In message <CAN-Dau0jsZGD6fk4hM=p=tq8pUP501=knarfm_j7po9c5na...@mail.gmail.com> David Farmer <[email protected]> wrote:
>"Total transparency for everything" is nice hyperbole, but is not a >practical policy even for my university. We need practical policy proposals >with the details necessary to evaluate and implement them. That's a fair point, but I'm not sure it makes any difference, in the end, because transparency is clearly at odds with the vast majority of existing practice with respect to the way ARIN has always operated. In other words, I don't see it as being even plausibly realistic to either hope or expect the current and traditional level of cloak-and-dagger secrecy is at all likely to be lifted anytime soon. Too many people have too much invested in the current status quo. But I'll try to answer your question anyway, because, as I say, it's a fair question, even though this is all just an academic exercise, because too many parties have too much to hide, and thus, this will never actually go anywhere. >Exactly what information and at what level of detail do you want to be >included your total transparency? If you mean, that the reports we have to >give ARIN with the details of how all our current IP addresses are used... >... >Now if you want my university's audited financial records... I would most probably not want, and do not ask for anybody's network information. I would not want, and do not ask for anybody's detailed financial records, whether audited or not. I believe that I was already clear in my prior posts in this thread that from my perspective, the names and business addresses of all actual natural person "beneficial owners" of each non-publicly-traded non-natural- person entity that either requests, or that is awarded number resoures, either by ARIN or by any other RIR, is a resonable floor on the kind of information that should, by all rights, be a matter of public record. And indeed, such information should be a matter of public record not just as a way of limiting abuses of Internet number resources,... which its general publication would most certainly help to do... but also as a general matter, in order for ARIN to be consistant with current international anti- money- laundering directives, including but not limited to europe's 4AML and 5AML directives, as well as the U.S.'s current KYC requirements, as codified in the 2001 Patriot Act. Basically, I would like to see *all* RIRs conforming to *all* currently ratified national level KYC directives, worldwide, and I would like to see any and all documents produced to ARIN and/or to any other RIRs in order to resonably and properly identify any customer thereof to be a matter of public record, available for public viewing on the Internet. https://en.wikipedia.org/wiki/Know_your_customer This simple proposal, if adpoted, would lift ARIN and the other RIRs out of the realm that they currently inhabit, and that they have always inhabited, i.e. the realm of shadows, shell companies, and all manner of secretive (and often criminal) skullduggery. Why should banks be required to know their customers, to obtain photocopies of the passports of sweet harmless little old ladies who only want to deposit five pounds for their grandchildren's college fund, while persons of entirely unknown origin, means, and motives are routinely granted /18 blocks or larger on this thing we call the global Internet? This is madness on the face of it. This is the worst aspect of a secretive "old boys club" which has been, due to inertia, catapulted into the 21st century and which is now unambiguously and provably being exploited by numerous Bad Actors with sinister and, as I say, often outright criminal motives. Anyone who denies that there is a problem here isn't looking at what I am looking at and also isn't looking at the data that John C. and his crew found and that began this whole thread and that gave rise the proposal being debated, which now requires the ARIN memberhip to design, on the fly, some new restriction on the allocation process that might thwart those seeking to game the system. But we don't even know and aren't even being told who it is that we are hoping to thwart! (And that is also, arguably, madness.) I hope that I have clarified what I mean by "transparency" in this context. It should not be in any serious doubt to anyone here that he current open market price of a single /16 block is now in excess of $1 million USD. Given that, and the ease with which one can make off with one of those, by hook or by crook, perhaps piece-by-piece, a little at a time, from behind an impenetrable shell company facade, and using a fountain pen rather than a gun, why would any sane criminal -or- any sane capitalist feel the need to either rob or swindle anyone or anything at the present moment in time, when they could instead so easily and -legally- obtain sizable chunks of ill-gotten gains simply by playing the IPv4 game, all while never even having to reveal their true identities? Regards, rfg P.S. Regarding your network details... I'm not persuaded that having those become a matter of public record would materially detract from your -actual- (as opposed to perceived) network security. I think that one would need to have a belief, at some level, in the power of "security by obscurity" in order to believe otherwise. And anyway, what documentation have you ever given to ARIN that could be levereaged against your network security that could not just as easly be obtained by a deternmined attacker armed with your public WHOIS records and a decent network scanner? Your public IPs are, by definition, all public, right? I mean they are routed on the global Internet, right? If there's some secrect burried in your University's confidential ARIN paperwork that would of use to some teenager in Botswana or some crypto- crook in Moscow as they attempt to break into your records department, and if this -isn't- something that they could learn just from your WHOIS records and simply scanning all of your publicly routed CIDRs then I, for one, would sure like to have you tell me what that is, in gneral terms of course. P.P.S. One of the more regretable features of American popular news media is that very little of importance about the outside world even manages to penetrate into the American consciousness. For those of you... probably a majority... who missed it, please allow me to suggest that you google for "Danske Bank" or "Deutsche Bank" or "Swedbank" and start reading. When you get done doing that, try also "1MDB". If you are too laxy to read, there are plenty of YouTube video covering these various epic financial scandals also. _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
