Ronald On Sun, 19 Jun 2022, 11:50 Ronald F. Guilmette via db-wg, <db-wg@ripe.net> wrote:
I have already and on multiple occasions made my views known regarding the currently pending proposal to have RIPE NCC perform a unrequested and blanket redaction of all natural person snail-mail address information from the RIPE data base.
The RIPE NCC will not be redacting anything. And let's be clear, we are talking here about 'postal' addresses. Nontheless, I will now attempt to briefly recap my objections
to this proposal, and then, in a separate email to follow, I will attempt to repsond directly to some of the points made most recently by the main proponent of this proposal, denis.
In brief, I am opposed because:
*) This change, if adopted, would materially damage transparency in a manner that is unambiguously detrimental to the interests of law enforcement, private anti-abuse researchers, and the community as a whole. This change, if implemented, would be of benefit primarily and perhaps even exclusively to cybercriminals and other types of Internet miscreants.
There is no transparency in undefined, unverified data.
*) Any member who wishes to have his, or her, or its actual physical address concealed
'actual' is an interesting choice of wording. This 'actual' address is actually undefined to anyone but the person who entered it. in the public-facing WHOIS data base can effect
that exact change for themselves, easily and cheaply, without any assistance or intervention of the part of RIPE NCC.
This can be
accomplished by renting a P.O. box and/or by any number of other and similar means, as I have previously noted.
Similar means, ie entering false, meaningless free text data. Or a PO box which Europol considered a dead end in their video I referenced.
The very fact that nobody, or essentially nobody has, to date, elected to hide their physical address via such means itself supports the validity of my next point.
Many people do use a PO box or misleading addresses, as mentioned by Europol in their video.
*) Essentially nobody is asking for this change. This proposal is an example of the tail waging the dog, i.e. a tiny, vocal, and otherwise insignificant but noisy minority dictating a poor policy choice which, if adopted, the entire RIPE community (and indeed the entire planet) will have to pay the price for, forever after -- that price being not only the effort needed on RIPE NCC's part to implement this change,
Nothing more than their normal ARCs but more importantly the price of a loss of transparency, and
the short and long term implications of that.
Loss of false and misleading data.
(I expect that if this scheme of forced and unrequested redactions is adopted, it will not be the last such change, and that the ultimate endpoint actually desired by those opposed to transparency will be that the entire RIPE WHOIS data base will eventually be placed under lock and key, never again to be seen by anyone not possessing a formal legal warrant. This, of course, would be an absolute disaster for the community of actual network operators, as differentiated from armchair privacy warriors.)
Please stop these emotive, utter nonsense, slippery slope, scare mongering arguments.
*) Contrary to the ill-informed and fuzzy legal musings of the lone two proponents of this proposal, there exists no legal basis for such a change to the public facing data base. The postulated legal mandate regarding the content of the data base (or, more accurately, on the absence of content) simply does not exist, and no such legal mandate has existed at any time since GDRP came into full effect, way back in May 2018, over four full years ago now. If any such legal mandate had in fact existed, then we all would have known about it long before now.
I actually presented on this very point at a RIPE meeting a few years ago, shortly after the introduction of GDPR.
If there either is or was any actual legal basis or compelling legal motivation for this policy change, then this total obfsucation of natural person mailing addresses would have been implemented already, and some time ago. But as we here in the real world all know, there are no actual GDPR policemen banging on RIPE's door and demanding this dramatic departure from literally all historical practice, both in the RIPE region and in all orther regions -- historical practice that dates back even well more than 20 years, since before even the formation of ARIN in 1997.
I advocated this in my presentation a few years ago. Everything takes time to effect on the RIPE community. If the appropriate authorities were to study the RIPE Database purposes, content and operation in detail they would indeed be knocking on some doors...
'Historical' practise is no guarantee of 'for life'. cheers denis Proposal author
Regards, rfg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg