proposal, and provided that (b) the VERIFICATION half of the proposal is split off into a separate and independent proposal from the REDACTION half of the proposal, which is altogether appropriate since these two halves aim to accomplish two very different goals. Are you willing to undertake either of these adjustments? If not I will have to say that the apparently artificial conjoining of VERIFICATION and REDACTION into a single proposal is being done in bad faith and with an understanding that the REDACTION half of the proposal could only achieve consensus by being spliced together with an otherwise admirable, but totally unrelated proposal to perform reasonable and necessary VERIFICATION things. Note that I am not asking you to _remove_ any part of either proposal. I am simply requesting that that the separate issues of VERIFICATION and REDACTION should receive separate consideration by the membership and the WG, which is an altogether reasonable and minimal request.
The policy proposal is about processing personal data. That easily covers verifying that entered data is correct. It does not cover verification of 'all' data. Only the clearly specified data.
Forgive me, but that first sentence, to my ears, sounds a little bit like saying "This proposal only covers the consumption of meat on planet earth." That is quite obviously an _extremely_ broad area of multiple/numerous different concerns, each of which may have varing levels of importance to various different parties and constituencies. Law enforcement and private security researchers will, in general, be extremely happy to have WHOIS data verified. Law enforcement and private security researchers will, in general, be extrement UNhappy to have WHOIS data needlessly removed. For this reason, a single proposal covering the extremely broad subject of "processing personal data" is inappropriate, and would artifically force people who might be on the fence to accept Bad Stuff they don't want in order to get the Good Stuff that they do want.
Who exactly is going to be tasked with verifying 100% of the names, email addresses, phone numbers, and street addresses already present in the data base and what procedures and criteria will be used for this process? Will NCC be tasked to do this huge amount of work? Is there a a target completion date? 2029 perhaps?
Not all these data elements are covered and not 100% of others either. As you pointed out, some of the data elements you mention above cannot be verified and that's why they are not covered.
So what fields, exactly, actually _will_ be verified under the VERIFICATION half of this proposal? And who will do it? And when? And how?
How data can or should be verified is an implementation issue. This policy proposal is concerned with establishing principles.
I cannot help but be reminded of an old joke in the industry where a manager, upon being asked how some complex goal is to be achieved, simply waves his arms and declares "Oh, that's simply a matter of software!" Principals are Good. Principals are Admirable. But why didn't you just elect to draft a more all-encompasing principal-based proposal to the effect that "All parties should behave honorably." That also is an unambiguously noble principal, but the devil is in the details, and it would be altogether Helpful if you didn't simply dismiss such important considerations as mere "implementation issues". I mean _somebody_ is going to have to do all of this verification and/or redaction, right? I don't believe it is inappropriate to ask who that will be, how much it will cost, and how long it will take.
This policy proposal, quite correctly, makes no mention of cancelling membership or de-registering any resources. Just as the abuse-c policy doesn't. It is about establishing the principles that will govern the way data is processed. Most RIPE policies don't define enforcement procedures.
Actually, as far as I know, none of them do. And some of us out here, at least, think that is a problem, and that it makes a lot of official RIPE policies nothing more than paper tiger jokes. Now, it would appear, you want to add yet another feckless paper tiger on top of the mountain of feckless paper tigers that already comprise most of what passes for official policy in the RIPE region. (I'm sorry, this is nothing personal, but it is somewhat difficult for me to take any RIPE official policies too awfully seriously since RIPE has no policy on the books that would require the expulsion from the membership of even proven crooks, con men, and murders.. a fact that was explained to me multiple times when I caught people outright stealing IP space. that provably didn't belong to them.)
That is clearly outside the scope of defining principles.
All members and contracted resources are already bound by agreements that require them to enter correct data into the database.
Fine. What is the remedy in case�they don't? May either law enforcement or a private security researcher email NCC, inform them of a reasonble belief that some specific WHOIS record contains inaccurate and perhaps even deliberately fradulent data, and then ask NCC to put the correct data into the WHOIS record instead? And if such a request is made, will it be honored? Regards, rfg
Dear DB-WG, Hoping that this email finds you in good health! Please find my comments below, inline... Le lundi 20 juin 2022, Ronald F. Guilmette via db-wg <db-wg@ripe.net> a écrit :
In message <CAKvLzuFA0y8mOzPiiy4tHBCRUNUBbQgJc-DD54E-S+0TW=StiA@mail. gmail.com> denis walker <ripedenis@gmail.com> wrote:
[...]
What gives you or anyone the right to take away a member's rights to have their true and actual mailing address in their own public WHOIS records?
Again you simply don't understand the issue. "their true and actual". This address is 'defined' in the database documentation as "The postal address of a contact related to the organisation". That can be anyone based in any location in the world, as Europol have discovered.
Sounds like a definite problem to me! So lets fix that. Let's require *at least* the REAL name and address of each member to be present in that member's public WHOIS record.
Every new member has to submit some identifying documents at the time they first become members, right? If it is a corporation, then a copy of the formal and legal incorporation document(s) must be submitted as part of the application process. If it is person, then either a copy of that person's passport or some other form of government-issued identification document must be submitted as part of the new/prospective member's application for membership, right? So we take this "real" member name & address info, copy it off those bona fide documents, and stick the same data into the member's public-facing WHOIS record. Is this just, like, too simple, or what?
Hi Ronald, Thanks for your email, brother. ...i agree, you should be a bit fair with Denis :-/ You know, reducing your tone would not, imho, imply any loss in the value and strength of your arguments at all :-/ Having said the above, these [1,2,3,4,5] RIPE Lab articles provide, imho, interesting discussions, and very useful information, on topic... __ [1]: < https://labs.ripe.net/author/ad_castle/lessons-learned-from-ripe-when-creati...
[2]: < https://labs.ripe.net/author/matt_parker/the-assisted-registry-check-let-us-...
[3]: < https://labs.ripe.net/author/athina/how-were-implementing-the-gdpr-legal-gro...
[4]: < https://labs.ripe.net/author/denis/review-of-database-consistency-service-db...
[5]: < https://labs.ripe.net/author/denis/diff-functionality-in-the-ripe-database/>
As I have said, if there are natural person journalists, or activists, or other folks who have other issues pertaining to lifestyle or whatever, and who can make at least a prima facia case that they need to have both (a) number resources AND also (b) privacy of their PII, then allow NCC to accept their requests to be exempt from publication of their PII on a case by case basis. For everybody else however, what you see (in the public WHOIS) is what you get, i.e. the real names and the real addresses.
Problem solved! And everybody's happy.
At least my humble person will be! Many thanks for this alternative, i fully support. ...imho, a solution of a real problem shouldn't be implemented, if it removes the ability and solution that at least network operators (NO) actually have; and which allow them to freely and *privately* communicate each other...(home office addresses might be considered a distinct concern, though...). That kind of solutions would remove available, enventually *good*, solutions (new problems) and may contribute to more fragmentation within NO's community; amongst other possible consequences. https://labs.ripe.net/author/kranjbar/proposed-improvements-to-dummification... . https://labs.ripe.net/author/kranjbar/proposed-improvements-to-dummification... . https://labs.ripe.net/author/kranjbar/proposed-improvements-to-dummification... :,the%20objects%20below: https://labs.ripe.net/author/alexband/improving-the-management-of-ripe-datab... .
The only people who could be against this are people intent on committing fraud or some other kind of nefarious skulduggery on the Internet WHILE USING THEIR ASSIGNED NUMBER RESOURCES.
Ronald...this is not what drove my support to your proposed alternative :'-( ...and as said, above, imho you absolutely not need to use that kind of language to be heard, brother. Remain blessed, y'all! Shalom, --sb.
So now, why don't you re-submit this proposal and instead propose that *all* mailing address information, including even the country name, be redacted from the data base for *all* members?
It will be optional.
Wait... WHAT???
Could you please repeat that? I want to make sure that even the people way in the back heard that.
So your -actual- proposal is to make *all* WHOIS information for *all* classes of RIPE members "optional"???
Take your time. If you misspoke, then by all means, please rephrase so as clarify what you really meant to say.
Regards, rfg
--
[...]
-- Best Regards ! __ baya.sylvain[AT cmNOG DOT cm]|<https://cmnog.cm/dokuwiki/Structure> Subscribe to Mailing List: <https://lists.cmnog.cm/mailman/listinfo/cmnog/> __ #LASAINTEBIBLE|#Romains15:33«Que LE #DIEU de #Paix soit avec vous tous! #Amen!» #MaPrière est que tu naisses de nouveau. #Chrétiennement «Comme une biche soupire après des courants d’eau, ainsi mon âme soupire après TOI, ô DIEU!»(#Psaumes42:2)
participants (5)
-
Angela Dall'Ara
-
denis walker
-
Niels Bakker
-
Ronald F. Guilmette
-
Sylvain Baya