Re: [address-policy-wg] IP Addressing policy on personal contact info (kf)
and I would like to discuss on how we should do with personal contact information in the RIPE db.
The db should only contain the contact information of people who are ready, willing and able to communicate regarding network issues and who are able to act on that communication. This means that much of the existing contact information in the db would disappear and LIRs would formally have the responsibility of relaying communications to their downstream networks. Some of these downstream networks MAY still be in the db but the network contacts MUST agree to be listed and MUST agree to be ready, willing and able to communicate regarding network issue and MUST be able to act on that communication. This would clean most of the useless garbage out of the db, solve the privacy issues, and focus the LIR's attention on the true purpose of the db. The RIPE db is not a general purpose telephone book, it is a contact directory for a specific purpose which is required by TCP/IP internetworking activity. There is no point in including contact data for people who are not ready, willing and able to communicate or who are not able to take any action. RIPE has a direct relationship with LIRs so there is the possibility to force them to have someone who is ready, willing and able to communicate and able to take action. Some LIRs may choose to force their customers to also provide such a contact person, but there is nothing wrong if an LIR chooses to be the direct contact for all of their customers. --Michael Dillon
I fully agree with this. Further this is not a new problem. Some of us have been doing broadband always on since 1997 or even before - namely cable operators. I have myself raised the problem with the RIPE in 1997. In France there is such a thing as unlisted phone numbers which remain private and unknown. Further, the RIPE DB is becoming the best spam list in the world. So yes, responsability lays with LIR, yes let's clean the DB, yes respect privacy. Pascal Julienne President Directeur General EURO CONNECT SA 130, rue du Bourg-Bele - BP 21099 - 72001 LE MANS Cedex 1 - FRANCE Tel : (33) 02 43 14 12 76 - Fax : (33) 02 43 14 12 77 http://www.euroconnect.fr Le contenu de ce message ne represente en aucun cas un engagement de la part d'Euro Connect sous reserve de tout accord conclu par ecrit entre vous et Euro Connect. Toute publication ou diffusion, meme partielle, doit etre autorisee prealablement. -----Message d'origine----- De : address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net]De la part de Michael.Dillon@radianz.com Envoye : jeudi 14 aout 2003 11:27 A : address-policy-wg@ripe.net Objet : Re: [address-policy-wg] IP Addressing policy on personal contact info (kf)
and I would like to discuss on how we should do with personal contact information in the RIPE db.
The db should only contain the contact information of people who are ready, willing and able to communicate regarding network issues and who are able to act on that communication. This means that much of the existing contact information in the db would disappear and LIRs would formally have the responsibility of relaying communications to their downstream networks. Some of these downstream networks MAY still be in the db but the network contacts MUST agree to be listed and MUST agree to be ready, willing and able to communicate regarding network issue and MUST be able to act on that communication. This would clean most of the useless garbage out of the db, solve the privacy issues, and focus the LIR's attention on the true purpose of the db. The RIPE db is not a general purpose telephone book, it is a contact directory for a specific purpose which is required by TCP/IP internetworking activity. There is no point in including contact data for people who are not ready, willing and able to communicate or who are not able to take any action. RIPE has a direct relationship with LIRs so there is the possibility to force them to have someone who is ready, willing and able to communicate and able to take action. Some LIRs may choose to force their customers to also provide such a contact person, but there is nothing wrong if an LIR chooses to be the direct contact for all of their customers. --Michael Dillon
Pascale Julienne, Pascal Julienne wrote:
In France there is such a thing as unlisted phone numbers which remain private and unknown. Further, the RIPE DB is becoming the best spam list in the world. So yes, responsability lays with LIR, yes let's clean the DB, yes respect privacy.
I think there are two sides to this issue. One is what the RIPE NCC can and has done to increase the privacy of people who have contact information in the Database. We have been trying to increase the privacy protections in the Database over time: - person/role objects removed from public FTP site - DB automatically rate limits access to person/role objects - mntner/irt objects removed from public FTP site - .DE person object deletion - automatic cleanup of unreferenced person/role objects The Allocation Editor on the LIR Portal should allow LIRs to keep their contact data up-to-date. We have talked with the Dutch Data Protection Authority about the Database as well, to make sure that we don't run afoul of the EU privacy directives. There has been some discussion at the last RIPE meeting about how the Database both aids and hinders spammers. Suggestions such as checking validity of contact information, as well as possibly putting fake entries in the Database and tracking spam they receive were mentioned. The second issue is deciding on what contact data *should* be in the Database. This is the job of the address-policy-wg, and perhaps the db-wg. A related issue is how the data should be accessed, which is also something that can be decided by the same groups. Katri Forsberg did a service by raising the issue. As a final issue, I am curious why you say the RIPE Database is becoming the best spam list in the world! I think that it probably generates a lot of spam for LIRs, because they have their contact information on many objects in the Database. I don't know any way to avoid this if the Database is public. I hope that for the end users who's information is in the Database for only a small number of addresses that they do not get much spam originating from the publication in the Database. The RIPE NCC is certainly interested in mechanisms that we can set up to prevent such use, as it is explicitly *not* allowed by the license that we provide for the Database. -- Shane Kerr RIPE NCC
There are two things with regards the informations recorded in the data base. I am certainly glad that you talked with the Dutch Data Protection Authority but as fas as I know it is the laws and regulations of the country concerned which matters. Sure you could say that the RIPE DB is located in the Caymen Island but if we are a European Institution and if this Institution wants to be respected by the different EU countries, it has to follows the rules of the different countries. I can't talk about what rules are in other countries because I don't know them enough but in France you have to have done a proper declaration to a French body (CNIL) which takes care of this and you must have the authorisation from the people whose information is recorded. Other countries probably have other rules. I don't know if the RIPE DB has done the needed paper work with the French CNIL but if not, then NOT one French LIR should record information in the DB. The risk is heavy fine and jail. This is just an an example but with the EU Rules being somewhat different in each country this subject of privacy should be seriously reviewed and the right lawyer put onto it. This is not just privacy but even just recording information in a DB about the LIR's subscribers is forbidden in France unless properly declared through the body CNIL. As far as spam is concerned: spammers are using the e mail addresses recorded in the data base. I receive spams daily on the addresses (role addresses for that matter) which have been entered in the data base. THe RIPE DB is one of the best source to obtain mailing list: it has the name of the LIR and roles which in turns redistribute to internal mailing lists of the LIR or of subscribers of the LIR. I don't have solutions to the above points but these are important topics which could be discussed in the next Ripe meeting. I have seen the efforts to clean the DB. There are plenty of positive things but as far as I know the privacy and just recording personal infos in the DB could use a little review. Pascal Julienne President Directeur General EURO CONNECT SA 130, rue du Bourg-Bele - BP 21099 - 72001 LE MANS Cedex 1 - FRANCE Tel : (33) 02 43 14 12 76 - Fax : (33) 02 43 14 12 77 http://www.euroconnect.fr Le contenu de ce message ne represente en aucun cas un engagement de la part d'Euro Connect sous reserve de tout accord conclu par ecrit entre vous et Euro Connect. Toute publication ou diffusion, meme partielle, doit etre autorisee prealablement. -----Message d'origine----- De : address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net]De la part de Shane Kerr Envoye : jeudi 14 aout 2003 18:04 A : Pascal Julienne Cc : address-policy-wg@ripe.net; db-wg@ripe.net Objet : Re: [address-policy-wg] IP Addressing policy on personal contact info (kf) Pascale Julienne, Pascal Julienne wrote:
In France there is such a thing as unlisted phone numbers which remain private and unknown. Further, the RIPE DB is becoming the best spam list in the world. So yes, responsability lays with LIR, yes let's clean the DB, yes respect privacy.
I think there are two sides to this issue. One is what the RIPE NCC can and has done to increase the privacy of people who have contact information in the Database. We have been trying to increase the privacy protections in the Database over time: - person/role objects removed from public FTP site - DB automatically rate limits access to person/role objects - mntner/irt objects removed from public FTP site - .DE person object deletion - automatic cleanup of unreferenced person/role objects The Allocation Editor on the LIR Portal should allow LIRs to keep their contact data up-to-date. We have talked with the Dutch Data Protection Authority about the Database as well, to make sure that we don't run afoul of the EU privacy directives. There has been some discussion at the last RIPE meeting about how the Database both aids and hinders spammers. Suggestions such as checking validity of contact information, as well as possibly putting fake entries in the Database and tracking spam they receive were mentioned. The second issue is deciding on what contact data *should* be in the Database. This is the job of the address-policy-wg, and perhaps the db-wg. A related issue is how the data should be accessed, which is also something that can be decided by the same groups. Katri Forsberg did a service by raising the issue. As a final issue, I am curious why you say the RIPE Database is becoming the best spam list in the world! I think that it probably generates a lot of spam for LIRs, because they have their contact information on many objects in the Database. I don't know any way to avoid this if the Database is public. I hope that for the end users who's information is in the Database for only a small number of addresses that they do not get much spam originating from the publication in the Database. The RIPE NCC is certainly interested in mechanisms that we can set up to prevent such use, as it is explicitly *not* allowed by the license that we provide for the Database. -- Shane Kerr RIPE NCC
Shane,
In France there is such a thing as unlisted phone numbers which remain private and unknown. Further, the RIPE DB is becoming the best spam list in the world. So yes, responsability lays with LIR, yes let's clean the DB, yes respect privacy.
I think there are two sides to this issue.
