On Wed, Nov 29, 2000 at 01:25:30PM +0100, Wilfried Woeber, UniVie/ACOnet wrote:
=> I'm writing for your opinions, suggestions, and comments regarding updating => the RIPE database with assignments made for broadband (xDSL) customers. As => you may or may not be aware, ADSL is now being offered in the UK, which => has very strict data protection laws. We offer ADSL services as a NATted = =IP addresses and data related to them is international resource. =I don't think you should apply any law in UK when we talk about =RIPE(.int) resources.
But that doesn't mean the people *collecting* customer related info *and transferring that data to somewhere abroad* would be exempt from local laws. Quite the opposite holds true for many (most?) countries...
It depends on the level of "responsibility" and functionality granted to and exercised by that end site. As I've said in a private mail already, we should ask the question about the usefulness of "assigning" (in the good old sense) very small amounts of addresses to sites which are tied in to the services of their provider anyway. I guess most of the ADSL, dial-up, cable-TV connection assignments sh/could be reviewed from that point of view.
The name and address info in the RIPE database needs to contain the person (or organisation) responsible for a certain amount of IP space, in my opinion. So, if an ISP wants to be responsible for the IP space it hands out to customers, then the ISP should be free to fill in their own name and address. This gives ISPs the freedom to fill the RIPE db with names and addresses of customers (that saves them the hassle of dealing with for example abuse coming from that site), or putting their own name in it (meaning they have to respond actively to for example abuse reports, which is the ISP's job anyway).
I then asked the following question: "So you are going to collect information, but you are going to hide it. Fair enough. Have you thought about criteria and/or mechanisms to disclose that information, either to entites with a "valid" interest and/or to law enforcement?"
I did not receive a useful answer.
Just as a virtual poll - would anyone in the RIPE region care to propose criteria and/or mechanism?
Leave it as is. The current mechanism is fine, offering the information to virtually anyone. Keeping any information "private" to all LIRs is not going to be easy, and it's impossible to guarantee the data is never leaked. -- #!perl -pl # This kenny-filter is virus-free as long as you don't copy it $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):('m',p,f)[map{((ord$&)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet