Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 5, Issue 7 Re: What is Personal information?
All, The Dutch DPA does not, by way of policy, respond to requests to look into policies upfront. No exceptions allowed. This is how the policy was explained to me last year by the DPA. So even if RIPE NCC wants to have a ruling this way, she will not get one. So it's of no use to keep discussing this part here. The DPA may look into complaints though. In this it should not matter where a complaint comes from. Whether or not she does, is at her discretion. So if you've filed a complaint, you need to go through that channel and follow it up with a call, e.g. There's nothing that this WG could do to alter this. Regards, Wout de Natris - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - De Natris Consult Raaphorst 33 Tel: +31 648388813 2352 KJ Leiderdorp Skype: wout.de.natris denatrisconsult@hotmail.nl http://www.denatrisconsult.nl Blog http://woutdenatris.wordpress.com
Message: 1 Date: Tue, 17 Jan 2012 08:20:06 -0500 From: "russ@consumer.net" <russ@consumer.net> Subject: Re: [anti-abuse-wg] What is Personal information? To: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Message-ID: <4F157586.5030108@consumer.net> Content-Type: text/plain; charset=UTF-8; format=flowed
In other words, Russ could probably approach the Dutch privacy regulator with a query, cc RIPE NCC legal, and then accept whatever ruling applies? I seriously doubt if anybody on this list >other than the three parties above is qualified to comment definitely on this issue. So - Russ, please take it offlist, and do come back to let us know what ruling you get. I personally would be >interested in what you learn.
Under Dutch (and European) privacy directives, any information that can uniquely distinguish a natural person (ie. NOT 'a business'...) is to be considered 'personal information'. So, an IP >address CAN be personal information, if the data collector can link it to a person without too much hassle. Think webshops who log your IP at logon, they can connect that to your account >data, so in *that* case an IP address is logged by the shop is indeed considered 'personal information' and must be protected by the shop accordingly. In your case with RIPE, your IP address is >probably not considered 'personal information'. IANAL. Check out http://en.wikipedia.org/wiki/Data_Protection_Directive.
The same reasoning that says RIPE database information is "personal information" can be applied to IP addresses (in some cases). If the IP is registered you would get those contacts by running a whois (or doing a reverse lookup would identify a domain which can bee looked up). It seems to me if the RIPE database entries are "personal information" then so it the IP address associated with that record. Even if is is personal information the issue is then whether they gave permission to have it posted in a public database.
If the RIPE NCC legal department had an answer it would have been put on the public reports and/or they would answer the inquiries put forth my me and others. I have sent an inquiry to the Dutch privacy office but, while these offices sound good in theory, they are usually a bureaucratic nightmare. Since I dot live within the region I think it is unlikely I would get an answer. If the process is legitimate I would have thought RIPE would have gone to the office for a ruling before they changed the access policy. the fact is RIPE won't supply their legal department's analysis and they won't respond to my request to have the Dutch privacy office review the matter. There would be a much better chance of getting a ruling if RIPE would ask them ... but they don't seem to want to do that so I can only speculate why they would not want to do the obvious thing.
Thank You
The Dutch DPA does not, by way of policy, respond to requests to look into policies upfront. No exceptions allowed.
This is good information. However, I do not understand why all this information is not contained in the report at http://www.ripe.net/ripe/groups/tf/dp/report-of-the-ripe-data-protection-tas... I have made several inquiries to RIPE, the w- chairs, etc. yet nobody has an answer. If you have system that is supposed to be bottom up then the members need to have this type of information to make informed decisions. Can anyone explain why this information (and other relevant information) does not appear in the official report? People keep suggesting I make a proposal but if I don't have the information that is not practical. The system seems designed to deter people from getting involved. Thank You
This thread has really gone on for long enough Russ - if you have concerns regarding RIPE policy etc., then you either need to take them up with RIPE or maybe on the relevant RIPE mailing list I honestly don't see how all this back and forth, which is bordering on a monologue, is of any relevance to Anti-Abuse On 18 Jan 2012, at 12:57, russ@consumer.net wrote:
The Dutch DPA does not, by way of policy, respond to requests to look into policies upfront. No exceptions allowed.
This is good information. However, I do not understand why all this information is not contained in the report at
http://www.ripe.net/ripe/groups/tf/dp/report-of-the-ripe-data-protection-tas...
I have made several inquiries to RIPE, the w- chairs, etc. yet nobody has an answer. If you have system that is supposed to be bottom up then the members need to have this type of information to make informed decisions.
Can anyone explain why this information (and other relevant information) does not appear in the official report? People keep suggesting I make a proposal but if I don't have the information that is not practical. The system seems designed to deter people from getting involved.
Thank You
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
I honestly don't see how all this back and forth, which is bordering on a monologue, is of any relevance to Anti-Abuse
I don't see the relevance of any of your posts other than to (1) promote an agenda of driving people away and (2) to post all that spam in your signature. Thank You
RIPE has collected personal information about me that led to them blacklisting my business from accessing the whois database. When i ask for disclosure of the information they collected about me the answer I received from RIPE NCC is: "Unfortunately we cannot provide you with such information. It is considered to be confidential information and thus cannot be disclosed to the public." Who considers it "confidential information" and for what reason? I am asking for information collected about me and not "public" disclosure. I though EU companies had to disclose the personal information they collected about people? I guess they figure there is no much a foreigner can do so they are going to disregard these privacy laws? So much for EU privacy protection! Thank You
On 20 Jan 2012, at 20:57, russ@consumer.net wrote:
RIPE has collected personal information about me that led to them blacklisting my business from accessing the whois database. When i ask for disclosure of the information they collected about me the answer I received from RIPE NCC is:
"Unfortunately we cannot provide you with such information. It is considered to be confidential information and thus cannot be disclosed to the public."
Who considers it "confidential information" and for what reason? I am asking for information collected about me and not "public" disclosure. I though EU companies had to disclose the personal information they collected about people?
They should release information about you, to you. However, they should not release to you information about other people. For example, if someone had filed a spam report, then RIPE could tell you that that had happened, but they should not release information that allows you to identify the reporter. When considering what to release to you, they should have regard to other information that you might have, or which might be publicly available. So, they certainly should not release the name and address of the reporter. They should also be careful about releasing information like email message-ids, which you might be able to use to identify the reporter.
I guess they figure there is no much a foreigner can do so they are going to disregard these privacy laws?
So much for EU privacy protection!
Thank You
-- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148
They should release information about you, to you. However, they should not release to you information about other people.
This, actually, seems to be the cause of your confusion. It's still
Right, but the fact is most abuse people never consider any of this (including RIPE). They think privacy laws are there to protect them from spam but fail to consider that the information they collect also has privacy implications. the thought process being that people they agree with get privacy protection but people they don't like don't get any protection personal information under
EU law - you *do* get access, but you do not get *unlimited* access. There's a subtle difference.
Yes, but that distinction does not make any sense. As a practical matter harvesters use many different IP's so blocking IP's has essentially no effect on harvesters, it just disrupts legitimate uses. Further, nobody can explain the legal issue of why the information should be protected in this manner after people agreed to have it published. People keep bringing up these issues but they can't explain the reasoning or point to any legal analysis that should have been done before initiating a policy change. Right now RIPE claimed to me a legal analysis was done but they won't give me a copy. RIPE made a different statement when they posted to this list saying sometimes they do a legal analysis of community decisions without specifically saying if they have an analysis for this issue. They won't say publicly that a legal analysis was done. It seems because they don't want the information to be public. I suspect the results were distorted when they reported it to the working group so they want to hide this legal analysis because it will show the community was deceived.
Could you elaborate how this topic is covered for this list? Maybe it would be better to f'up tp RIPE NCC Services Working Group?
I was directed here by RIPE. However, this topic is relevant to the list. I am pointing out how the entire system is flawed. For instance, the current proposal about abuse contacts is not properly being presented to the public. If the process were legitimate the legal opinions would be published for review. First you need to explain what types of information need protection and why. Then you need to explain why the abuse contacts are somehow fundamentally different. Why would abuse contacts be available in an unlimited manner while other contacts are restricted. This makes no sense and most people on this list want to avoid getting a real decision. My impression is that it is small group of people who treat abuse like a "religion." They seem to be against anyone with conflicting opinions and they harass and intimate people who have diverse opinions until they leave. Thank You
I noticed this paragraph in the RIPE policy development process. Several people have suggested to submit proposals for issues that are actually related to RIPE NCC "business practices" "RIPE Policies are also separate from RIPE NCC business practices and procedures. Business practices and procedures that the RIPE NCC follows are defined and governed by the RIPE NCC Executive Board and approved by the RIPE NCC membership. If a policy proposal would bring implementation and/or operational problems for the RIPE NCC if accepted, the RIPE NCC Executive Board is tasked to notify the RIPE community accordingly as well as to make necessary suggestions and recommendations about possible changes to the proposal." everything is also supposed to be "transparent" so the legal opinions relating to the EU privacy laws and the WHOIS database are supposed to be released to the community but RIPE NCC refuses to release them. I also note that RIPE says: "All RIPE Meetings and RIPE Working Group mailing lists are open to everyone." That is E V E R Y O N E. Not just large network operators, your anti-abuse buddies that you used to hang out with on NANOG, not people who have been in the ICANN process all their lives, not small groups of people who all think like you. EVERYONE. A certain percentage of people claim they have been abducted aliens. EVERYONE means them too. Thank You
Hi, On Wed, Jan 25, 2012 at 06:15:33PM -0500, russ@consumer.net wrote:
I also note that RIPE says:
"All RIPE Meetings and RIPE Working Group mailing lists are open to everyone."
That is E V E R Y O N E.
Yes...? You are here on one of these open mailing lists. What are you trying to tell us? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Yes...? You are here on one of these open mailing lists. What are you trying to tell us? Gert Doering -- NetMaster
I am telling you that you do not have a legitimate process to seek community involvement. Since I started posting I have been constantly harassed and told not to post and get off the list. People keep saying my posts are off-topic when, in fact, they are on topic but people just don't agree. One guy even investigated my business and tried to claim my network was not large enough so I apparently am not worthy of posting here. I posted a list of questions but instead of addressing my questions I get ridicule and the co-chairs says my posts are "not welcome." I have seen hundreds of people drop out of ICANN involvement over the years for just this very reason. Those people are interested in driving people away so they can control everything. The lists only exists so they can claim there was some kind of bottom up process when there is not. Thank You
Below is the latest reply from RIPE. They claim they cannot verify that I operate the IP address in question. This sounds like a frivolous/ridiculous response to me. I told them to: -Check the ARIN whois, -Type the IP address into their browser and send a message to the contact link and I will respond -Check the domain name whois -Check the business registration in the State where my business is located -Verify with the ISP who is renting me the IP's and completed the ARIN registration Here is RIPE NCC's latest response: I understand that you are concerned about your privacy and that you would like to know details about the number of queries made by this specific IP address. Unfortunately, we are unable to disclose this information to you. We have no way to verify that you were the user of this address. Please be reassured that access to the RIPE Data base is blocked based on query volume within a specific time-frame and nothing else. I'm sorry we are not able to help you further. -- If you have any questions, please feel free to contact us. Best regards, Andrea Di Menna Customer Services RIPE NCC
On 26 Jan 2012, at 13:12, russ@consumer.net wrote:
Below is the latest reply from RIPE. They claim they cannot verify that I operate the IP address in question.
What is the IP address?
This sounds like a frivolous/ridiculous response to me. I told them to:
-Check the ARIN whois, -Type the IP address into their browser and send a message to the contact link and I will respond -Check the domain name whois -Check the business registration in the State where my business is located -Verify with the ISP who is renting me the IP's and completed the ARIN registration
Here is RIPE NCC's latest response:
I understand that you are concerned about your privacy and that you would like to know details about the number of queries made by this specific IP address. Unfortunately, we are unable to disclose this information to you. We have no way to verify that you were the user of this address. Please be reassured that access to the RIPE Data base is blocked based on query volume within a specific time-frame and nothing else. I'm sorry we are not able to help you further. -- If you have any questions, please feel free to contact us. Best regards, Customer Services RIPE NCC
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Another response from RIPE. First they claimed it is confidential. Then they claimed they could send it to me because they couldn't verify I owned the IP address. Now they just say they "cannot" disclose the information without any explanation. The people running RIPE NCC are frauds. There is no other way to put it. Thank You
I am sorry but we cannot disclose this information.
Best regards,
Andrea Di Menna Customer Services RIPE NCC
Hi Russ, If you think that the system is flawed (sorry, I don't agree with the delusion that the ppl are fraud) than why not propose a policy to correct the system. Its just a matter of couple of weeks work IFF you are correct. Regards, Aftab A. Siddiqui On Thu, Jan 26, 2012 at 10:05 PM, russ@consumer.net <russ@consumer.net>wrote:
Another response from RIPE. First they claimed it is confidential. Then they claimed they could send it to me because they couldn't verify I owned the IP address. Now they just say they "cannot" disclose the information without any explanation.
The people running RIPE NCC are frauds. There is no other way to put it.
Thank You
I am sorry but we cannot disclose this information.
Best regards,
Andrea Di Menna
Customer Services RIPE NCC
If you think that the system is flawed (sorry, I don't agree with the delusion that the ppl are fraud) than why not propose a policy to correct the system. Its just a matter of couple of weeks work IFF you are correct.
That is because the system is so flawed in its current state that it is a waste of time. I already pointed to the report to the community is so sketchy that the majority of the community do not know what is actually going on and RIPE is actively hiding information (such as the legal opinion) from the community. So I don't agree with the delusion that you have a working, legitimate system. What you have is a small number of people who run things their way and run anyone else "out of town."
Bashing on EU and dutch privacy regulations and RIPC NCC itself on a mailing list whose topic is about tackling online abuse is off-tooic.
I never bashed the regulations themselves. It is the RIPE NCC and some people in the community who are lying about the applicability of the laws because they have a personal agenda. If the people involved in abuse are not following laws, regulations, and common sense how can those people competently deal with abuse issues? What you are really saying is that nobody is allowed to question the anti-abuse groups because they are on a "mission from God" and are above following regulations themselves. You don't like me pointing out these facts so you claim it is off-topic because you have no other argument. I went to catholic School when I was young. nobody was allowed to say anthing bad about the church or priests. Now the truth is starting to come out. If the group is lying about the application of EU privacy laws, if they are hiding information, if they don't follow the privacy laws themselves then they cannot legitimately handle abuse issues. You need to clean house with these groups and get a diverse group to tackle this issue. Right now you have a small number of system admins who never consider any other issue in the world other than the spams they get. Thank You
If you think that the system is flawed (sorry, I don't agree with the delusion that the ppl are fraud) than why not propose a policy to correct the system. Its just a matter of couple of weeks work IFF you are correct.
That is because the system is so flawed in its current state that it is a waste of time. I already pointed to the report to the community is so sketchy that the majority of the community do not know what is actually going on and RIPE is actively hiding information (such as the legal opinion) from the community. So I don't agree with the delusion that you have a working, legitimate system. What you have is a small number of people who run things their way and run anyone else "out of town."
If system is there no matter how flawed or bad it is, than it can be changed by all means and the procedure is already given. That is all what I can suggest to sum-up. Regards, Aftab A. Siddiqui.
If system is there no matter how flawed or bad it is, than it can be changed by all means and the procedure is already given. That is all what I can suggest to sum-up.
Yes, that is true. You need to start somewhere but I am not the person to do it. I am pointing out these issues publicly and taking all the heat. Several people agree with me but they don't want to say so publicly so maybe this will encourage some of the people local to RIPE to submit some proposals. Thank You
On 27 Jan 2012, at 13:21, russ@consumer.net wrote:
If system is there no matter how flawed or bad it is, than it can be changed by all means and the procedure is already given. That is all what I can suggest to sum-up.
Yes, that is true. You need to start somewhere but I am not the person to do it. I am pointing out these issues publicly and taking all the heat. Several people agree with me but they don't want to say so publicly so maybe this will encourage some of the people local to RIPE to submit some proposals.
You're "taking all the heat", because you are like a bull in a china shop. You've made all sorts of crazy assertions that were not based on facts. You've even gone so far as to make defamatory comments about people on this list and RIPE NCC staff, including myself. If there was a "big conspiracy" you'd have been kicked off the list by now, but you haven't been, because no such conspiracy exists. And you have continually ignored any replies that would have helped you when you didn't like the answers Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
You're "taking all the heat", because you are like a bull in a china shop.
Look who is talking! Are you ever going to make a post that has more lines than all the ads in your signature?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 27/01/2012 13:36, russ@consumer.net wrote:
Look who is talking! Are you ever going to make a post that has more lines than all the ads in your signature?
I'm not sure if anyone has noticed but this is the *anti* abuse working group. Perhaps we should all take a short break for reflection: http://www.youtube.com/watch?v=RDjCqjzbvJY James - -- James Davis 0300 999 2340 (+44 1235 822340) Senior CSIRT Member Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk8iqVoACgkQjsS2Y6D6yLxd4gEAnrVE4Iunpkt6plVjX8pQOPY7 2ffQBnjgk9IzEUS4J0QA+wftqbVwLCoZxeVQZh+GqifRDBYnpiAwdI2h5TNOKLCt =O6aY -----END PGP SIGNATURE----- JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
On 27 Jan 2012, at 13:36, russ@consumer.net wrote:
You're "taking all the heat", because you are like a bull in a china shop.
Look who is talking! Are you ever going to make a post that has more lines than all the ads in your signature?
And there you go again If you learnt how to engage with people without simply coming across as an incredibly dumb, ignorant, abrasive and idiotic American, then maybe people would take you a lot more seriously. Regards Michele Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
If you learnt how to engage with people without simply coming across as an incredibly dumb, ignorant, abrasive and idiotic American, then maybe people would take you a lot more seriously.
Well I have a CISSP to go along with my advanced degrees in physics and computer science. Maybe if I went to your school I would have learnt more. However, I would have thought you would have learnt not to use the race card when you are in an argument. It is not about race or regions of the world as ICANN does the same thing here in the USA.
I'm not sure if anyone has noticed but this is the *anti* abuse
Right. My point is that the people claiming to be "anti-abuse" are actually abusers themselves. If you lie and mislead people that is "abuse" even if the stated goal is "anti-abuse." People involved with anti-abuse often think the rules don't apply to them because they are on some kind of "mission from god" to find the "holy grail." I do have a video that shows what it is like dealing with RIPE NCC over this whois blocking issue: http://www.youtube.com/watch?v=RZvsGdJP3ng Time to stop these RIPE NCC abusers from disrupting the whois system and access to abuse contacts That is the system paid for by USA taxpayers and not the RIPE members who are disrupting it. Thank You
Time to stop these RIPE NCC abusers from disrupting the whois system and access to abuse contacts That is the system paid for by USA taxpayers and not the RIPE members who are disrupting it.
The RIPE NCC is not paid for by the USA taxpayer, and most of the personal data they hold has been collected by RIPE. Funding details are at http://www.ripe.net/lir-services/ncc/gm/september-2004/nccfinanceupdate.pdf/... the majority of funds come from membership fees. This is getting off topic, personal and not related to abuse, could we get back on topic? Thanks Bradley Freeman Janet CSIRT Member +44(0)300 999 2340
The RIPE NCC is not paid for by the USA taxpayer, and most of the personal data they hold has been collected by RIPE.
RIPE is able to register IP's and collect the fees because of the MOU with IANA which is paid for by the USA taxpayer. RIPE can collect user fees because they entered into the MOU agreement with IANA. Part of that agreement is to provide certain services required by the RIR's which includes the whois data. RIPE collected this data under the MOU agreement and has agreed to make the data available under the MOU agreement. The entire system hinges on the US government contract with IANA. RIPE clearly says the members are responsible for entering their own data into the RIP database so the members voluntarily give up any privacy protection under EU directives when they do that. These issues are all on topic and need to be dealt with before you can start discussing you want to discuss. I don't understand why these issues have not be dealt with before but many want to ignore them and run around changing policies without taking this stuff into account. Thank You
All, it is difficult to not to correct some of the misconceptions voiced here repeatedly. Apologies to those who already know. So, for the record, here are some facts:
RIPE is able to register IP's and collect the fees because of the MOU with IANA which is paid for by the USA taxpayer.
Not correct. The RIPE NCC is registering IP addresses based on a long string of documentation starting with RFC 1174 and ripe-19, for about 20 years now. The RIPE NCC is a membership organisation, based on its Articles of Asscociation, and funded by its members, according to the RIPE NCC Charging Scheme, agreed to by its members. The IANA function, performed by ICANN, is provided under a zero-cost contract with the US Department of Commerce. ICANN bears the operating cost of IANA. ICANN in turn is financed by its community. The RIRs contribute to the ICANN budget since 1999. RIPE
can collect user fees because they entered into the MOU agreement with IANA.
Not correct. See above. Also, the RIPE NCC has no MoU with IANA. Part of that agreement is to provide certain
services required by the RIR's which includes the whois data. RIPE collected this data under the MOU agreement and has agreed to make the data available under the MOU agreement.
Not correct. The RIPE NCC and ICANN agreed on an MoU establishing ICANN's Address Supporting Organisation. Its purpose is... " - defining roles and processes supporting global policy development, including the relationship between the Internet addressing community (represented by the NRO) and ICANN within the operation of this process; - defining mechanisms for the provision of recommendations to the Board of ICANN concerning the recognition of new RIRs; and - defining accessible, open, transparent and documented procedures for the selection of individuals to serve on other ICANN bodies, including selection of Directors of ICANN and selection of members of various standing committees and ad hoc ICANN bodies." The entire system
hinges on the US government contract with IANA.
This is occasionally debated, but not really relevant for this discussion. As it stands, the activities of the RIPE NCC are determined by its members through the RIPE NCC Activity Plan. Allocations of Internet Number Resources (IP addresses and ASN) to the RIPE NCC are done according to the Policy Development Process, described in Attachment A to the ASO MoU. Links to the relevant documents in order of appearance: ftp://ftp.ripe.net/rfc/rfc1174.txt http://www.ripe.net/ripe/docs/ripe-019 RIPE NCC Activity Plan: http://www.ripe.net/ripe/docs/ripe-543 RIPE NCC Charging Scheme: http://www.ripe.net/ripe/docs/ripe-499 IANA Contract: http://www.icann.org/en/general/iana-contract-14aug06.pdf ASO MoU: http://www.nro.net/documents/icann-address-supporting-organization-aso-mou RIPE NCC Activity Plan: http://www.ripe.net/ripe/docs/ripe-543 kind regards, and have a good weekend, all, Axel
it is difficult to not to correct some of the misconceptions voiced here repeatedly. Apologies to those who already know. So, for the record, here are some facts:
If it is that difficult then why isn't this information on the RIPE web site in a clear fashion and why didn't you respond weeks ago when I first brought this up? The US taxpayer is paying for the US Dept of Commerce to administer this contract. The contact states: "Allocate Internet Numbering Resources - - This function involves overall responsibility for allocated and unallocated IPv4 and IPv6 address space and Autonomous System Number space. It includes the responsibility for delegation of IP address blocks to regional registries for routine allocation, typically through downstream providers, to Internet end-users within the regions served by those registries. This function also includes reservation and direct allocation of space for special purposes, such as multicast addressing, addresses for private networks as described in RFC 1918, and globally specified applications." ... "Secure Data -- The Contractor shall ensure the authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation." As I understand this IANA is responsible for the authentication, integrity, and reliability of the whois data. Thank You
On 1/27/2012 2:01 PM, russ@consumer.net wrote:
If it is that difficult then why isn't this information on the RIPE web site in a clear fashion and why didn't you respond weeks ago when I first brought this up?
They don't work for you. They can't anticipate every question someone might ask. If you have text you want to contribute to a FAQ, feel free to write it and submit it. But mostly you need to take your concerns to ICANN or the US Dept. of Commerce, rather than bothering the nice folks in Europe about things related to the US Dept. of Commerce. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
They don't work for you.
Yes they do. They work for the community and I am part of the community who pays the bills. The attitude you have is typical of ICANNers. They tax and then go tell the people who pay the tax to go jump in the lake when they ask a basic question.
They can't anticipate every question someone might ask.
These are basic questions that relate to the authority to operate which is one of the very. Everyone involved anticipates these questions will be asked. The problem is people like you. For decades you have fostered an approach where only a small of group of people run everything and when people ask basic questions they get responses like you always provide. It seems your main mission is to drive people away. That is why there is a need for someone like me to come on this list. You are the poster child for what is wrong with these ICANN processes. Where is your tag-team buddy (Crispin)? Thank You
On 1/27/2012 2:43 PM, russ@consumer.net wrote:
They don't work for you.
Yes they do. They work for the community and I am part of the community
Alas, that does not mean you get to assign tasks to them, anymore than it means you get to tell the folks down at city hall what daily tasks to perform. You might want to review the practical requirements for functioning administration in delegated democratic structures. The core requirement is to get a substantial support of a significant constituency. Just being a plaintive single voice isn't enough.
pays the bills. The attitude you have is typical of ICANNers.
I haven't had anything to do with ICANN in more than 15 years and wasn't formally part of it then. My involvement was pre-ICANN. So you should consider something more current and substantive if you wish to continue the ad hominem bullying that you are invoking when someone disagrees with you. There's plenty to criticize in my behavior, but please at least try to focus on failings that really do apply to me.
They can't anticipate every question someone might ask.
These are basic questions that relate to the authority to operate which is one of the very. Everyone involved anticipates these questions will be asked.
Everyone? Wow. With such certitude, no doubt you can document that assertion? In reality, what is obvious to one is obscure to another. Again, if you think something should be in a FAQ, then do the work to provide it. That's one of the aspects of community participation that seems to have escaped you.
The problem is people like you.
The problem is people who have no active involvement in any of these administrative activities? That is, after all, the proper description of my role with respect to RIPE and IANA. (Full disclosure: there's an MOU between the IETF and ICANN, concerning a subset of IANA's functions, and I'm part of the IETF side that does the formal renewal. But anyone who thinks that's a substantive task hasn't read the minutes of the IAOC...)
For decades you have fostered an approach where only a small of group of people run everything and when people ask basic questions they get responses like you always provide.
I do apologize for requesting that folks get their facts straight and contribute their own effort to getting things done, rather than their imposing workload on others. If a small group runs things -- and let's skip over the probable error of that assertion -- it's because the rest of the community chooses to be less active. By the way, as for facts, you keep asserting that IANA is a separate legal entity and that the US Dept. Commerce has a contract with them. Since it's already been pointed out that these assertions are incorrect -- and the language at IANA doesn't support your model: <http://www.iana.org/about> perhaps you'd care to point at the legal documents that prove otherwise.
That is why there is a need for someone like me to come on this list.
I could well be wrong, but I doubt that your strident efforts at bullying those who disagree with you is all that productive. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
By the way, as for facts, you keep asserting that IANA is a separate legal entity and that the US Dept. Commerce has a contract with them. Since it's already been pointed out that these assertions are incorrect -- and the language at IANA doesn't support your model: <http://www.iana.org/about> > perhaps you'd care to point at the legal documents that prove otherwise.
It was already posted by Mr. Pawlik: http://www.icann.org/en/general/iana-contract-14aug06.pdf As you can see IANA is a separate legal entity. If you read you can see that ICANN provides the resources for the IANA function but the actual legal entity on the contract is IANA. The contract could have been directly with the legal entity ICANN. I have asked for an explanation as to why this is but I cannot get an answer from IANA/ICANN or DOC. I assume it was done to try to isolate ICANN from liability but that is just speculation.
I could well be wrong, but I doubt that your strident efforts at bullying those who disagree with you is all that productive.
You started with the ad hominem bullying and I just responded in kind. My methods may not help with my immediate issue but in the long run it is good to ruffle some feathers so maybe the next person who has issues like mine will get more consideration than I got from RIPE NCC. I didn't wake up one day and say I want to join a RIPE list and cause trouble. I was going fine for 13 years and now all of a sudden there is a problem and they cut me off. This is the kind of reaction that you will get when things like that are done. Thank You
As you can see IANA is a separate legal entity.
I looked again. it actually says the legal entity is "Internet Corporation for Assigned Names" which I don't think even exists as a legal entity so who knows.
Russ, I do not understand why you waste everyone's time by writing such meaningless messages frequently. If anyone is interested in Facts and Records, they can easily search for it, especially about ICANN, http://www.icann.org/en/about/. The Abuse Working group must focus its attention on more fundamental matters than squabbling about such trivial matters that you constantly bring up. Thank you, Reza Farzan ===========
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of russ@consumer.net Sent: Saturday, January 28, 2012 5:59 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Some Facts for the Record
As you can see IANA is a separate legal entity.
I looked again. it actually says the legal entity is "Internet Corporation for Assigned Names" which I don't think even exists as a legal entity so who knows.
On 1/28/2012 2:45 PM, russ@consumer.net wrote:
assertions are incorrect -- and the language at IANA doesn't support your model: <http://www.iana.org/about> > perhaps you'd care to point at the legal documents that prove otherwise.
It was already posted by Mr. Pawlik:
http://www.icann.org/en/general/iana-contract-14aug06.pdf
As you can see IANA is a separate legal entity. If you read you can see that
Yes, reading carefully is a challenge. What name did you see under "Name and address of Contractor"? I can imagine all sorts of visual and cognitive impairments that might distort what's there, but none that produce "IANA" or any variant, out of what it says, which is ICANN. You seem to have some difficulty with the difference between a legal entity and a function to be performed by that entity. Note that IANA's own language says "department of" ICANN.
As you can see IANA is a separate legal entity. If you read you can see that ICANN provides the resources for the IANA function but the actual legal entity on the contract is IANA.
Since you seem to be saying that something inside the contract refers to IANA as a separate legal entity, please cite the specific language, not just a generic pointer to the whole document.
I could well be wrong, but I doubt that your strident efforts at bullying those who disagree with you is all that productive.
You started with the ad hominem bullying and I just responded in kind.
Please cite the specific language in my original posting that you consider ad hominem. Please note that saying "you are wrong" is not ad hominem. Saying "you are an idiot" or "The problem is people like you" or "you are a bully" is.
My methods may not help with my immediate issue but in the long run it is good to ruffle some feathers so maybe the next person who has issues like mine
Care to point to documents that substantiate some exemplars of this tactic's working, absent community support for that approach? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
This is a good treatise on how outsiders see these 'so-called' community systems like ICANN and RIPE. They come up with all these procedures simply designed to waste people's time so they can drive them away. this guy did extensive documentation of how it works: http://hasbrouck.org/icann/ The people who promote these community systems like RIPE are either delusional or, more likely, they have something to gain (either money, stature, or just the ability to tell others what they can and cannot do). Of course those people would just say there is something wrong with Mr. Hasbrouck as well. As for the current proposal, there is no legal review available to the community and it contradicts the current blocking policy as far as the EU privacy claims so, if the process was legitimate, it should not move forward until the legal review is complete and made available to the public. Since the process is not legitimate I expect that won't happen. Thank You
Hi Russ, Op 27 jan. 2012, om 23:01 heeft russ@consumer.net het volgende geschreven:
If it is that difficult then why isn't this information on the RIPE web site in a clear fashion and why didn't you respond weeks ago when I first brought this up?
Take a look at http://www.ripe.net/internet-coordination/press-centre/publications/annual-r...
The US taxpayer is paying for the US Dept of Commerce to administer this contract.
Euhm… You seem to think that the money is flowing from US to EU. It is the other way around: the RIPE NCC makes an annual contribution to ICANN (€ 234k in 2010, look it up in the annual report of 2010 on page 50).
As I understand this IANA is responsible for the authentication, integrity, and reliability of the whois data.
I think this page covers most of your confusion: http://www.iana.org/abuse/answers, especially the section 'Allocation of IP Addresses'. It starts with 'The IANA maintains a high-level registry of IP addresses.', which is the data that IANA is responsible for. No more, no less. - Sander
Hi, Sorry, bad text editing here…
I think this page covers most of your confusion: http://www.iana.org/abuse/answers, especially the section 'Allocation of IP Addresses'. It starts with 'The IANA maintains a high-level registry of IP addresses.', which is the data that IANA is responsible for. No more, no less.
Which should have read: I think this page covers most of your confusion: http://www.iana.org/abuse/answers, especially the section 'Allocation of IP Addresses'. It starts with 'The IANA maintains a high-level registry of IP addresses.', which is the >> kind of << data that IANA is responsible for. No more, no less. I'm not implying that IANA is only responsible for IPv4 :-) Sander
'The IANA maintains a high-level registry of IP addresses.', which is the >> kind of << data that IANA is responsible for. No more, no less. I'm not implying that IANA is only responsible for IPv4 :-) Sander
Are you saying that IANA is not responsible for the whois data, just for high level data of IP address allocation? It seems to me that that is the way it is being done but it also seems to me that the controlling document (the contract between IANA and Us Government) does not say that. It says the addresses are allocated through downstream providers (the RIRs) but that IANA is still responsible for the data integrity. As I understand it the RIR's are subcontractors and IANA is supposed to make sure the subcontractors handle the registration data properly. There is supposed to be a document that IANA produces which are the requirements for the RIR's. I have asked for this document but IANA won't give it to me. I suspect this document has the whois requirements for RIRs but since they won't give it to me I can only speculate and I have to go by what is says in the IANA contract . It says that the USA owns the data and IANA is responsible for "authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation." The whois data is "data relevant to ... IP address allocation." So, according to this, IANA is not supposed to allocate IP addresses to any RIR unless IANA can ensure the "authentication, integrity, and reliability of the data." Thank You
Hi,
'The IANA maintains a high-level registry of IP addresses.', which is the >> kind of << data that IANA is responsible for. No more, no less. I'm not implying that IANA is only responsible for IPv4 :-) Sander
Are you saying that IANA is not responsible for the whois data, just for high level data of IP address allocation?
Yes
It seems to me that that is the way it is being done but it also seems to me that the controlling document (the contract between IANA and Us Government) does not say that.
That is between IANA (well, ICANN since IANA is a function of ICANN) and the US Government… If ICANN promised responsibility for something they have no control over, then that is a problem for them. But I leave that to someone from ICANN because I am not involved with either ICANN or the US Government, so I can't speak for them or make statements about contracts they might have signed.
It says the addresses are allocated through downstream providers (the RIRs) but that IANA is still responsible for the data integrity. As I understand it the RIR's are subcontractors and IANA is supposed to make sure the subcontractors handle the registration data properly.
No, that is not how it works.
There is supposed to be a document that IANA produces which are the requirements for the RIR's. I have asked for this document but IANA won't give it to me.
I don't know which document you are talking about, unless you are talking about RFC 2050. It contains guidelines and is a 'representation of the current practice of the IP address registries with respect to address assignment' in 1996.
I suspect this document has the whois requirements for RIRs but since they won't give it to me I can only speculate and I have to go by what is says in the IANA contract .
'Suspect' and 'speculate'. Not very good grounds to build an argument on… Look at section 2.2 of RFC 2050. I think that comes close to what you are talking about.
It says that the USA owns the data and IANA is responsible for "authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation."
Of course: 'in performing the IANA requirements'. IP address allocation from IANA to the RIRs. That is the IANA requirement.
The whois data is "data relevant to ... IP address allocation." So, according to this, IANA is not supposed to allocate IP addresses to any RIR unless IANA can ensure the "authentication, integrity, and reliability of the data."
No, that is not what it says… Sander
As I understand it the RIR's are subcontractors and IANA is supposed to make sure the subcontractors handle the registration data properly.
PS: You seem to have a top-down view, while this is a bottom-up world. Communities (like the RIPE community) set policy, and the RIR (RIPE NCC) implements that policy. On a global scale: when the communities of all RIRs agree on a global policy (see http://www.nro.net/policies/global-policies-development-process) then it gets implemented by ICANN (performing the IANA role). - Sander PS: list, please excuse me for all this off-topic stuff. I'm trying to solve this argument in a polite way. I'll take it off-list now. PPS: Russ, please send your messages off-list as well. This is not about abuse anymore but on policy structure...
That is between IANA (well, ICANN since IANA is a function of ICANN) and the US Government…
The contract is with IANA (ICANN provides the resources but IANA is a distinct legal entity that entered into the contract). The contract allows IANA to delegate the IP's but they are responsible for the data surrounding the allocation. What it boils down to is that IANA has the ultimate responsibility for the data. When they allocate the IP's to someone else it is still IANA's responsibility for the authentication, integrity, and reliability of the data is still with IANA. I will agree that speculating on what the RIR requirements is not the basis for a stance on an issue. However, neither is "we have always done it this way." I looked at RFC 2050 and I see no issues there. IANA is allowed to delegate things to the RIR's and the RIR's can develop local policies for local issues. However, IANA is still ultimately responsible for the data. If some data responsibility is to transferred to the RIR then it would not be that big a deal to change the contract but the US Government must agree. IANA does not have the authority to transfer this responsibility on their own. I cannot immediately find the reference to IANA requirements for RIRs. I would speculate that there is a whois requirement like all the ICANN requirements for domain registries. That would bolster my argument but my argument does not hinge on that, it hinges on the IANA contract wording. If IANA had the authority to delegate something to someone else the contract would say so. It does say IANA can delegate the IP address space to regional registries but it does not say IANA can transfer the responsibility for the authentication, integrity, and reliability of the data to the RIRs.
PS: You seem to have a top-down view, while this is a bottom-up world.
Yes. I have seen how this "bottom up" and "transparent" system works. How many transparency initiatives has ICANN had now? They seem to have one very few months ever since they started but they all fail. I had signed up for some type of community voting system years ago and what ever happened to that? I remember they harassed one Board member who used to suggest adding TLD's. Of course now that they came up with this big money grab scheme suddenly it is all the rage. I just don't believe or trust any of these ICANN or ICANN-like processes. I think ICANN was set up to tax people and the people paying the taxes have no say whatsoever. Since it is set up as a corporation rather than a government agency it circumvents one of the basic rights of taxpayers which is the access to the information (in the USA it is called the Freedom of Information Act or FOIA). Thank you
On Thu, Jan 26, 2012 at 06:55:22AM -0500, russ@consumer.net wrote:
People keep saying my posts are off-topic when, in fact, they are on topic but people just don't agree.
People cannot agree to anything, since you are ignoring these mails. Bashing on EU and dutch privacy regulations and RIPC NCC itself on a mailinglist whose topic is about tackling online abuse is off-tooic. *PLONK* Adrian
participants (13)
-
Adrian -
Aftab Siddiqui -
Axel Pawlik -
Bradley Freeman -
Dave CROCKER -
Gert Doering -
Ian Eiloart -
James Davis -
Michele Neylon :: Blacknight -
Reza Farzan -
russ@consumer.net -
Sander Steffann -
Wout de Natris