> On 25. Aug 2021, at 17:17, Ronald F. Guilmette <r...@tristatelogic.com> wrote: > > In message > <capfiqja8gfitnzuavctxfyowvngisq7ft8pq8fewf91+tq2...@mail.gmail.com> > Leo Vegoda <l...@vegoda.org> wrote: >> >> Are you making a proposal for the RIPE NCC to change the way it >> operates, or something else? > > I only wish that I could even answer that question. Sasdly, I cannot, for > the simple reason that the various RIPE legal, policy, and procedure > documents which I have seen so far, and which other people have been kind > enough to point me to, have not served to clarify what the current policy > with respect to corporate registration documents, or if there even exists > a current policy with respect to those documents. (My sense is that there > currently exists -no- policy relating to those documents.) > > It would be technically inaccurate, I think, and a misuse of the English > language to say that I desire to see a change to something which does not > now even exist. > > > Regards, > rfg
I really have no idea where this discussion is heading, I am not a lawyer, etc. etc, but let me play "devil's advocat" and be a bit provocative :-) * My ad-hoc assumtion for any organization would be that any partner/ member/customer information is confidential unless the affected parties have agreed to make it public. viz. https://www.ripe.net/publications/docs/ripe-733#31 From one of your yesterday's emails: > *) The first sentence makes a quite sweeping and a quite generalized > assertion > and yet provides exactly -zero- references to support the assertion. > > From whence does this alleged "duty of confidentiality" arise? From > law? > If so, which law and in which jurisdiction? Jurisdiction, at least, is easy. RIPE-673 (initially quoted by you but outdated) and all it's successor documents until the current RIPE-745 state in the very last section: Article 11 – Governing Law 11.1 All agreements between the RIPE NCC and the Member shall be exclusively governed by the laws of the Netherlands. https://www.ripe.net/publications/docs/ripe-673 https://www.ripe.net/publications/docs/ripe-745 > *) Isn't the publication of WHOIS information a quite apparent and obvious > violation of this purported "duty of confidentiality"? Or whould that > be more accurately referred to as "the exception that proves the rule"? > > Could there be other and as-yet unenumerated exceptions to the general > rule? I would not consider this an exception. What goes into WHOIS and/or into the RIPE database is well documented and can be known in advance by anyone applying for resources. This https://www.ripe.net/manage-ips-and-asns/db/support/highlighted-values-in-the-ripe-database e.g. explicitly mentions the distinction between public and confidential resource holder data. > My points above are, of course, pertaining only to information relating to > legal > entities other than natural persons, for whom GDPR is controlling. I should > say > also that although some may view me as nitpicking, these matters are of grave > and serious concern, not just to me, but also to law enforcement and "open > source" > researchers everywhere. Hmmm ... to put it bluntly: * If you are law enforcement, get a warrant. * If you are an "open source researcher", why should RIPE feel any obligation to cater for your personal research needs? Just because there might be non-competitive information that the RIPE NCC is not obliged to keep confidential does not mean it is obliged to make it publicly available, either … … well, unless you are making a proposal for the RIPE NCC to change the way it operates, as suggested earlier :-) As I said in the beginning, intentionally provocative (and not necessarily my personal opinion everywhere) … just because I can. Cheers -Andi
