In message <
48758939-BB53-43FF-8855-49C1AF18B017@v6x.org>,
=?utf-8?Q?Andreas_H=C3=A4rpfer?= <
ah@v6x.org> wrote:
I really have no idea where this discussion is heading, I am not a lawyer,
etc. etc, but let me play "devil's advocat" and be a bit provocative :-)
That's fair.
* My ad-hoc assumtion for any organization would be that any partner/
member/customer information is confidential unless the affected parties
have agreed to make it public.
viz. https://www.ripe.net/publications/docs/ripe-733#31
I note again that you are citing a Section (3.1) of a document that relates
to the IP address allocation process. The title of the document is "IPv4
Address Allocation and Assignment Policies for the RIPE NCC Service Region".
3.1 Confidentiality
Internet Registries (IRs) have a duty of confidentiality to their
registrants. Information passed to an IR must be securely stored and
must not be distributed wider than necessary within the IR. When
necessary, the information may be passed to a higher-level IR under
the same conditions of confidentiality.
I would argue that BY DEFINITION the above assurances relate to information
provided as part of a justification for IPv4 address space, and that they
thereore do not apply to information submitted to RIPE NCC, much earlier,
as part of the package of information that RIPE NCC requires in order to
transform a prospective new member into an actual RIPE member. That trans-
formation, of a prospective member into an actual one, is clearly a separate
and different process, and one to which the confidentiality commitment
expressed in the above quoted passage cannot reasonably be construed to
apply.
Jurisdiction, at least, is easy. RIPE-673 (initially quoted by
you but outdated) and all it's successor documents until the current
RIPE-745 state in the very last section:
Article 11 - Governing Law
11.1 All agreements between the RIPE NCC and the Member shall be
exclusively governed by the laws of the Netherlands.
We agree.
Please note that The Netherlands does itself operate a *public* national
corporate registry, one from which anybody anywhere in the world can fetch
basic incorporation documents, albeit subject to a small fee per document.
(I myself have used this web-based public service on multiple occasions in
order to obtain various Dutch incorporation documents.)
It would seem that the jurisdiction of The Netherlands has no problem with
the notion of making basic incorporation documents public. Why then should
RIPE deviate from that admirable national standard? (That transparency
with respect to basic incorporation documents is not by any means unique
to the Netherlands, by the way. Rather, this rudimentary transparency is
the widely-accepted norm throughout essentially the entire civilized world.)
*) Isn't the publication of WHOIS information a quite apparent and obvious
violation of this purported "duty of confidentiality"? Or whould that
be more accurately referred to as "the exception that proves the rule"?
Could there be other and as-yet unenumerated exceptions to the
general rule?
I would not consider this an exception. What goes into WHOIS and/or
into the RIPE database is well documented and can be known in advance
by anyone applying for resources.
What are you saying, exactly? Are you claiming that members, e.g. ones
allegedly incorporated in some of the world's more opaque jurisdictions,
such as Belize, etc., have either some expectation, or perhaps even some
right to expect that even the bare minimum facts regarding their corporate
existance shall be preserved as a deep dark secret, AND one which RIPE NCC
is somehow obliged to become a co-conspirator in hiding from the world?
As noted above, the people and the government of The Netherlands don't
appear to have any problem with making basic incorporation documents
public. Why then should RIPE? Is RIPE attempting to emulate the ignoble
example of FIFA by going out of its way to be opaque, and by so doing,
either tacitly or consciously facilitating God only knows what?
Basic incorporation documents are neither "sensitive" nor relevant to
the competitiveness of any given member. As I have said, if you have
incorporated as "XYZ Widgets" in the Duchy of Grand Fenwick, how does
that information being public either hurt you or help your competitors?
Clearly it does neither, thus renderding any pointless and unnecessary
secrecy about such basic documents on RIPE's part, nothing other than an
additional tool in the toolboxes of bad actors, including some that, even
as we speak, are attempting to bring down the entire edifice of the global
system of Regional Internet Registries, including RIPE.
Regards,
rfg