In message <20141105101221.GC58573@cilantro.c4inet.net>, Sascha Luck <lists-ripe@c4inet.net> wrote:
You are probably right that the DPD only applies to natural persons,
Thank you.
however natural persons also hold independent resources (I personally had both a PI assignment and an ASN at some stage)
Yes, but is that the general rule, or is that the exceptional case? Do we want the tail to wag the dog?
% Information related to 'JS6689-RIPE'
So, as I say, I am perplexed. You tell me that RIPE has a legal obligation to protect secrecy/privacy, and I _do_ believe you. The several online articles I've read on the subject this evening are all quite clear that this is indeed correct. Nontheless, the clear evidence which is right
I personally think that publishing "person" objects does indeed break the law, NCC Legal clearly disagrees.
It would seem so, and may God bless them for that. I am of the opinion that the net would fall apart at the seams in short order if the people who operate it, day in and day out, had no off-net way of contacting one another about problems.
TTBOMK, this has never been tested in court.
You say that as if it is a bad thing. Personally, I think it is great... terrific... that nobody has ever challenged RIPE on this in a courtroom. That fact alone tends to support the belief that the RIPE legal folks who have decided to allow WHOIS to continue to operate as it always has are in fact on a solid legal footing in doing so, or at the very least that the question presents such a level of complexity and ambiguity that nobody has been motivated to spend the kinds of sums that would be necessary to mount a legal challenge.
So there might not be an actual legal obligation to keep these contracts confidential.
No one could be happier to hear that than I.
In any case, this is for NCC Legal to answer, not for me.
I can only agree.
I'm not sure that the contract contains any relevant information, besides that which is published in the db already.
Well, I'm not so sure. Having read one or two of the RIPE documents I have been pointed at, I can say that it _seems_ that if you read between the lines, RIPE NCC will perform "due diligence"... a term which is left somewhat ill defined, but which, one hopes, means at least -some- kind of verification... at the time a resource allocation first occurs. Thereafter, it is up to the registrant to maintain the relevant WHOIS data, and all registrants are pledged to, and expected to do so in a way that causes the WHOIS data to always be accurate. But I did not get any clear sense that RIPE NCC would always and in all cases vet, or re-vet changes made by a registrant to a WHOIS record, post- allocation... and perhaps they routinely do not do so. This would leave open the door to deliberately malicious registrants who might provide all correct contact information initially, and then, a week or a month later, go in and scramble their WHOIS to make it point to something/someone entirely fictitious.
Whatever pricing and other conditions were agreed is none of your business.
I agress completely, and as should be obvious from the context of my questions, I really do not give a hoot about any of that anyway.
Whatever documentation is used to verify ID is, in case of passport copies, etc, very much subject to the DPD; in case of registration documents, these are (usually) public information
Registration documents for RIPE resources??? They are??? Where can I view those please? TIFFs will be fine, but PDFs will work for me too. (Many U.S. State level authorities do make available, via their web sites, actual TIFF images of original corporate registration documents. If RIPE is doing, or can do likewise, for resource registrants, I believe that might be most helpful, i.e. to the ongoing fight against network abuse.)
there may be a copyright issue though as many authorities make these available, but not for free.
I am willing to pay any price, bear any burden, etc., etc.
In any case, I'm sure I'm not the only member whose idea of what we pay the NCC for is to be a resource registry, *not* an intelligence repository
In order to insure the viability and success of the former mission, it may occasionally be helpful to also serve the latter one as well. If there are people out there... and there are... who are stealing other people's identities and/or number resources, does it not seem wise to gather as much data about those miscreants as possible, in order to protect the community from their misdeeds in the future? To be clear, I _do not_ want to bug their homes and/or offices, but anything that _corporations_ have _voluntarily_ given to RIPE should be fair game, and a matter of public record, I think. Regards, rfg P.S. While I do think that EU data protection regulation goes rather too far, I do nontheless admire and applaud you folks in the EU for having the wisdom and good common sense to at least recognize the clear and overwhelming distinction between living, breathing people and corporations. Now, if only you Europeans could somehow find a way to impart that same simple understanding to our United States Supreme Court, quite a lot of people over here would be in your eternal debt for that.