One is what the RIPE NCC can and has done to increase the privacy of people who have contact information in the Database. We have been trying to increase the privacy protections in the Database over time:
- person/role objects removed from public FTP site - DB automatically rate limits access to person/role objects - mntner/irt objects removed from public FTP site - .DE person object deletion - automatic cleanup of unreferenced person/role objects
The Allocation Editor on the LIR Portal should allow LIRs to keep their contact data up-to-date.
We have talked with the Dutch Data Protection Authority about the Database as well, to make sure that we don't run afoul of the EU privacy directives.
I think that issue is somewhat more problematic than that. I guess that what Katri is actually asking for is the Swedish data protection law. I am no expert on this law but from what I know / remember, the law requires the direct consent of the registered party as well as certain guarantees that the data is not passed on (within some limits). This means that the Swedish ISPs in order to register these customers actually needs written consent from the customer, as well as to solve the issue on passing that data on further by registering the data in the RIPE DB. Perhaps someone that knows the issue better could comment? Best regards, - kurtis -
Hello, sorry for late response ;-) No the question in fact is that there should be no difference weather it is a Swedish law or e.g a Polish law that has the "restriction" of putting personal contact data in the RIPE db, I think that all counties have or will make some kind of laws agains data protection. I would like us to come up with a templates (-s) that could be useful in these cases. This template should clearly point out that there is a customer that is only documented at the actual ISP and not in the db. I understand that several isp:s allready have had these kind of issues over the years and due to data protection laws only have internal records over the customers, but I believe that the templates that have been created differ a lot. Is there a way to take out information about how many objects there is in the db that is only personal contact data without no referrence to a company name? Maybe we then could see which areas (countries) this concerns the most. (+ get a good clean up done in the db) Regards Katri that could be used in these cases. At 22:19 2003-08-19 +0200, you wrote:
Shane,
In France there is such a thing as unlisted phone numbers which remain private and unknown. Further, the RIPE DB is becoming the best spam list in the world. So yes, responsability lays with LIR, yes let's clean the DB, yes respect privacy.
I think there are two sides to this issue.
One is what the RIPE NCC can and has done to increase the privacy of people who have contact information in the Database. We have been trying to increase the privacy protections in the Database over time:
- person/role objects removed from public FTP site - DB automatically rate limits access to person/role objects - mntner/irt objects removed from public FTP site - .DE person object deletion - automatic cleanup of unreferenced person/role objects
The Allocation Editor on the LIR Portal should allow LIRs to keep their contact data up-to-date.
We have talked with the Dutch Data Protection Authority about the Database as well, to make sure that we don't run afoul of the EU privacy directives.
I think that issue is somewhat more problematic than that. I guess that what Katri is actually asking for is the Swedish data protection law. I am no expert on this law but from what I know / remember, the law requires the direct consent of the registered party as well as certain guarantees that the data is not passed on (within some limits). This means that the Swedish ISPs in order to register these customers actually needs written consent from the customer, as well as to solve the issue on passing that data on further by registering the data in the RIPE DB.
Perhaps someone that knows the issue better could comment?
Best regards,
- kurtis -
Kurt Erik Lindqvist wrote: [...]
We have talked with the Dutch Data Protection Authority about the Database as well, to make sure that we don't run afoul of the EU privacy directives.
I think that issue is somewhat more problematic than that. I guess that what Katri is actually asking for is the Swedish data protection law. I am no expert on this law but from what I know / remember, the law requires the direct consent of the registered party as well as certain guarantees that the data is not passed on (within some limits). This means that the Swedish ISPs in order to register these customers actually needs written consent from the customer, as well as to solve the issue on passing that data on further by registering the data in the RIPE DB.
Perhaps someone that knows the issue better could comment?
The lawyers told us that these registrations need to comply with the Dutch Data Protection Act which is derived from the EU Data Protection Directive. According to this Directive and the Dutch Data Protection Act storage and publication of personal data in a database is possible only (Article 7 EU Directive): a) with the data subject’s unambiguous consent, or b) if necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or c) if necessary for compliance with a legal obligation to which the controller is subject (controller is the party responsible for determining the purpose and means of the processing of personal data), or d) if processing is necessary in order to protect vital interests of the data subject, or e) if necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in a controller or in a third party to whom the data are disclosed, or f) if necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and interests and freedoms of the data subject which require protection under the EU Directive. They though that e) and f) may apply. Also, after discussing the case with the Dutch Data Protection Authority (and their main concern was .de unreferenced data at that moment), the conclusion was that though there are some issues, the problem should be significantly reduced after removal of .de contact data and other stale information that has no direct relationship to the NCC's business.
Best regards,
- kurtis - Best regards,
Andrei Robachevsky RIPE NCC
participants (6)
-
Andrei Robachevsky -
Katri -
Kurt Erik Lindqvist -
Michael.Dillon@radianz.com -
Pascal Julienne -
Shane Kerr