On 25. Aug 2021, at 17:17, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <CAPfiqja8gfitNzuaVCtxFyowvngiSq7Ft8pq8fEWf91+Tq2_YA@mail.gmail.com> Leo Vegoda <leo@vegoda.org> wrote:
Are you making a proposal for the RIPE NCC to change the way it operates, or something else?
I only wish that I could even answer that question. Sasdly, I cannot, for the simple reason that the various RIPE legal, policy, and procedure documents which I have seen so far, and which other people have been kind enough to point me to, have not served to clarify what the current policy with respect to corporate registration documents, or if there even exists a current policy with respect to those documents. (My sense is that there currently exists -no- policy relating to those documents.)
It would be technically inaccurate, I think, and a misuse of the English language to say that I desire to see a change to something which does not now even exist.
Regards, rfg
I really have no idea where this discussion is heading, I am not a lawyer, etc. etc, but let me play "devil's advocat" and be a bit provocative :-) * My ad-hoc assumtion for any organization would be that any partner/ member/customer information is confidential unless the affected parties have agreed to make it public. viz. https://www.ripe.net/publications/docs/ripe-733#31 From one of your yesterday's emails:
*) The first sentence makes a quite sweeping and a quite generalized assertion and yet provides exactly -zero- references to support the assertion.
From whence does this alleged "duty of confidentiality" arise? From law? If so, which law and in which jurisdiction?
Jurisdiction, at least, is easy. RIPE-673 (initially quoted by you but outdated) and all it's successor documents until the current RIPE-745 state in the very last section: Article 11 – Governing Law 11.1 All agreements between the RIPE NCC and the Member shall be exclusively governed by the laws of the Netherlands. https://www.ripe.net/publications/docs/ripe-673 https://www.ripe.net/publications/docs/ripe-745
*) Isn't the publication of WHOIS information a quite apparent and obvious violation of this purported "duty of confidentiality"? Or whould that be more accurately referred to as "the exception that proves the rule"?
Could there be other and as-yet unenumerated exceptions to the general rule?
I would not consider this an exception. What goes into WHOIS and/or into the RIPE database is well documented and can be known in advance by anyone applying for resources. This https://www.ripe.net/manage-ips-and-asns/db/support/highlighted-values-in-th... e.g. explicitly mentions the distinction between public and confidential resource holder data.
My points above are, of course, pertaining only to information relating to legal entities other than natural persons, for whom GDPR is controlling. I should say also that although some may view me as nitpicking, these matters are of grave and serious concern, not just to me, but also to law enforcement and "open source" researchers everywhere.
Hmmm ... to put it bluntly: * If you are law enforcement, get a warrant. * If you are an "open source researcher", why should RIPE feel any obligation to cater for your personal research needs? Just because there might be non-competitive information that the RIPE NCC is not obliged to keep confidential does not mean it is obliged to make it publicly available, either … … well, unless you are making a proposal for the RIPE NCC to change the way it operates, as suggested earlier :-) As I said in the beginning, intentionally provocative (and not necessarily my personal opinion everywhere) … just because I can. Cheers -Andi