ncc-services-wg
Threads by month
- ----- 2025 -----
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
October 2018
- 32 participants
- 15 discussions

@EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
by Marcolla, Sara Veronica 10 Oct '18
by Marcolla, Sara Veronica 10 Oct '18
10 Oct '18
Hi Erik,
I must disagree. Information about the location of legal incorporation of a company has nothing to do with the privacy of an individual as a natural person. I think we should be very clear on this. We have repeated across this mailing list several times now, this is why the amendment to the proposal was put up for discussion in the first place. I (personally) believe it is a very slippery slope to consider legal persons having the same rights as natural persons - but this is not the place to discuss this.
Best,
Sara
-----Original Message-----
From: Erik Bais [mailto:ebais@a2b-internet.com]
Sent: 10 October 2018 17:06
To: Marcolla, Sara Veronica
Cc: 'ncc-services-wg(a)ripe.net'; 'Alex Le Heux'
Subject: Re: [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
Hi Sara,
> It won't happen that the warrants will be sent to Amsterdam.
That isn't correct as this is already happening ..
As an ISP (and LIR), with international customers or users of our IP Space, it is possible to get an international request for legal assistance of information.
Those will be handled by the (in my case) Dutch Justice department and the responsible party (us) in that case will be officially informed.
If that would be to the RIPE NCC or a Dutch ISP or LIR, is not different.
That either (RIPE NCC or Europol or other LEA) are not waiting for such a process, I can understand. I would also like someone else to do my work and still get paid..
In this case I think the right to privacy for the individual is far more important than having all sorts of private information published across the internet.
Regards,
Erik Bais
On 10/10/2018, 16:48, "ncc-services-wg on behalf of Marcolla, Sara Veronica" <ncc-services-wg-bounces(a)ripe.net on behalf of Sara.Marcolla(a)europol.europa.eu> wrote:
Hi Alex,
It won't happen that the warrants will be sent to Amsterdam. It will happen instead that time is wasted sending a warrant to a place where a bunch of engineers are busy trying to do their work, with provisions valid for that jurisdictions, and that would be turned down because it should have been sent to another place with another jurisdiction. Meanwhile, evidence of a crime might be lost because of the delay and compliance with data retention laws.
Best,
Sara
-----Original Message-----
From: Alex Le Heux [mailto:alexlh@funk.org]
Sent: 10 October 2018 16:39
To: Marcolla, Sara Veronica
Cc: ncc-services-wg(a)ripe.net
Subject: Re: @EXT: RE: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
Hi Sara,
> I agree with you, there is a numerous series of instruments aiding investigators to deliver a warrant, once the jurisdiction of said receiver of the warrant is clear. This is exactly the point :)
>
> So, would you agree on the adjusted proposal (of publishing publicly available in national company registries) or not?
I would not.
In your proposal, you write:
For members, independent resource holders, and legacy resource holders with a contractual relationship, the RIPE NCC already has company registration papers, which will usually include the legal address
This means that any law enforcement agency already knows that the warrant should be served in Amsterdam. I see no reason to publish additional information publicly.
Regards,
Alex
>
> Best,
> Sara
>
> -----Original Message-----
> From: Alex Le Heux [mailto:alexlh@funk.org]
> Sent: 10 October 2018 16:05
> To: Marcolla, Sara Veronica
> Cc: ncc-services-wg(a)ripe.net
> Subject: Re: [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
>
> Hi Sara,
>
> Assuming that law enforcement indeed has insurmountable problems obtaining the address of a resource holder during an investigation, and given all the international mechanisms and legislation currently in place, I think this is a big assumption, is there really no better idea you can come up with besides just publishing a bunch of personal information in a public database?
