In message <CAKw1M3NsS=hc17FTV-2BUuOLpT7YxCRsKcPhfukWPsC0MrJrtA@mail.gmail.com> =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= <me@cynthia.re> wrote:
AFAIK the "org-name" attribute on the organisation object does get verified if the organisation is a LIR or an end user that has received resources directly from the RIPE NCC (through a sponsoring LIR). (and possibly a few other cases like legacy resource holders with service agreements) I believe there are also many policies that say that information should be accurate, and while this might not be actively verified for the most part, it is still policy in many cases.
Policy in the total absence of -any- validation or enforcement is vacuous. It is a NO-OP. It is a joke.
Part of the issue is that the RIPE NCC has some responsibility for this under the GDPR...
Or to be more accurate, RIPE NCC is -alleged- to have some responsibility for this, e.g. by yourself and by other privacy extremists. In point of fact however this opinion, on your part, has never been adjudicated in any court of law. And more to the point, GDPR has explicit carve outs for the sharing and/or publication of data as may be necessary for an entity to carry out its mission. Some of us, at least (who may, coincidently have been on the Internet since well before you were born), still maintain the "old school" view that it was, is, and remains an integral part of the mission of both domain name registrars and also Regional Internet Registries to promote, foster, and enable the smooth functioning of the Internet. We also believe that that continued smooth functioning can be either (a) enabled by openess and transparency or else (b) hobbled by pointlessly and unnecessarily fetishizing secrecy, specifically within WHOIS records. If our interpretation of GDPR is the correct one, i.e. that RIPE and other such organizations have both a current and a longstanding/historical duty to *not* "hide the ball", then your claim that the GDPR obliges RIPE NCC to do anything in particular now which is different from what it has been doing for the past 20+ years is both meaningless and not at all supported by *any* legal findings. In short, this contention that GDPR is (suddenly?) forcing RIPE to do something today that it was not forced to do at any time last week, or indeed, at any time over the past 20 years is simply fallacious - an imaginary imperative that doesn't actually exist.
and it can be really difficult to do this correctly, but I think the legal team could explain those details better.
And I think that the legal team has also been sucked into the vortex of privacy paranoia and extremism, and that they will say whatever they want to say, regardless of whether their position has been endorsed or verified in a court of law or not. In short, they are part of the problem. As I have previously noted RIPE is a *private* organization mostly composed of *private* member organizations, virtually all of which are loath to disclose anything to anybody ever. Thus, I would not be in the least surprised if you told me tomorrow that the RIPE legal team had come out in favor of making the entire WHOIS data base private and accessible to "law enforcement only, eyes only". The legal team doesn't have any incentive whatsoever pulling them in the direction of transparency. All of their incentives run in the opposite direction... i.e. *against* any and all openness & transparency, even if that means degrading the ongoing smooth functioning of the Internet.
I run a hobby network and have an ASN and a /48 of PI assigned to me from RIPE NCC (through a sponsoring LIR) and also know many other people who are in a similar situation. Many people who do this are uncomfortable with having to publish their home address in the RIPE database...
I have two responses: 1) Why don't you get a P.O. box if you are really that worried about it? 2) So if I understand why you're saying, you are saying that because there exists some small, but finite and non-zero set of people who, like you, are "uncomfortable", then everybody else in the universe should bend over backwards, throw out 20+ years of precedent, and should hobble the public WHOIS data base, all just so that -you- won't be made to feel "uncomfortable". Is that what you are saying? If so, then I'd like to suggest that you consider moving to sunny Florida. I think that you might fit in nicely there. Although you may not have heard about it, the Governor of that state recently signed into law a new state statute which makes it now illegal for teachers in that state to say the word "gay". The justification for this new law was that that word makes some small minority of the parents in the State of Florida "uncomfortable". My point of course, is that this is how the dictatorship of the minority begins. You are "uncomfortable" so everyone else must change what they are doing. And how shall we resolve the matter if, hypothetically, the discomfort of you and your friends someday makes me and my friends "uncomfortable"?
Sure, I could go and get a PO box for ~650/year and just let the RIPE NCC have that address instead but that seems a bit silly to me when instead the address could just be hidden from the public.
So basically, your argument comes down to: "I don't want to be mildy inconvenienced, so instead I wish the rest of the planet to just arrange things so as to suit my personal maximal convenience." Is that about the size of it? Well, at least you're being open about your viewpoint on this. I do applaud you for that.
I just want to say that assuming PO boxes are illegitimate is kinda odd and also varies by country I would think.
I never said P.O. boxes were "illegitimate". Please don't put words in my mouth. In fact I said something that arguably is the exact opposite, i.e. that all or nearly all domain name registrars allow the use of P.O. boxes in domain name WHOIS records, AND that as far as I know, so do all Regional Internet Registries. On the other hand I do not know any natural person who either physically lives in or who physically works in a P.O. box. (In general, the boxes are too small to fit a whole human.)
My point here is mostly just that such a policy doesn't make a lot of sense to me, I am not sure if you are suggesting that such a policy should exist or not, but I think it would be a bad idea to implement such a policy.
I honestly can't even tell what you are arguing either for or against... only that you are arguing.
Are you in favor of making it harder to serve people with legal papers? If so, why would you do that and who would be the beneficiaries of that?
It is not really about preventing it, it is more just if that potential benefit outweighs the privacy implications.
In your opinion. And thus you bring the conversation back to a point I've already made, i.e. that many of you Europeans have become privacy fanatics and extremists, so much so, in fact, that, as I noted, you can't even know if the person who just moved in next door to you is a serial sexual predator or not, because you Europeans have elected to value privacy *above* freedom of speech, freedom or the press, transparency in public affairs, and the public's right to know. And if, for example, the former finance minister of Bulgaria who was fired & put in prison for embezzling public funds is nowadays running an ISP in, say, Moldova, and if that is hosting mostly crypto-currency scams, nobody will ever be the wiser or know that the proprietor of th ISP in question himself has a checkered past. In case I have been anything less than clear, please allow me to say this very plainly -- I do not agree with the way you folks in Europe nowadays value privacy -above- transparency. It is causing obvious disasters and I have every faith and confidence that in the fullness of time you'll all come to your senses and realize that you've swung the pendulum too far, and that your collective over-reaction to the scandals of Facebook et al is causing you, and coincidentally, the rest of the planet, more harm than good. (This -always- happens when extremists are allowed to dictate policy. See also: Maximilien Robespierre -- "The Incorruptable".) Regards, rfg