Re: [anti-abuse-wg] personal data in the RIPE Database
Hi Hans-Martin and Matthias [I have merged both your emails into one to address all your points.] Thanks guys for being the first people to start to address the question I have been pushing, which is "Why" do we need to identify resource holders? I had this in the back of my mind when I wrote the policy proposal but I didn't want to be the one to say it. I was hoping to hear it from other members of the community. Now we have it on the table. On Fri, 3 Jun 2022 at 10:29, Hans-Martin Mosner via anti-abuse-wg wrote: > > Am 31.05.22 um 15:12 schrieb denis walker: > > Colleagues > > > > I have raised an issue on the DB WG mailing list about publishing in > > the database the identity of natural persons holding resources. > > There are conflicting interests at work here. In your proposal, you mention > the need to contact resource owners, which > is probably accepted by most. > > However, besides wanting to contact someone, there is a legitimate need to > identify bad actors and shun them with > whatever means at your disposal (SpamAssassin rules, IP blocks, nullroutes, > whatever). I do not want to communicate with > them, just as I don't want to discuss with burglars about their actions! This is starting to explain reasons why we need to identify resource holders, even natural persons. > > So, a mere contact database (which could contain fully anonymized forwarding > addresses through a "privacy provider", > like it's nowadays common for whois entries) would work for the purpose of > contacting someone, but it does not work for > identifying who can be held accountable for abuse emitted from a network > range. I think there is general agreement that as long as a contact is contactable there is no need to identify the natural persons operating in that role. Accountability, and any subsequent enforcement action, needs an identity. This is the key element of why resource holders, even natural persons, need to be identifiable. Further questions still need to be answered like to what degree should they be identifiable, by what means and to who? > > For resources allocated to legal entities (companies, organizations, etc.) an > identification of the organization should > be mandatory. This does not need to include personal data on employees that > happen to be responsible for network or > abuse issues, I'm fine with role accounts here. So in this case, no objection > to eliminate personal data (which often > becomes stale anyway after some years). Again I think there is general agreement that for resource holders that are NOT natural persons the name, address and legal country must be included in the public data. > > However, resources allocated to private persons are a bit different. I > suppose very few private persons hold a /24 > network range, and if they do, they probably fall squarely in the area of > operating a business or other publicly visible > enterprise under their personal name, and in many jurisdictions they are > required to do so with identifying information. > For example, in Germany you can't even have a web page without an imprint > containing the names of people responsible for > the content if you address the general public, and if you do business of any > kind and you're not a corporation, you must > do so under your name. There are far more natural persons holding resources than you think. Looking at the membership list on the RIPE NCC's website, all the members are listed and you can see the natural persons. It has been argued that even if a natural person's details are listed on some other public business register, that alone is not a reason to publish those details in the RIPE Database. So what personally identifiable info should we publish about a natural person holding resources and what should we do with the rest of the currently available public info? Would it be reasonable to publish the name but not publish the (full) address publicly? Now I looked back at a presentation made by EUROPOL at RIPE 73 https://ripe73.ripe.net/archives/video/1501/ They were very clear that the address of resource holders is also very important to LEAs in their investigations. So I am going to make a controversial suggestion here. Currently we have two categories of registry data, Private and Public. The Public data is available to LEAs and their use of it is covered by agreed purposes of the RIPE Database defined in the Terms & Conditions. For Private data they need to get a court order, which is an expensive and time consuming process. Suppose we add a middle category Restricted data. This could be data like the address of natural persons who hold resources. Data that is now public but we are proposing to take out of the public domain. We could allow LEAs (and maybe other recognised public safety agencies) to continue to have access to this Restricted data without a court order. (There are technical ways of doing this which are out of scope for this discussion.) I know a
Re: [anti-abuse-wg] personal data in the RIPE Database
Hi Ronald, All, On Sat, 4 Jun 2022, Ronald F. Guilmette wrote: (...) Of course this is just the EU/AML part. For now I won't even go into the story of the time law enforcement officers showed up at RIPE headquarters in 2009 and started asking questions in connection with a money laundering investigation they were working on... which apparently involved RIPE itself. Never heard anything about it. Any online references? Regards, Carlos -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
