First of all, I want to say that I like the way discussions take place within this group. We all have an opinion based on our experience and day to day job which really help adressing the issue thru its various ways.

regarding warrant, that I hear a lot, you have to bear in mind that there is nothing such an international warrant. We are working within UE in order to somehow get one, meaning a way for LEA to adress a request to a company or someone living in another european country than the one the investigator is working. Question remains about how to deal with a no answer.
Anyway, today, the only way for an investigator to get answers to its question is by asking his judge to send a Mutual Legal Assistance Request or European Investigative Order to his fellow magistrate in the other country so the police forces will open a case just to get the information back. It may take some months til the request is sent and answered. unfortunatly, it doesn't fit with the need of speed while working cybercrime such as CP where data is moved one month to another.

So one question might also be : would you agree answering an official request coming directly from a foreign LEA ?
 
It will help for sure if the answer is yes but it won't change the issue that is global cartography of a network as we speak.

Who should I turn to in order to be assured that John Doe, renting this server I am asking you about, isn't renting another server providing exactly the same thing in another country? You might answer RIPE NCC (that might have to hire people to deal with more legal request, and maybe raise the contract fees, who knows). Sure but we are now facing registrants that are not providing the data at all to the registries.

I know my writing is going way beyond sara's question (sorry about that) but I'm just trying to explain what our issues are. We just need help from all stakeholders in order to find the best and proper way to work.

stephane


Pour une administration exemplaire, préservons l'environnement.
N'imprimons que si nécessaire.

-------- Message original --------
Sujet: [INTERNET] Re: [ncc-services-wg] legal adress
De : netravnen+lists@gmail.com
Pour : stephane.robinot@interieur.gouv.fr, ncc-services-wg@ripe.net
Date : 10/10/2018 12:20
On 10/10/2018 11:23 AM, ROBINOT Stephane DCPJ SDLC wrote:

But here is my question : If, to you, the legal address is a personal
data, are you also thinking the same way about the telephone number
which is so far kept for registrar abuse contact phone ?

If phone number is registered in company name/RegID. Definitely not.


Speaking about sole trader, if I understand well your point and go
beyond, the name by itself might also be considered as a personal data
as it is also a way to identify the person.

Hard to argue for or against.

In its core essence. I will say Yes.


To me, legal address is just a way to be assured that the official
request are sent to the correct place

Idea: Publish link to local business registry instead.

Alternative: as Hessler wrote. 'get a warrant'

Duplicate data results: If data is re-entered into the RIPE NCC
Database. When they are often accessible from local business registry.
It does not _really_ make sense.
As previously mentioned. Down-going rate in data quality is definitely
unavoidable over time.