As far as ARIN having access, you are right, ARIN itself has the right to
the CPNI data on assigned IP resources, but not the right to make it
publically accessable to the world. The OP has confirmed that the issue
is the CPNI rules.
there already exists specific CPNI
exception that a carrier may permit access to customers??? CPNI when
necessary for provision of the telecommunications service.
This is the problem. ARIN is not a carrier. While disclosure to ARIN to
obtain number resources for the connection is OK, Public disclosure by or
at the direction of ARIN policy of elements like domain name, name,
address and telephone number is not. Since name, address, telephone
number and domain name have already been identified have been defined in
the order as elements of CPNI that are protected, world disclosure by ARIN
or because of ARIN rules would not be a protected disclosure.
The ISP might also be in trouble for providing the information to ARIN, if
they know that ARIN intends to publish this information in a public
directory, rather than disclosing it to ARIN solely to maintain number
resources. As suggested by the OP, might have to call them customer 1-n.
However that would violate the NRPM as written. Since the City, State and
Zip Code are part of the address, even the "protected" residential records
CPNI are being disclosed in violation of the CPNI Order.
There is a big difference between disclosure to ARIN for taking care of
numbering policy, and disclosure to the entire world. Third party
disclosure is the main thing that the CPNI rules are intended to address.
That is only permitted when it is needed for the provision of service.
In the telecom world, a circuit from A to B might go from ILEC A to
Interexchange Carrier, then to ILEC B at the other end. Disclosure to
each is permitted, as it is required for having the service. Publication
of information regarding this circuit to other parties or the world is
not. There is a large body of case law regarding CPNI disclosure, and
maybe this is what the OP was talking about.
I read the FCC1524A1 order, and while it does say that the FCC will not
assert jurisdiction over the assignment or management of IP addresses, I
see nothing in the order that would allow ARIN to insist that the
assignments must be recorded in a public directory, where neither the
customer has consented. The FCC has specifically been ruled that elements
name, address and telephone number are protected CPNI. The customers are
NOT ARIN members, so there is no contractual agreement with those parties
to allow this disclosure.
Maybe I am missing something, but my read of the order does not seem to
grant ARIN the rights to EVER publish CPNI to third parties without
consent. I have looked for the WISPA comments on line to find out exactly
what the issue identified is, but I have not been able to find it.
Information from the OP seems to state that I have found the correct order
on CPNI.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
On Mon, 17 Jul 2017, John Curran wrote:
On 17 Jul 2017, at 1:04 AM,
hostmas...@uneedus.com<mailto:hostmas...@uneedus.com> wrote:
John,
I think this is the FCC ruling he speaks of, and it does seem to shut down
public disclosures of most of what is contained in SWIP/WHOIS without customer
consent. This has been the rule for regular phone calls for a long time,
called CPNI. Until today I did not realise the FCC extended this to the
internet. It also appears that even someone with a contract with ARIN could
require ARIN to restrict their data from third party disclosure, as it states
that private contract provisions cannot override the right to insist on privacy.
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf
It looks like static and even dynamic IP addresses and MAC addresses are
considered protected information. IP addresses are the bread and butter of
ARIN. Domain names are protected, thus Email addresses are protected since they
contain a domain name, and they have also ruled that name, address and
telephone numbers are protected as well. They even talk of DNS lookups being
protected.
It kinda looks like the FCC has made a large part of SWIP/WHOIS unlawful with
this order unless ARIN has been given consent by each holder of the
information, even if they are a current member under contract.
Albert -
The FCC is well aware of the Internet Numbers Registry System and
our processes for management of IP addresses, and their recent Open
Internet/Title II reclassification order specifically acknowledges that the
Title II change of broadband services does not assert their jurisdiction
over the assignment or management of IP addressing -
"This definitional change to our regulations in no way asserts
Commission jurisdiction over the assignment or management of IP
addressing by the Internet Numbers Registry System.??? (Reclassification
Order ?? 391, note 1116)
<http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0403/FCC-15-24A1.pdf>
The Order makes plain that the use of ???public IP addresses??? from the
Internet Numbers Registry System are an element used in the provision
of broadband Internet services, and there already exists specific CPNI
exception that a carrier may permit access to customers??? CPNI when
necessary for provision of the telecommunications service.
If ISPs can provide Internet services without use of IP addresses, then
then permitting access to that customer information would not meet the
limited exception, but that does not appear to be practical (and particularly
not with respect to the IP address blocks which are routed on the public
Internet, as being discussed in some variations of this draft policy)
ISP???s who have a concern in this area should obtain their own legal advice,
but compliance with community-developed registry policy is a prerequisite
for access to the public IP addresses, and our review notes that such access
is a necessary and required element for the provision of Internet services
and thus should fall without the limited CPNI exception that is provided.
(If somehow you can provision Internet services without the use of public
IP address, then availability of the ???necessary for provision??? exception
would
not be the case, but then again, you also would not need to worry about
access to or compliance with the Internet Number Registry System???)
Thanks,
/John
John Curran
President and CEO
American Registry for Internet Numbers
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.