In message <5f2f5fec-15cd-a307-dac4-366dd76b6...@heeg.de>, Hans-Martin Mosner wrote: >> If you say yes to both, then I am compelled to point out there there is, >> as far as I understand it, *no* requirement, within the RIPE region, at >> present for there to be *any* correlation between what appears in any >> public RIPE WHOIS record and the actual bona fides of the corresponding >> member, the -actual- identity o which remain secret & hidden behind an >> opaque wall of stony silence, backed up by RIPE's legal counsel. > >I can't really judge this, but I see why that is your point of view. It isn't a point of view. It's a simple fact and easy enough to verify. Members are allowed to put any garbage they like into their WHOIS records. Nobody will stop them, nobody will police them if they do this, and there exists no policy, rule, procedure, or mechanism to correct the WHOIS records if they contain absolute horse manure. And if you or I suspect that someone has in fact put inaccurate garbage into their WHOIS records, you can ask the ever helpful folks at RIPE NCC to let you see the actual bona fides documents that the corporate entity in question gave to RIPE NCC when it first became a RIPE member. You can ask, and you will be told to get lost, because that is considered to be "secret" and "confidential" info. Again, I'm talking about non-person CORPORATE entities here. And again, I'm talking about corporate legal registration documents... documents which SHOULD BE PUBLIC anyway due to EU Anti-Money Laundering rules. Yes, even the EU got tired of its own opacity when it came to shell companies and other corporate entities years ago, and they developed sets of "Anti Money Laundering Directives" that all of the EU member states were *supposed* to enact as local national laws years ago, starting, I guess, with 1AMLD, then 2AMLD, then 3AMLD, 4AMLD, and finally, in 2018, 5AMLD. But just like with RIPE, the EU member states, having approved these new transparency measures at the EU level were apparently loath to actually implement them, as required, as national laws in a majority of the EU countries. The result was that as of the year 2020, 22 out of 27 EU member states were still playing "hide the ball" with corporate registration and ownership information. This should be a scandalous embarassment, but both the lethargic EU member countries and also RIPE have never been accused of having anything approximating shame. You can read the whole shameful story here: https://www.globalwitness.org/en/campaigns/corruption-and-money-laundering/anonymous-company-owners/5amld-patchy-progress/ Of course this is just the EU/AML part. For now I won't even go into the story of the time law enforcement officers showed up at RIPE headquarters in 2009 and started asking questions in connection with a money laundering investigation they were working on... which apparently involved RIPE itself. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
Am 04.06.22 um 02:05 schrieb Ronald F. Guilmette: In message , Hans-Martin Mosner wrote: For resources allocated to legal entities (companies, organizations, etc.) an identification of the organization should be mandatory. Would you agree also that such identification of non-person legal entities that are the registrants of number resources should be: a) public, and b) accurate and consistant with the bona fides that were submitted to RIPE NCC at the time the member was made a member, and at any & all times thereafter when the non-person member requested or was granted number resources? Yes, with the addition that whenever the identification of a legal entity changes, it needs to be updated. "Accurate" and "consistent" may be at conflict when initial information was inaccurate, I'd prefer accurate over consistent. If you say yes to both, then I am compelled to point out there there is, as far as I understand it, *no* requirement, within the RIPE region, at present for there to be *any* correlation between what appears in any public RIPE WHOIS record and the actual bona fides of the corresponding member, the -actual- identity o which remain secret & hidden behind an opaque wall of stony silence, backed up by RIPE's legal counsel. I can't really judge this, but I see why that is your point of view. To be clear, I am just a participant in this mailing list, have never taken part in WG meetings, don't have the slightest insight into why certain information is withheld from public view, and as such I can only guess. Organizations with numerous stakeholders having different interests tend to be blocked by unanimous consensus and veto rules, so it's no surprise that RIPE seems to be afflicted by this, too. What such organizations need to come up with is a mechanism that allows them to deal with problem members without being blocked by them and their allies, while not succumbing to a dictatorship of the majority (majority decisions aren't always the best) or some central authority. As you point out, this is an issue with other organizations, too, but it's by far not limited to the ones you listed. I still believe in reason to a certain extent, although it takes a big leap of faith in light of reality. Cheers, Hans-Martin -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg