On 17 Jul 2017, at 1:04 AM, hostmas...@uneedus.com<mailto:hostmas...@uneedus.com> wrote:
John, I think this is the FCC ruling he speaks of, and it does seem to shut down public disclosures of most of what is contained in SWIP/WHOIS without customer consent. This has been the rule for regular phone calls for a long time, called CPNI. Until today I did not realise the FCC extended this to the internet. It also appears that even someone with a contract with ARIN could require ARIN to restrict their data from third party disclosure, as it states that private contract provisions cannot override the right to insist on privacy. http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf It looks like static and even dynamic IP addresses and MAC addresses are considered protected information. IP addresses are the bread and butter of ARIN. Domain names are protected, thus Email addresses are protected since they contain a domain name, and they have also ruled that name, address and telephone numbers are protected as well. They even talk of DNS lookups being protected. It kinda looks like the FCC has made a large part of SWIP/WHOIS unlawful with this order unless ARIN has been given consent by each holder of the information, even if they are a current member under contract. Albert - The FCC is well aware of the Internet Numbers Registry System and our processes for management of IP addresses, and their recent Open Internet/Title II reclassification order specifically acknowledges that the Title II change of broadband services does not assert their jurisdiction over the assignment or management of IP addressing - "This definitional change to our regulations in no way asserts Commission jurisdiction over the assignment or management of IP addressing by the Internet Numbers Registry System.” (Reclassification Order ¶ 391, note 1116) <http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0403/FCC-15-24A1.pdf> The Order makes plain that the use of “public IP addresses” from the Internet Numbers Registry System are an element used in the provision of broadband Internet services, and there already exists specific CPNI exception that a carrier may permit access to customers’ CPNI when necessary for provision of the telecommunications service. If ISPs can provide Internet services without use of IP addresses, then then permitting access to that customer information would not meet the limited exception, but that does not appear to be practical (and particularly not with respect to the IP address blocks which are routed on the public Internet, as being discussed in some variations of this draft policy) ISP’s who have a concern in this area should obtain their own legal advice, but compliance with community-developed registry policy is a prerequisite for access to the public IP addresses, and our review notes that such access is a necessary and required element for the provision of Internet services and thus should fall without the limited CPNI exception that is provided. (If somehow you can provision Internet services without the use of public IP address, then availability of the “necessary for provision” exception would not be the case, but then again, you also would not need to worry about access to or compliance with the Internet Number Registry System…) Thanks, /John John Curran President and CEO American Registry for Internet Numbers
_______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