>
> Regards,
>
> Alex Le Heux
>
>> On Oct 10, 2018, at 07:21 , Marcolla, Sara Veronica <Sara.Marcolla(a)europol.europa.eu> wrote:
>>
>> Hi Mark,
>>
>> You are indeed right. Very often self-employed people and really tiny undertakings with specific activities operate from the private address of the owner which then doubles as the address of the undertaking. However, for what I can understand this Regulation does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person. But even those have to be somewhat recorded as businesses in their country, right?
>>
>> I would like to clarify that the aim of the proposal was never aimed to publish information for which a warrant is needed. Only data that is publicly available in national company registries.
>>
>> This is why I am actually liking a lot your idea of publishing the number provided by a chamber of commerce or similar in the specific country. This wouldhelp to unambiguously identify the resource holder, without prejudice to the privacy of the individuals. The NCC has the registration number from the registration papers that resource holders must sent them. Many countries allow now to verify company details online, and for the others, it will be a small step of additional due diligence (like thoroughly checking the registration paper or asking for additional documentation). Implementing it could imply slightly more manual work as we only started recently to save the registration numbers of new members. Still, that would be something RIPE NCC would need to sort out if such proposal would reach consensus.
>>
>> @ All
>>
>> What would you think if the proposal would be adjusted in that way (to publish the registration number and the country of registration for resource holder)?
>>
>> If there is a CSIRT rep on the list I’d as well like to hear their opinion on this.
>>
>> Kind regards,
>> Sara
>>
>>
>>
>> From: Mark Scholten [mailto:mark@mscholten.eu]
>> Sent: 10 October 2018 12:32
>> To: Marcolla, Sara Veronica; ncc-services-wg(a)ripe.net
>> Subject: RE: @EXT: RE: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
>>
>> Hello Sara,
>>
>> If no address is used that is used as a home by someone and it is verified by RIPE NCC it can work. However a business address can be a home address at the same time. When that happens I'm strongly against publishing it.
>>
>> A better option is to mention the country off the resource holder and a number provided by a chamber of commerce or similar in the specific country. And if they don't have that some other number that can be used to identify the organization. That way the legal system can work as normal (you can find someone based on this number) and no new publication of an address is required.
>>
>> At this moment I'm against this proposal and as long as at least this isn't resolved I will be against.
>>
>> Kind regards,
>> Mark
>>
>> From: Marcolla, Sara Veronica [mailto:Sara.Marcolla@europol.europa.eu]
>> Sent: Thursday, September 27, 2018 23:58
>> To: Mark Scholten; ncc-services-wg(a)ripe.net
>> Subject: @EXT: RE: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
>>
>> Hi Mark,
>>
>> I read your concern about individual privacy and I am sure that in the implementation of the policy, the safeguards and guarantees that are aimed at protecting personal privacy and individual rights, especially following the provisions of the GDPR, will be guaranteed. On this point, I believe that even in this strong disagreement, we do agree.
>>
>> The aim of the policy, as you indeed understand, is to publish the location of where to address non-technical concerns. That we like it or not, there are other reasons that call for the need of quickly contacting a resource holder other than a merely technical issue. And as Internet is global but chamber of commerce databases are local, it is to be welcome an addition to a database that can serve this purpose. Do you agree?
>>
>> In this sense, it is indeed helping to speed up legal processes - and it speeds up the most basic first hurdle, that is “to whom can I address my concerns that are not of (purely) technical nature”? I am not only speaking here of Law Enforcers - but I am also speaking here of all those entities that have to put into practice provisions coming from the NIS Directive for example, or perhaps even the GDPR. All these require to immediately contact for legal reason an entity, and this policy proposal would be a step into this direction. All what can be done on the technical level (and you rightfully mention RPKI and other measures surely effective technically) needs to be complemented by what can be done to facilitate certain processes in place that require actions other than technical. There are as well as you say other actions to speed up other parts of the legal process and they are being explored, but this proposal complements them, does not substitute them. I know. It might sound a little philosophical but is in the end reflecting the reality of what internet is now: not only a community of technicians and enthusiasts, but a wider one.
>>
>> Kind regards,
>> Sara Marcolla
>>
>> Typed with a very tiny keyboard this mistakes can occur
>>
>> From: Mark Scholten <mark(a)mscholten.eu>
>> Date: Thursday, 27 Sep 2018, 10:12 PM
>> To: ncc-services-wg(a)ripe.net <ncc-services-wg(a)ripe.net>
>> Subject: Re: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
>>
>> Hello,
>>
>> This should have come from my personal account.
>>
>> This are my personal opinions.
>>
>> Regards, Mark
>>
>>> -----Original Message-----
>>> From: ncc-services-wg [mailto:ncc-services-wg-bounces@ripe.net] On Behalf
>>> Of Stream Service
>>> Sent: Thursday, September 27, 2018 23:08
>>> To: ncc-services-wg(a)ripe.net
>>> Subject: Re: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of
>>> Legal Address of Internet Number Resource Holder)
>>>
>>> Hello,
>>>
>>> I'm against this policy. Publishing the a number that refers to some local
>>> chamber of commerce registration is not a problem for me (if the resource
>>> holder is a company). However having an extra location to publish the
>>> address is something I'm against. Especially when the address/building is
>>> also the home of someone. If someone has a genuine right to obtain the
>>> address they will likely be able to get it anyway.
>>>
>>> Also in some cases the resource holder is a natural person. Please keep
>> this
>>> in mind with any policy that is created.
>>>
>>> This policy greatly violates any privacy law that might apply. At least
>> when
>>> the home address of someone is published. If it is a private person that
>> is
>>> the resource holder publishing the address is also a privacy violation I
>>> believe.
>>>
>>> Now about the rationale:
>>>
>>>> To make it more difficult for malicious actors to hijack block of IP
>>> addresses and therefore play a preventive role in protecting the community
>>> against malicious actors
>>>
>>> I don't believe this to be true. The only thing that really helps against
>>> malicious actors are technical actions that can be taken by networks to
>>> prevent accepting any routes that are not good. RPKI might help and other
>>> options might exist or can be created in the future when there is a
>> problem.
>>> A non-technical solution will not help in this situation.
>>>
>>>> Competent authorities to serve legal process to the party responsible
>> for
>>> the resources
>>>
>>> There are already legal options to get the relevant information and to
>>> contact the resource holder. No change for this is required to make it
>>> possible.
>>>
>>>> To reduce delays in serving legal process, avoid lost leads and evidence
>>>
>>> A better option for this is to look into the legal process and try to
>> speed
>>> that up in general. This doesn't help for it.
>>>
>>> In short: I'm strongly against the policy.
>>>
>>> Regards, Mark
>>>
>>>> -----Original Message-----
>>>> From: ncc-services-wg [mailto:ncc-services-wg-bounces@ripe.net] On
>>> Behalf
>>>> Of Marco Schmidt
>>>> Sent: Thursday, September 27, 2018 15:11
>>>> To: ncc-services-wg(a)ripe.net
>>>> Subject: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of
>>> Legal
>>>> Address of Internet Number Resource Holder)
>>>>
>>>> Dear colleagues,
>>>>
>>>> A new RIPE Policy proposal, 2018-05, "Publication of Legal Address of
>>>> Internet Number Resource Holder", is now available for discussion.
>>>>
>>>> The goal of the proposal is for the RIPE NCC to publish the validated
>>>> legal address information of holders of Internet number resources.
>>>>
>>>> You can find the full proposal at:
>>>> https://www.ripe.net/participate/policies/proposals/2018-05
>>>>
>>>> As per the RIPE Policy Development Process (PDP), the purpose of this
>>>> four-week Discussion Phase is to discuss the proposal and provide
>>>> feedback to the proposer.
>>>>
>>>> At the end of the Discussion Phase, the proposer, with the agreement of
>>>> the RIPE Working Group Chairs, decides how to proceed with the proposal.
>>>>
>>>> We encourage you to review this proposal and send your comments to
>>>> <ncc-services-wg(a)ripe.net> before 26 October 2018.
>>>>
>>>> Kind regards,
>>>>
>>>> Marco Schmidt
>>>> Policy Officer
>>>> RIPE NCC
>>>>
>>>> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
>>>
>>>
>>
>>
>>
>> *******************
>>
>> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
>> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>>
>> *******************
>> *******************
>>
>> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
>> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>>
>> *******************
>
>
> *******************
>
> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>
> *******************
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
3
2
Dear All,
regarding message 1 : If we all agree that personnal ie individual data
has to be removed from direct access and that the legal address has to
be published, I would say that on an investigative view, it doesn't
always matter who we are asking for some data. For sure it helps knowing
who is working within any company especially when you are questionning
yourself wether the company is a fraud or not but this is not the majority.
I would say that what is important to get an idea of how big the company
is. Are we going to request the CEO ? The legal adviser (if he exists) ?
Maybe wihtin the unit or office in charge of dealing with requests could
be published too.
To randy, I would like to say that I don't understand what he pmeans by
"whois is useless and should die".
As I am new in this group, I might have missed something. Could you
explain what you mean ?
regards
cv
Pour une administration exemplaire, préservons l'environnement.
N'imprimons que si nécessaire.
-------- Message original --------
*Sujet: *[INTERNET] ncc-services-wg Digest, Vol 79, Issue 3
*De : *ncc-services-wg-request(a)ripe.net
*Pour : *ncc-services-wg(a)ripe.net
*Date : *09/10/2018 12:00
> Send ncc-services-wg mailing list submissions to
> ncc-services-wg(a)ripe.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.ripe.net/mailman/listinfo/ncc-services-wg
> or, via email, send a message with subject or body 'help' to
> ncc-services-wg-request(a)ripe.net
>
> You can reach the person managing the list at
> ncc-services-wg-owner(a)ripe.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of ncc-services-wg digest..."
>
>
> Today's Topics:
>
> 1. @EXT: 2018-05 New Policy Proposal (Publication of Legal
> Address of Internet Number Resource Holder) - updating the
> proposal? (Marcolla, Sara Veronica)
> 2. Re: @EXT: 2018-05 New Policy Proposal (Publication of Legal
> Address of Internet Number Resource Holder) - updating the
> proposal? (Randy Bush)
> 3. Re: @EXT: 2018-05 New Policy Proposal (Publication of Legal
> Address of Internet Number Resource Holder) - updating the
> proposal? (Carlos Fria?as)
> 4. @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal
> Address of Internet Number Resource Holder) - updating the
> proposal? (Marcolla, Sara Veronica)
> 5. Re: @EXT: 2018-05 New Policy Proposal (Publication of Legal
> Address of Internet Number Resource Holder) - updating the
> proposal? (Nik Soggia)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 8 Oct 2018 15:46:47 +0000
> From: "Marcolla, Sara Veronica" <Sara.Marcolla(a)europol.europa.eu>
> To: "'ncc-services-wg(a)ripe.net'" <ncc-services-wg(a)ripe.net>
> Subject: [ncc-services-wg] @EXT: 2018-05 New Policy Proposal
> (Publication of Legal Address of Internet Number Resource Holder) -
> updating the proposal?
> Message-ID:
> <ED32B03A4D1A7448B86844EED9D4845D4EA5BF82(a)COIMBRA.europol.eu.int>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi everyone,
>
> All the comments exchanged in the list made me thinking a lot about the wording of this proposal. I have noticed that the lively discussion around the policy is bringing a lot of attention on the dichotomy between the individual (which I agree completely, should be protected in their fundamental rights, with provisions such as the GDPR and others), and the company/corporation. It seems to me so far that many of us would indeed support the idea of having the legal address published of companies, but having concerns about personal data. The aim of this proposal is indeed to focus on companies, not individuals, and even the smallest company has to be registered as such (if not for other reasons, for tax reasons). Individuals will be anyways protected by a hierarchically higher set of rules: the fundamental rights, such as those championed by GDPR for example.
>
> At this point I am asking whether you support a proposal, the clarifies that only the legal address of companies will be published, and that states clearly that individuals information will be protected? After all, the reasoning here is that if a resource holder is registered with a national company registry, they have a legal address which can be published. This legal address is usually publicly available anyhow and can be then validated by the RIPE NCC.
>
> Looking forward to hear the feedback to this idea for an amendment to the proposal.
>
> Sara
> *******************
>
> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>
> *******************
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 08 Oct 2018 09:30:39 -0700
> From: Randy Bush <randy(a)psg.com>
> To: "Marcolla, Sara Veronica" <Sara.Marcolla(a)europol.europa.eu>
> Cc: "'ncc-services-wg(a)ripe.net'" <ncc-services-wg(a)ripe.net>
> Subject: Re: [ncc-services-wg] @EXT: 2018-05 New Policy Proposal
> (Publication of Legal Address of Internet Number Resource Holder) -
> updating the proposal?
> Message-ID: <m2y3b8e6z4.wl-randy(a)psg.com>
> Content-Type: text/plain; charset=US-ASCII
>
>> At this point I am asking whether you support a proposal, the
>> clarifies that only the legal address of companies will be published
> not particularly
>
> the contract is between the ncc and the registrant; not the community
> and the registrant.
>
> whois (not the irr, which is confuddled with it in the ripe registry)
> is useless and should die.
>
> randy
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 8 Oct 2018 22:50:25 +0100 (WEST)
> From: Carlos Fria?as <cfriacas(a)fccn.pt>
> To: "Marcolla, Sara Veronica" <Sara.Marcolla(a)europol.europa.eu>
> Cc: "'ncc-services-wg(a)ripe.net'" <ncc-services-wg(a)ripe.net>
> Subject: Re: [ncc-services-wg] @EXT: 2018-05 New Policy Proposal
> (Publication of Legal Address of Internet Number Resource Holder) -
> updating the proposal?
> Message-ID:
> <alpine.LRH.2.21.1810082238040.25543(a)gauntlet.corp.fccn.pt>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
>
>
> On Mon, 8 Oct 2018, Marcolla, Sara Veronica wrote:
>
>> Hi everyone,
> Greetings,
>
>
>> All the comments exchanged in the list made me thinking a lot about the
>> wording of this proposal. I have noticed that the lively discussion
>> around the policy is bringing a lot of attention on the dichotomy
>> between the individual (which I agree completely, should be protected
>> in their fundamental rights, with provisions such as the GDPR and
>> others), and the company/corporation. It seems to me so far that many of
>> us would indeed support the idea of having the legal address published
>> of companies, but having concerns about personal data. The aim of this
>> proposal is indeed to focus on companies, not individuals, and even the
>> smallest company has to be registered as such (if not for other reasons,
>> for tax reasons). Individuals will be anyways protected by a
>> hierarchically higher set of rules: the fundamental rights, such as
>> those championed by GDPR for example.
> Well, LIR addresses are already published on the RIPE NCC's website.
> LIR's customers addresses may not be part of whois.ripe.net... well...
> i know some LIRs tend to protect their customers identity, to prevent
> competitors to approach them with better contractual conditions (this is
> not the case of the LIR i work for, which is a NREN)
>
>
>> At this point I am asking whether you support a proposal, the clarifies
>> that only the legal address of companies will be published, and that
>> states clearly that individuals information will be protected? After
>> all, the reasoning here is that if a resource holder is registered with
>> a national company registry, they have a legal address which can be
>> published. This legal address is usually publicly available anyhow and
>> can be then validated by the RIPE NCC.
> I see added value in "validation by the RIPE NCC", despite the natural
> cost this will bring...
>
> However, i wonder what should be the procedure if RIPE NCC finds that
> company X registers a new company Y in a different country/economy
> resorting to a "virtual office" address.
>
>
>> Looking forward to hear the feedback to this idea for an amendment to the proposal.
> Good luck!
>
>
> Best Regards,
> Carlos
>
>
>> Sara
>> *******************
>>
>> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
>> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>>
>> *******************
>>
>>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 9 Oct 2018 07:41:15 +0000
> From: "Marcolla, Sara Veronica" <Sara.Marcolla(a)europol.europa.eu>
> To: 'Carlos Fria?as' <cfriacas(a)fccn.pt>, "'ncc-services-wg(a)ripe.net'"
> <ncc-services-wg(a)ripe.net>
> Subject: [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal
> (Publication of Legal Address of Internet Number Resource Holder) -
> updating the proposal?
> Message-ID:
> <ED32B03A4D1A7448B86844EED9D4845D4EA5C59B(a)COIMBRA.europol.eu.int>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Carlos,
>
> I understand the logic behind the protection of LIRs for competition reasons - however I am positively sure that this right cannot be considered anywhere close to the right to privacy and protection of individuals.
>
> Regarding your comment on the company change, I believe that the case of change of holdership should firstly have to pass the existing RIPE NCC due diligence checks for transfers/mergers. It would then still be useful to actually have the legal address of this new company, as it helps to identify the company who is the registered resource holder.
>
> Sara
>
> -----Original Message-----
> From: Carlos Fria?as [mailto:cfriacas@fccn.pt]
> Sent: 08 October 2018 23:50
> To: Marcolla, Sara Veronica
> Cc: 'ncc-services-wg(a)ripe.net'
> Subject: Re: [ncc-services-wg] @EXT: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder) - updating the proposal?
>
>
>
> On Mon, 8 Oct 2018, Marcolla, Sara Veronica wrote:
>
>> Hi everyone,
> Greetings,
>
>
>> All the comments exchanged in the list made me thinking a lot about the
>> wording of this proposal. I have noticed that the lively discussion
>> around the policy is bringing a lot of attention on the dichotomy
>> between the individual (which I agree completely, should be protected
>> in their fundamental rights, with provisions such as the GDPR and
>> others), and the company/corporation. It seems to me so far that many of
>> us would indeed support the idea of having the legal address published
>> of companies, but having concerns about personal data. The aim of this
>> proposal is indeed to focus on companies, not individuals, and even the
>> smallest company has to be registered as such (if not for other reasons,
>> for tax reasons). Individuals will be anyways protected by a
>> hierarchically higher set of rules: the fundamental rights, such as
>> those championed by GDPR for example.
> Well, LIR addresses are already published on the RIPE NCC's website.
> LIR's customers addresses may not be part of whois.ripe.net... well...
> i know some LIRs tend to protect their customers identity, to prevent
> competitors to approach them with better contractual conditions (this is
> not the case of the LIR i work for, which is a NREN)
>
>
>> At this point I am asking whether you support a proposal, the clarifies
>> that only the legal address of companies will be published, and that
>> states clearly that individuals information will be protected? After
>> all, the reasoning here is that if a resource holder is registered with
>> a national company registry, they have a legal address which can be
>> published. This legal address is usually publicly available anyhow and
>> can be then validated by the RIPE NCC.
> I see added value in "validation by the RIPE NCC", despite the natural
> cost this will bring...
>
> However, i wonder what should be the procedure if RIPE NCC finds that
> company X registers a new company Y in a different country/economy
> resorting to a "virtual office" address.
>
>
>> Looking forward to hear the feedback to this idea for an amendment to the proposal.
> Good luck!
>
>
> Best Regards,
> Carlos
>
>> Sara
>> *******************
>>
>> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
>> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>>
>> *******************
>>
>>
> *******************
>
> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>
> *******************
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 9 Oct 2018 10:13:48 +0200
> From: Nik Soggia <registry(a)telnetwork.it>
> To: "'ncc-services-wg(a)ripe.net'" <ncc-services-wg(a)ripe.net>
> Subject: Re: [ncc-services-wg] @EXT: 2018-05 New Policy Proposal
> (Publication of Legal Address of Internet Number Resource Holder) -
> updating the proposal?
> Message-ID: <e3905e73-8c1d-6784-e3a5-aacf47215507(a)telnetwork.it>
> Content-Type: text/plain; charset=iso-8859-15; format=flowed
>
> Il 08/10/18 17:46, Marcolla, Sara Veronica ha scritto:
>
>> After all, the reasoning here is that if a resource holder is registered with a national company registry, they have a legal address which can be published.
> Maybe the key to make everyone happy is the word "can" instead of
> "must". Why not make it optional?
>
> If companies are in good faith or they like the idea then they will use
> it, and they will also be happy to maintain the data.
> Otherwise it will be just a waste of time on another
> wrong/outdated/malicious dataset.
> How fun it is to check the validity of a validated address?
> Life is too short, right?
>
>> This legal address is usually publicly available anyhow and can be then validated by the RIPE NCC.
> Duplicating data instead of referencing it breaks the first database
> design rule.
> Companies are forced by law to keep their chamber of commerce data up to
> date. THAT is the best source of information and it is readily
> available. Don't reinvent the wheel.
>
> This proposal is can of worms:
> - same data in many places is difficult to maintain and prone to errors
> - doesn't stop bad actors
> - quickly provides massive information to data harvesters and scammers
>
> In my opinion this proposal is not the right way to identify a resource
> holder the way you dreamt.
> It's not a elegant solution and in general I have a bad feeling about
> it, imagine a blunt tool that not only will make a poor job but also
> will bring a lot of frustration.
>
> Ok for me if it is optional, otherwise I'm against.
> Regards,
>
6
7

@EXT: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder) - updating the proposal?
by Marcolla, Sara Veronica 09 Oct '18
by Marcolla, Sara Veronica 09 Oct '18
09 Oct '18
Hi everyone,
All the comments exchanged in the list made me thinking a lot about the wording of this proposal. I have noticed that the lively discussion around the policy is bringing a lot of attention on the dichotomy between the individual (which I agree completely, should be protected in their fundamental rights, with provisions such as the GDPR and others), and the company/corporation. It seems to me so far that many of us would indeed support the idea of having the legal address published of companies, but having concerns about personal data. The aim of this proposal is indeed to focus on companies, not individuals, and even the smallest company has to be registered as such (if not for other reasons, for tax reasons). Individuals will be anyways protected by a hierarchically higher set of rules: the fundamental rights, such as those championed by GDPR for example.
At this point I am asking whether you support a proposal, the clarifies that only the legal address of companies will be published, and that states clearly that individuals information will be protected? After all, the reasoning here is that if a resource holder is registered with a national company registry, they have a legal address which can be published. This legal address is usually publicly available anyhow and can be then validated by the RIPE NCC.
Looking forward to hear the feedback to this idea for an amendment to the proposal.
Sara
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
4
3

@EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder) - updating the proposal?
by Marcolla, Sara Veronica 09 Oct '18
by Marcolla, Sara Veronica 09 Oct '18
09 Oct '18
Hi Carlos,
I understand the logic behind the protection of LIRs for competition reasons - however I am positively sure that this right cannot be considered anywhere close to the right to privacy and protection of individuals.
Regarding your comment on the company change, I believe that the case of change of holdership should firstly have to pass the existing RIPE NCC due diligence checks for transfers/mergers. It would then still be useful to actually have the legal address of this new company, as it helps to identify the company who is the registered resource holder.
Sara
-----Original Message-----
From: Carlos Friaças [mailto:cfriacas@fccn.pt]
Sent: 08 October 2018 23:50
To: Marcolla, Sara Veronica
Cc: 'ncc-services-wg(a)ripe.net'
Subject: Re: [ncc-services-wg] @EXT: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder) - updating the proposal?
On Mon, 8 Oct 2018, Marcolla, Sara Veronica wrote:
> Hi everyone,
Greetings,
> All the comments exchanged in the list made me thinking a lot about the
> wording of this proposal. I have noticed that the lively discussion
> around the policy is bringing a lot of attention on the dichotomy
> between the individual (which I agree completely, should be protected
> in their fundamental rights, with provisions such as the GDPR and
> others), and the company/corporation. It seems to me so far that many of
> us would indeed support the idea of having the legal address published
> of companies, but having concerns about personal data. The aim of this
> proposal is indeed to focus on companies, not individuals, and even the
> smallest company has to be registered as such (if not for other reasons,
> for tax reasons). Individuals will be anyways protected by a
> hierarchically higher set of rules: the fundamental rights, such as
> those championed by GDPR for example.
Well, LIR addresses are already published on the RIPE NCC's website.
LIR's customers addresses may not be part of whois.ripe.net... well...
i know some LIRs tend to protect their customers identity, to prevent
competitors to approach them with better contractual conditions (this is
not the case of the LIR i work for, which is a NREN)
> At this point I am asking whether you support a proposal, the clarifies
> that only the legal address of companies will be published, and that
> states clearly that individuals information will be protected? After
> all, the reasoning here is that if a resource holder is registered with
> a national company registry, they have a legal address which can be
> published. This legal address is usually publicly available anyhow and
> can be then validated by the RIPE NCC.
I see added value in "validation by the RIPE NCC", despite the natural
cost this will bring...
However, i wonder what should be the procedure if RIPE NCC finds that
company X registers a new company Y in a different country/economy
resorting to a "virtual office" address.
> Looking forward to hear the feedback to this idea for an amendment to the proposal.
Good luck!
Best Regards,
Carlos
> Sara
> *******************
>
> DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
> Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
>
> *******************
>
>
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
1
0

@EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
by Marcolla, Sara Veronica 01 Oct '18
by Marcolla, Sara Veronica 01 Oct '18
01 Oct '18
Hi Nik,
I think the car analogy would work better in assuming that if the car is a "company car" and not a private vehicle, then the identity should be publicly available. We are not talking of individual rights, but.
For instance a lawyer's business address (or a dentist and so on) is publicly available - on registries, online, basically everywhere, however their home address not, and this without being a threat to a privacy, or individual rights.
Does it make sense to you?
Kind regards,
Sara Veronica
-----Original Message-----
From: ncc-services-wg [mailto:ncc-services-wg-bounces@ripe.net] On Behalf Of Nik Soggia
Sent: 28 September 2018 19:04
To: ncc-services-wg(a)ripe.net
Subject: Re: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder)
Il 28/09/18 17:36, Jeffrey Race ha scritto:
>> There must be a way to register the IP addresses to my company (that has
>> much less privacy rights than me), still preserving my personal rights.
>
> If you use a public resource your identity should be publicly available :)
Would it be ok for you to write your name and address on the windshield
of your car whenever you park it in a public street?
Isn't the number plate plenty enough?
Yes, to know where you live will require an additional step, and yes,
choosing who can access your data and who can't is the very foundation
of privacy. In this example cops are ok, passers-by meh...
My point is that sole proprietorships may become backdoors to sensitive
data. Big companies are not required to register the home address of
their legal representative, so why should small ones?
Let's just find a mechanism to preserve personal data from becoming
public domain.
Regards,
--
Nik Soggia - TELNET S.r.l. Phone: +39-0382-529751
Via Buozzi, 5 - 27100 Pavia, Italy Fax: +39-0382-528074
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
3
2