2013-01 Discussion Period extended until 26 June 2013 (Openness about Policy Violations)
All, please find below comments on 2013-01 v2.0. I refer to: https://www.ripe.net/ripe/policies/proposals/2013-01
1. Transparency on reported policy violations
The RIPE NCC accepts reports about Internet number resource registrations such as violation of RIPE Policies and RIPE NCC Procedures, provision of untruthful information to the RIPE NCC, bankruptcy, liquidation or insolvency of resource holders and incorrect contact information in the RIPE Database.
The RIPE NCC will handle all such reports and publish statistics about such reports publicly.
The RIPE NCC will publish regularly statistics of the reports that have been received but not yet closed. These statistics will show the number of reports in each of the following categories:
'new': Submitted but not being investigated yet 'under-investigation': The RIPE NCC is investigating the report
In addition to these running totals the RIPE NCC publishes statistics about how these reports have been closed. These statistics are divided into the following categories:
'closed, out-of-scope': The report is out of scope for the RIPE NCC reporting system 'closed, resolved-by-holder': The resource holder has resolved any problems 'closed, resources-returned': The report has led to resources being returned to the RIPE NCC 'closed, no-violation': After investigation the RIPE NCC could not find any violation of policy
The text needs to state explicitly that this reporting is anonymised, ie does not contain any information that can be used to identify either the resource or the holder.
2. Progress
The RIPE NCC will provide a way to follow the progress of the investigation for both the person submitting a report and the organization(s) mentioned in the report.
This information will not be published publicly.
This is better than v1.0 but still leaves room for abuse, viz. there is no mechanism to ensure the information provided by the NCC is not published by the submitter. A possible solution would be to restrict submission of complaints to the LIRportal , thereby ensuring that the submitter is contractually obliged to the NCC and disclosure of this information can be appropriately sanctioned. Such sanctions would need to be enough to discourage abuse.
3. Transparency on reclaimed resources
As the 'delegated' files show the resources that the RIPE NCC has delegated to others, so will the 'returned' files show the resources delegated or returned to the RIPE NCC. The format of the 'returned' files will be publicly published to facilitate automatic processing.
The reason for resources being returned can be:
'returned': Returned by the holder 'contact-lost': The RIPE NCC could not contact the holder 'policy-violation': Reclaimed because of a policy violation
I'd like to know more about the use-case for this, particularly under the aspect of "automated processing" On balance, this is better than the first attempt, however I still think that the rights of members are insufficiently safeguarded. Thus I remain opposed to this version too. Kind Regards, Sascha Luck
Hi Sascha,
The text needs to state explicitly that this reporting is anonymised, ie does not contain any information that can be used to identify either the resource or the holder.
I have no problem with that.
The RIPE NCC will provide a way to follow the progress of the investigation for both the person submitting a report and the organization(s) mentioned in the report.
This information will not be published publicly.
This is better than v1.0 but still leaves room for abuse, viz. there is no mechanism to ensure the information provided by the NCC is not published by the submitter. A possible solution would be to restrict submission of complaints to the LIRportal , thereby ensuring that the submitter is contractually obliged to the NCC and disclosure of this information can be appropriately sanctioned. Such sanctions would need to be enough to discourage abuse.
I don't see any further role for the RIPE NCC here. Certainly not in regard to defining 'sanctions'. The RIPE NCC is not the police. Maybe we have different ideas about what 'follow the progress' means. I certainly don't mean the content of every e-mail sent or received, but some kind of status indicator. The NCC will very probably define terms and conditions for any information they disclose. I certainly don't intend that the NCC breaks its confidentiality agreements etc. If you want to define more strictly in policy what should and should not be published then please provide text.
3. Transparency on reclaimed resources
As the 'delegated' files show the resources that the RIPE NCC has delegated to others, so will the 'returned' files show the resources delegated or returned to the RIPE NCC. The format of the 'returned' files will be publicly published to facilitate automatic processing.
The reason for resources being returned can be:
'returned': Returned by the holder 'contact-lost': The RIPE NCC could not contact the holder 'policy-violation': Reclaimed because of a policy violation
I'd like to know more about the use-case for this, particularly under the aspect of "automated processing"
It just says that the file format will be published in a well defined and publicly known format. What exactly is your point here? Cheers, Sander
Hi Sander, On Tue, Jun 04, 2013 at 10:08:44PM +0200, Sander Steffann wrote:
submission of complaints to the LIRportal , thereby ensuring that the submitter is contractually obliged to the NCC and disclosure of this information can be appropriately sanctioned. Such sanctions would need to be enough to discourage abuse.
I don't see any further role for the RIPE NCC here. Certainly not in regard to defining 'sanctions'. The RIPE NCC is not the police.
OK, forget about sanctions which, in any case, would only be related to possible breach of contract. The identity of the complainant must be known to, and verified by, the NCC though (LIRportal?) and discoverable in case of abuse. I don't want to leave room here for spurious complaints from fake@address.com that the NCC would be obliged to act on.
I'd like to know more about the use-case for this, particularly under the aspect of "automated processing"
It just says that the file format will be published in a well defined and publicly known format. What exactly is your point here?
I'm just wondering whether there is any use for this information besides idle curiosity. rgds, Sascha
To prevent abuse and to give the holder a fair chance to resolve any policy violation before the report is published there has to be a time for a reply of four weeks. If the holder has resolved all problems before expiration of the deadline, the report is not published. Best regards Carsten Brückner
In message <C9593F67FE4B1342BBC009DF73251B2C1DD78B3B@S01KR973.intern.dir>, "DOI (BIT A 5)" <doi@bva.bund.de> wrote:
To prevent abuse and to give the holder a fair chance to resolve any policy= violation before the report is published there has to be a time for a repl= y of four weeks. If the holder has resolved all problems before expiration = of the deadline, the report is not published.
Four weeks? Yea. Sure. That seems fair. After all, we all know how much more slowly electrons travel in Europe. Not to mention the two months they get off in the summertime. And then there is paternity leave, you know, after they have just had a a baby electron. Maybe we should make it 12 weeks, you know, to give people a chance to setttle in if they have just come back from summer holiday.
participants (4)
-
DOI (BIT A 5) -
Ronald F. Guilmette -
Sander Steffann -
Sascha Luck