John,
I think this is the FCC ruling he speaks of, and it does seem to shut down
public disclosures of most of what is contained in SWIP/WHOIS without
customer consent. This has been the rule for regular phone calls for a
long time, called CPNI. Until today I did not realise the FCC extended
this to the internet. It also appears that even someone with a contract
with ARIN could require ARIN to restrict their data from third party
disclosure, as it states that private contract provisions cannot override
the right to insist on privacy.
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf
It looks like static and even dynamic IP addresses and MAC addresses are
considered protected information. IP addresses are the bread and butter of
ARIN. Domain names are protected, thus Email addresses are protected since
they contain a domain name, and they have also ruled that name, address
and telephone numbers are protected as well. They even talk of DNS
lookups being protected.
It kinda looks like the FCC has made a large part of SWIP/WHOIS unlawful
with this order unless ARIN has been given consent by each holder of the
information, even if they are a current member under contract.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
On Mon, 17 Jul 2017, John Curran wrote:
On 16 Jul 2017, at 8:46 PM, Paul McNary <[email protected]> wrote:
Hello
This is probably targeted to John and the ARIN staff
I was reading some articles today. Under the current net privacy rules and
proposed
net neutrality rule making goes through or even if not, we are not allowed to
put
customer data in a publicly accessible data base. I don't think we are even
allowed
to provide that information to a third party without our customer's written
opt-in.
You can only get the IP "address holder's" information because of the contract
we
have with ARIN where we give up that right of privacy. So you can make us give
you
that information but you can not force us to break the law, if the end user
doesn't have a
contract with ARIN. Even if we would SWIP a current /24 and their information is
disclosed to a third party (ie ARIN) and the end user doesn't have a contract
with
ARIN, I think we are in violation of the Internet privacy rules as they are and
have been.
John, can you and the ARIN staff get a written clarification from FCC about
this.
It basically guts the privacy rule making if SWIP is performed on a customer
who does not give written approval.
What am I missing? The WISPA lawyers say we are still required to follow the
Internet policy rule making.
Paul -
ARIN obviously does not require you “to break the law”, but to be able to
further
pursue this matter we’re going to need a bit more information.
Do you have a reference for the particular law or rulemaking proceeding that
the WISPA lawyers assert is in conflict? I would be happy to speak with
them
directly if that would help – email me appropriate contact information when
you
have a moment.
Thanks!
/John
John Curran
President and CEO
ARIN
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
