This tirade about Ronald is if anything, quite overblown Various csirt reps for example, and Richard Clayton, have raised valid concerns with your proposal.
It is still quite likely to pass, like many such proposals in the past, because of the old boy network that passes for rough consensus in the ripe community - the same sort of rough consensus that led several wg chairs and other ripe “names” to just happen to be in the room in time for a “any other business” session whose agenda was to drop Richard Cox from his co chair role. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-boun...@ripe.net> on behalf of denis walker <ripede...@gmail.com> Sent: Tuesday, June 7, 2022 12:59:10 PM To: Ronald F. Guilmette <r...@tristatelogic.com> Cc: anti-abuse-wg <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] personal data in the RIPE Database On Tue, 7 Jun 2022 at 01:45, Ronald F. Guilmette <r...@tristatelogic.com> wrote: > > In message > <cakvlzufugogedxka00eyc0wpw9q1yoo+bijsvzvh6peypp6...@mail.gmail.com> > denis walker <ripede...@gmail.com> wrote: > > >The bottom line is that there are honest, law abiding people who are, > >or would like to be, resource holders but are exposed to considerable > >personal danger by making their name and address public. We must take > >the personal privacy issue seriously... > > These are exactly the central fallacies that have driven and that are > driving so much of the GDPR-inspired "privacy" fanaticism that's coming > out of Europe these days. > > Who exactly are these unspecified "law abiding people" and what is it, > exactly, that is preventing them from taking measures on their own > (such as renting a P.O. box) to protect themselves and their privacy? Go for it Ronald, keep plugging those PO Boxes, like the ones that "rendered almost all of the information that is now available in *domain name* WHOIS records virtually entirely worthless". > > I do not dispute for a moment that there are many people, most notably > journalists, many of whom I have had the pleasure to work with (and even > some inside of Russia) whose freedom & lives could be endangered by > publication of their exact whereabouts. And yet this current proposal > was not, as far as I know, generated by any of *them*. *They* already know > all about the many readily available ways at their disposal to avoid having > their exact whereabouts published. (And God help us all if they ever have > to rely on the good graces of RIPE to protect their locations!) No idea what you are talking about... > > Perhaps even more to the point, I'd like to see any actual Venn Diagram > which would show us the -actual- (as opposed to postulated, by the > privacy fear-mongers) overlap between the set of people who need any > kind of anonymity and/or protection of their location info and the set > of people who ALSO provably *need* to have RIPE number resources. > > Oh! Nevermind! Conveniently, some kind soul on the Internet has already > generated & published this exact Venn Diagram: > > https://www.amcharts.com/docs/v4/wp-content/uploads/sites/2/2020/02/image-768x377.png Trivialising serious issues doesn't help anyone > > So this is really the first-order fallacy: The assertion, without a single > shred of supporting proof offered, that there exists some tiny minority of > people who both (a) need either anonymity or else secrecy as regards to > their actual physical address, and who also (b) need to have RIR number > resources. I spoke to two at the recent RIPE Meeting > > If we are to believe this alarmist point of view, even, as it is, backed up > by zero actual evidence, then we must accept on blind faith that there > are some journalists or other "activists" who need to get their stories > out to the public but who cannot use *any* form of existing social media > to do that, and who cannot even do it via some shared or dedicated web > hosting arrangement. No no! We must believe that there are, somewhere > out there, activists and/or journalists who both (a) have reason to fear > for their physical safety and who also (b) really need at least an ASN or > a /24 or else they will be as good as gagged, for all practical purposes. > > This is clearly nonsense on the face of it. We are blessed to live in an > era where communication... even mass communication... has never been easier > OR more widley available. And yet the contention is that edgy activism and/or > journalism will be entirely wiped from the map if the person who wants to > distribute a controversial newsletter cannot get hold of an entire /24. > Rubbish. Again, no idea what you are talking about... > > It is this exact sort of illogical thinking that has led to a situation, > in Europe, where you now can't even know if the new neighbor who just > moved in next door to you is a previously convicted serial pedophile. > You aren't allowed to know because your newspapers are no longer allowed > to print even just the names of convicted serial sexual predators, much > less their photographs. > > Why any of you folks in Europe ever thought that this would be a good idea > is, I confess, beyond me. You have placed this newfound fetish for "privacy" > above the competing societal values of free speech, freedom of the press, > transparency in public affairs, and the individual citizen's right to know. > So now you have to live with the downsides of those value choices. But > those obviously dubious value choices DO NOT have to spill over into the > public RIPE WHOIS data base. And they will only do so if the same inability > to judge fairly the cost/benefit ratio is sold to the membership at large > by the privacy extremists. More irrelevances... > > And now, at last, we come to the second absurd fallacy driving this debate. > I quote: "We must take the personal privacy issue seriously..." > > Simple question: Why? Who says we do? The society WE live and operate in!! > > Did the EU Council pass a resolution while I was sleeping which has rendered > RIPE legally responsible for the privacy of its members or their physical > addrsses? If so, I didn't get the memo. You must have been sleeping for a long while, the GDPR was introduced in May 2018. This regulation requires that publishing the personal address of natural persons in a public database must be supported by one of the purposes of this database. None of the defined purposes covers publishing this personal data to the general public. Sorry you didn't get the memo. > > Seriously, who exactly is "we" and when did "we" become legally, ethically, > or morally responsible for hiding the physical addresses of members who > could, as I have noted above, quite easily take care of this on their own? Keep plugging away and you'll soon have the database full of PO Box addresses... > Was RIPE actually responsible for hiding physical addresses for all of > the past 20 odd years of its existance, but for some strange reason we are > only finding out about it now? Basically yes. There was data protection legislation before the GDPR that applied to the RIPE Database. We had a Data Protection Task Force looking into this around 2010. At that time the RIPE NCC was only just establishing an in-house legal council. So much of the ground work was done by engineers without any legal training and external lawyers without much knowledge of the RIPE Database. We laid the foundations but many aspects were overlooked. The introduction of the GDPR in 2018 was a trigger point to revisit this issue. There have been many presentations and discussions over recent years culminating in this policy proposal. Do try and keep up Ronald. > > Again, I think not. Nothing has changed, morally, eithically, or legally, > about RIPE's responsibilities to its members since last week. Any suggestion > to the contrary is just an expression of a political viewpoint, not a > statement of any actual fact. You are clearly not keeping up... > > Also, and more importantly, the old saying is "God helps those who help > themselves." That may be important to you, it is completely irrelevant to me and this discussion. > Members, if there even are any, who fall into the unique > overlapping categories of those who are (a) concerned for their physical > safety and also (b) unable to communicate AT ALL without their own private > /24, can today, and could, at any time over the past 20 years, rent a P.O. > Box and use that as their "physical address". If anyone can disprove that > statement, I'm all ears. If, on the other hand, I am right about that, > then I will simply reiterate again that the proposal to redact addresses > from the RIPE data base is a solution in search of a problem. Keep going...the PO Box count is rising... cheers denis proposal author > > > Regards, > rfg > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
-- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
