Hi,
I’m out of office till 22 August. Any RIPE Labs related queries can be sent to
l...@ripe.net and one of my colleagues will get back to you.
Cheers,
Alun
On 22 Aug 2022, at 07:51, Alun Davies via db-wg <db-wg@ripe.net> wrote:
> Hi,
>
> I’m out of office till 22 August. Any RIPE Labs related queries can be sent
> to l...@ripe.net and one of my colleagues will get back to you.
>
> Cheers,
> Alun
>
> On 22 Aug 2022, at 07:43, Alun Davies via db-wg <db-wg@ripe.net> wrote:
>
> Hi,
>
> I’m out of office till 22 August. Any RIPE Labs related queries can be sent
> to l...@ripe.net and one of my colleagues will get back to you.
>
> Cheers,
> Alun
>
> On 4 Aug 2022, at 14:25, denis walker via db-wg <db-wg@ripe.net> wrote:
>
> Colleagues
>
> I have spent some time thinking about the wording of the current
> purpose of the RIPE Database in relation to geolocation services. In
> some ways the purposes are very loosely written. That means they are
> open to interpretation. I think they can be interpreted to cover the
> "geofeed:" attribute. Some people have expressed this view but it is
> not sufficient to just say it, you need to justify the viewpoint. I
> will attempt to do that.
>
> "Facilitating coordination between network operators (network problem
> resolution, outage notification etc.)"
>
> The first point is the 'etc'. That means the example list is not
> exclusive. It doesn't even define the types or categories of
> coordination. So basically any coordination between network operators
> is included.
>
> 'Facilitating' means 'to make things easy'. So the database exists to
> make any coordination activity between network operators easy.
>
> So in what ways is "geofeed:" going to make it easy for network
> operators to coordinate some activity? One of the ways network
> operators have talked about how they want/need to use "geofeed:" data
> is to provide content based on location of an IP address.
>
> If a content providing network operator wishes to offer this content
> to anyone in a specific location, that can be seen as a coordination
> activity. The content provider can coordinate with other network
> operators to establish that their customers are within this location
> so they can access this content. If this interpretation is accepted by
> the community then the context has changed. The legal team can now
> reassess their advice in the context that the use of the "geofeed:"
> data is now covered by the existing database purposes.
>
> But there are other questions that the legal team also needs to
> consider. The "geofeed:" attribute references data external to the
> RIPE Database that neither the RIPE NCC nor the RIPE community has any
> control, management or perhaps even influence over. This data may
> contain PII. Although the maintainer of that external data is
> responsible for its content, does the RIPE NCC have any (joint)
> accountability or liability as the data controller and facilitator of
> the RIPE Database? Nic Handles are considered to be PII as they
> reference objects that contain PII. But these objects are also
> contained within the RIPE Database. The geofeed csv files are external
> to the RIPE Database. Do the references to them still constitute PII?
>
> Given that we are currently discussing a policy proposal governing the
> use of personal data in the RIPE Database, here we have a mechanism
> where resource holders can publish full postal address details of end
> users who are natural persons and link that published data to the
> resources in the RIPE Database. Given that these files are published
> by holders of RIPE resources and referenced by the RIPE Database,
> should the content of these files follow RIPE policies? (I'm not
> suggesting any validation of the contents, but perhaps resource
> holders should be responsible for applying policies to this content.)
>
> The T&C is a legal document. In the event of any dispute, lawyers make
> a lot of money by analysing and interpreting documents like this.
> Although the loosely written purposes may now be interpreted to cover
> geolocation data, there are still significant problems with the way
> the purposes are written. A review would still be beneficial.
>
> The T&C are mostly in the background during day to day operations.
> Just as the terms of an insurance policy can be irrelevant for years.
> The one time it matters is when you want to make a claim, or in the
> case of the database if someone ever makes a legal challenge over any
> aspect of its use or content. At that point, if the purposes can be
> widely interpreted, then the outcome is uncertain. It would be
> advantageous to all parties if the purposes were clear and precise
> with little room for interpretation. Whenever this issue is raised
> some people make the cynical comments that there has never been any
> legal challenge and there is no queue of people waiting to do so and
> common sense has always prevailed (in the past). It only needs one.
> Other RIRs have been involved in legal actions. Don't wait until your
> house is flooded before checking your insurance policy to see if you
> are covered.
>
> Another clear issue with this purpose's wording is that use of contact
> details in the database is only allowed by network operators to
> contact other network operators ("between network operators"). In this
> sense the purpose is very precise. Use of contact details by the
> public, non member organisations, investigators, CSIRT teams (unless
> they are also operators) and LEAs is not allowed under these T&C.
>
> Something to think about...
>
> cheers
> denis
> co-chair DB-WG
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change
> your subscription options, please visit:
> https://lists.ripe.net/mailman/listinfo/db-wg
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change
> your subscription options, please visit:
> https://lists.ripe.net/mailman/listinfo/db-wg
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change
> your subscription options, please visit:
> https://lists.ripe.net/mailman/listinfo/db-wg
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/db-wg
