Re: [anti-abuse-wg] personal data in the RIPE Database
Ronald the reason I haven't responded to your previous emails is that you are talking utter nonsense. And as usual the two relevant sentences in your huge, long rants are lost in all the offensive and pointless references. You talk of fanatics, extremists, dictators, alarmists, privacy paranoia, perverts, fetish, fetishizing secrecy, journalists, activists, teachers, ethics, morality, political viewpoint, "old school" view, imaginary imperative, obvious disasters, over-reaction, opinions, pretense, RIPE structures of power, planned agenda of recalcitrance, obstructionism, consistant inaction, institutionalized dysfunction, lethargic EU member countries, opaque wall of stony silence, totally made-up bovine excrement, garbage, absolute horse manure, stealthy secrecy and deliberate opacity baked in, gay rights in Florida, God, Hell, .US registries, UBOs, etc. How on earth do you expect anyone to follow what little arguments you have when wrapped in all this crap. You have managed, in a few long emails, to insult or offend me, other contributors, the RIPE NCC, their legal council, the RIPE community, 20k+ member organisations and the EU with your arrogant, bullying attitude...Ronald is of course right, anyone who doesn't see the world as you do is an extremist, fanatical dictator. Why should anyone fear having their address in this open, public database? If you suffer from it, it's not the database's fault, it's your fault for giving your real address when asked for it. Clearly there are so many options available for you to confuse everyone. As in that video presentation I referenced from Europol when they explained how their investigation came to a dead end at a drop box. So yes great idea Ronald. Lets encourage everyone to get PO (Drop) boxes instead of using real addresses. Guess who is going to be queuing up at the post office tomorrow to register for these boxes using those 'borrowed' IDs from the pub? Probably every abuser across the region, given the way you have so heavily promoted this option across your recent set of rants. You have confused the issues so much that now I will have to answer your circular, repetitive arguments. On Tue, 7 Jun 2022 at 00:36, Ronald F. Guilmette wrote: > > In message > > denis walker wrote: > > >We are talking about restricting access to one piece of data, the > >address of natural persons. I accept that a lot of abuse may come from > >address space held by natural people. I understand that a lot of > >investigation work is done by companies and individuals. How much of > >an impact would it be on your activities to not know the private > >address of these natural people? > > Just a second. Let's pause here for a moment and look at this question > of the "physical address" information as it relates to WHOIS records. > > One of the many things that have, over the past several years, rendered > almost all of the information that is now available in *domain name* > WHOIS records virtually entirely worthless was the decision, some > considerable time ago, by ICANN, to permit the use of essentially > anonymous P.O. box addresses in the WHOIS records for domains registered > within the gTLDs. Additional commonly used methods of obfsucation in > these domain name WHOIS records include but are not limited to (a) the > use of "proxy" registrants and (b) the use of addresses of incorporation > agents and (c) use of the addresses of attorneys. (I have not surveyed the > policies of the various ccTLDs with regards to their level of acceptance > of such shenanigans but I have no reason to doubt that even the .US TLD > allows for all of these clever methods of "hiding the ball" with respect > to the actual physical location of the domain name registrant. Hell! > The policies governing the .US domain are crystal clear in prohibiting > non-US legal entities from registering .US domains, but the operators of > the .US registry demonstratably make no attempt whatsoever to check for > conformance with even this minimal requirement.) > > So, as I have listed above, there are many different frequently-used ways > that any natural person may use to obfsucate their actual physical location > when registering a domain name. > > This prompts a rather obvious question: Do there exist any policies, > rules, or regulations which would prevent a natural person from using any > one of the several techniques I have listed above to obfsucate their > actual physical location when they generate their RIPE organization > WHOIS record? You just explained how these techniques have "rendered almost all of the information that is now available in *domain name* WHOIS records virtually entirely worthless". Now you are suggesting to use these techniques on the number registry to obfuscate addresses. > And more to the point, is it true or false that, as I have > previously asserted, any member can put literally any inaccurate garbage > they want into their public-facing RIPE WHOIS records with no
Re: [anti-abuse-wg] personal data in the RIPE Database
In message =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= wrote: >AFAIK the "org-name" attribute on the organisation object does get >verified if the organisation is a LIR or an end user that has received >resources directly from the RIPE NCC (through a sponsoring LIR). (and >possibly a few other cases like legacy resource holders with service >agreements) >I believe there are also many policies that say that information >should be accurate, and while this might not be actively verified for >the most part, it is still policy in many cases. Policy in the total absence of -any- validation or enforcement is vacuous. It is a NO-OP. It is a joke. >Part of the issue is that the RIPE NCC has some responsibility for >this under the GDPR... Or to be more accurate, RIPE NCC is -alleged- to have some responsibility for this, e.g. by yourself and by other privacy extremists. In point of fact however this opinion, on your part, has never been adjudicated in any court of law. And more to the point, GDPR has explicit carve outs for the sharing and/or publication of data as may be necessary for an entity to carry out its mission. Some of us, at least (who may, coincidently have been on the Internet since well before you were born), still maintain the "old school" view that it was, is, and remains an integral part of the mission of both domain name registrars and also Regional Internet Registries to promote, foster, and enable the smooth functioning of the Internet. We also believe that that continued smooth functioning can be either (a) enabled by openess and transparency or else (b) hobbled by pointlessly and unnecessarily fetishizing secrecy, specifically within WHOIS records. If our interpretation of GDPR is the correct one, i.e. that RIPE and other such organizations have both a current and a longstanding/historical duty to *not* "hide the ball", then your claim that the GDPR obliges RIPE NCC to do anything in particular now which is different from what it has been doing for the past 20+ years is both meaningless and not at all supported by *any* legal findings. In short, this contention that GDPR is (suddenly?) forcing RIPE to do something today that it was not forced to do at any time last week, or indeed, at any time over the past 20 years is simply fallacious - an imaginary imperative that doesn't actually exist. >and it can be really difficult to do this >correctly, but I think the legal team could explain those details >better. And I think that the legal team has also been sucked into the vortex of privacy paranoia and extremism, and that they will say whatever they want to say, regardless of whether their position has been endorsed or verified in a court of law or not. In short, they are part of the problem. As I have previously noted RIPE is a *private* organization mostly composed of *private* member organizations, virtually all of which are loath to disclose anything to anybody ever. Thus, I would not be in the least surprised if you told me tomorrow that the RIPE legal team had come out in favor of making the entire WHOIS data base private and accessible to "law enforcement only, eyes only". The legal team doesn't have any incentive whatsoever pulling them in the direction of transparency. All of their incentives run in the opposite direction... i.e. *against* any and all openness & transparency, even if that means degrading the ongoing smooth functioning of the Internet. >I run a hobby network and have an ASN and a /48 of PI assigned to me >from RIPE NCC (through a sponsoring LIR) and also know many other >people who are in a similar situation. >Many people who do this are uncomfortable with having to publish their >home address in the RIPE database... I have two responses: 1) Why don't you get a P.O. box if you are really that worried about it? 2) So if I understand why you're saying, you are saying that because there exists some small, but finite and non-zero set of people who, like you, are "uncomfortable", then everybody else in the universe should bend over backwards, throw out 20+ years of precedent, and should hobble the public WHOIS data base, all just so that -you- won't be made to feel "uncomfortable". Is that what you are saying? If so, then I'd like to suggest that you consider moving to sunny Florida. I think that you might fit in nicely there. Although you may not have heard about it, the Governor of that state recently signed into law a new state statute which makes it now illegal for teachers in that state to say the word "gay". The justification for this new law was that that word makes some small minority of the parents in the State of Florida "uncomfortable". My point of course, is that this is how the dictatorship of the minority begins. You are "uncomfortable" so everyone else must change what they are doing. And how shall we resolve the matter if, hypothetically, the discomfort of you and your friends someday makes me and my friends "uncomfortable"? >Sure, I
Re: [anti-abuse-wg] addtess verification (was: personal data in the RIPE Database)
denis wrote: > This defeats your own argument. You were arguing you need to know the > addresses of these natural persons so you can link separate resources > having the same address. Using the IDs of random people and drunks > from a bar will give them all different addresses. Knowing these > addresses doesn't help you in any way. Maybe they would use the address of the bar where they met the drunkard? :) Having many persons registered with that address. Or even multiple registrations whose addresses all match with pubs in Y area, would certainly be an interesting pattern worth to be discovered. Or even just a pattern of addresses not existing in that city or with no buildings. Sadly, filters designed to block obvious fake data will generally only lead malicious actors to produce better lies, not to provide their real details. In a previous mail you mentioned: > When these people apply to be a member I am sure the RIPE NCC requires proof > of identity and proof of address. but -being slightly more skeptic- I would like to know what kind of address verification is performed. Document ripe-770 do mention the first part: "Each agreement signed with either the RIPE NCC or with a sponsoring LIR must be accompanied by supporting documentation proving the existence (and validity) of the legal or natural person (see below)." but no mention is made of verifying the physical address. https://www.ripe.net/publications/docs/ripe-770#111 As for the identity proof, it suggests "Valid identification documents (e.g., identification card, passport)" I guess one might go to RIPE NCC office to show them their passport and assert that they do exist and match it. That's probably the most secure way of verification. But I doubt many people would do that (maybe, during the assembly...). Sending the passport or id card to RIPE NCC would not be be acceptable. The exact way to do that is not described there, but the model agreement says "the End User shall include a photocopy of a valid identity card." and I suspect that's what will be done on almist every case. https://www.ripe.net/manage-ips-and-asns/resource-management/number-resources/independent-resources/independent-assignment-request-and-maintenance-agreement Obviously, someone who tricked another one (drunk or not) into getting a copy of their id card could easily fulfill this requisite. Maybe those on this list that are resource holders could tell us if their physical address was ever validated by RIPE in any way? Regards -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to d...@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
Hi, I just want to start out by saying that I have been quite busy lately so I can't reply to all points in this thread but I mostly agree with denis and what I have previously said in the db-wg. I have replied to rfg below. On Tue, Jun 7, 2022 at 12:36 AM Ronald F. Guilmette wrote: > > In message > > denis walker wrote: > > >We are talking about restricting access to one piece of data, the > >address of natural persons. I accept that a lot of abuse may come from > >address space held by natural people. I understand that a lot of > >investigation work is done by companies and individuals. How much of > >an impact would it be on your activities to not know the private > >address of these natural people? > > Just a second. Let's pause here for a moment and look at this question > of the "physical address" information as it relates to WHOIS records. > > One of the many things that have, over the past several years, rendered > almost all of the information that is now available in *domain name* > WHOIS records virtually entirely worthless was the decision, some > considerable time ago, by ICANN, to permit the use of essentially > anonymous P.O. box addresses in the WHOIS records for domains registered > within the gTLDs. Additional commonly used methods of obfsucation in > these domain name WHOIS records include but are not limited to (a) the > use of "proxy" registrants and (b) the use of addresses of incorporation > agents and (c) use of the addresses of attorneys. (I have not surveyed the > policies of the various ccTLDs with regards to their level of acceptance > of such shenanigans but I have no reason to doubt that even the .US TLD > allows for all of these clever methods of "hiding the ball" with respect > to the actual physical location of the domain name registrant. Hell! > The policies governing the .US domain are crystal clear in prohibiting > non-US legal entities from registering .US domains, but the operators of > the .US registry demonstratably make no attempt whatsoever to check for > conformance with even this minimal requirement.) While not that important for this point, I would argue that the policy is in no way "crystal clear" in prohibiting non-US legal entities from registering .US domains as the following category exists in the policy: > A foreign entity or organization that has a bona fide presence in the United > States of America or any of its possessions or territories [Nexus Category 3]. https://www.about.us/cdn/resources/ebooks/policies/usTLD_Nexus_Requirements_Policy.pdf > So, as I have listed above, there are many different frequently-used ways > that any natural person may use to obfsucate their actual physical location > when registering a domain name. > > This prompts a rather obvious question: Do there exist any policies, > rules, or regulations which would prevent a natural person from using any > one of the several techniques I have listed above to obfsucate their > actual physical location when they generate their RIPE organization > WHOIS record? And more to the point, is it true or false that, as I have > previously asserted, any member can put literally any inaccurate garbage > they want into their public-facing RIPE WHOIS records with no consequence > whatsoever? AFAIK the "org-name" attribute on the organisation object does get verified if the organisation is a LIR or an end user that has received resources directly from the RIPE NCC (through a sponsoring LIR). (and possibly a few other cases like legacy resource holders with service agreements) I believe there are also many policies that say that information should be accurate, and while this might not be actively verified for the most part, it is still policy in many cases. > If the answer to *either* question is "yes", then it seems to me that > enlisting RIPE NCC to embark upon a deliberate program to hide personal > information in public-facing WHOIS records EVEN WHEN THE CORRESPONDING > REGISTRANTS HAVE NOT THEMSELVES REQUESTED THAT is not only clearly > unnecessary, but actually and demonstratably counterproductive. Should > a natural-person who actually WANTS to be directly contacted for any and > all issues relating to their RIPE number resources have that opportunity > closed out, perhaps without even their knowledge or consent, by some > small over-agressive cabal of GDPR fanatics acting unilaterally? I think > not. Part of the issue is that the RIPE NCC has some responsibility for this under the GDPR and it can be really difficult to do this correctly, but I think the legal team could explain those details better. > As noted above, if any RIPE registrant wants to have their physical address > info obfsucated then there appears to be any number of simple alternatives > available to the registrant themself to achieve exactly that. Thus, this > new push to get RIPE NCC to hide information in public-facing WHOIS records > seems to be a solution in search of a problem, and just another
Re: [anti-abuse-wg] personal data in the RIPE Database
In message denis walker wrote: >The bottom line is that there are honest, law abiding people who are, >or would like to be, resource holders but are exposed to considerable >personal danger by making their name and address public. We must take >the personal privacy issue seriously... These are exactly the central fallacies that have driven and that are driving so much of the GDPR-inspired "privacy" fanaticism that's coming out of Europe these days. Who exactly are these unspecified "law abiding people" and what is it, exactly, that is preventing them from taking measures on their own (such as renting a P.O. box) to protect themselves and their privacy? I do not dispute for a moment that there are many people, most notably journalists, many of whom I have had the pleasure to work with (and even some inside of Russia) whose freedom & lives could be endangered by publication of their exact whereabouts. And yet this current proposal was not, as far as I know, generated by any of *them*. *They* already know all about the many readily available ways at their disposal to avoid having their exact whereabouts published. (And God help us all if they ever have to rely on the good graces of RIPE to protect their locations!) Perhaps even more to the point, I'd like to see any actual Venn Diagram which would show us the -actual- (as opposed to postulated, by the privacy fear-mongers) overlap between the set of people who need any kind of anonymity and/or protection of their location info and the set of people who ALSO provably *need* to have RIPE number resources. Oh! Nevermind! Conveniently, some kind soul on the Internet has already generated & published this exact Venn Diagram: https://www.amcharts.com/docs/v4/wp-content/uploads/sites/2/2020/02/image-768x377.png So this is really the first-order fallacy: The assertion, without a single shred of supporting proof offered, that there exists some tiny minority of people who both (a) need either anonymity or else secrecy as regards to their actual physical address, and who also (b) need to have RIR number resources. If we are to believe this alarmist point of view, even, as it is, backed up by zero actual evidence, then we must accept on blind faith that there are some journalists or other "activists" who need to get their stories out to the public but who cannot use *any* form of existing social media to do that, and who cannot even do it via some shared or dedicated web hosting arrangement. No no! We must believe that there are, somewhere out there, activists and/or journalists who both (a) have reason to fear for their physical safety and who also (b) really need at least an ASN or a /24 or else they will be as good as gagged, for all practical purposes. This is clearly nonsense on the face of it. We are blessed to live in an era where communication... even mass communication... has never been easier OR more widley available. And yet the contention is that edgy activism and/or journalism will be entirely wiped from the map if the person who wants to distribute a controversial newsletter cannot get hold of an entire /24. Rubbish. It is this exact sort of illogical thinking that has led to a situation, in Europe, where you now can't even know if the new neighbor who just moved in next door to you is a previously convicted serial pedophile. You aren't allowed to know because your newspapers are no longer allowed to print even just the names of convicted serial sexual predators, much less their photographs. Why any of you folks in Europe ever thought that this would be a good idea is, I confess, beyond me. You have placed this newfound fetish for "privacy" above the competing societal values of free speech, freedom of the press, transparency in public affairs, and the individual citizen's right to know. So now you have to live with the downsides of those value choices. But those obviously dubious value choices DO NOT have to spill over into the public RIPE WHOIS data base. And they will only do so if the same inability to judge fairly the cost/benefit ratio is sold to the membership at large by the privacy extremists. And now, at last, we come to the second absurd fallacy driving this debate. I quote: "We must take the personal privacy issue seriously..." Simple question: Why? Who says we do? Did the EU Council pass a resolution while I was sleeping which has rendered RIPE legally responsible for the privacy of its members or their physical addrsses? If so, I didn't get the memo. Seriously, who exactly is "we" and when did "we" become legally, ethically, or morally responsible for hiding the physical addresses of members who could, as I have noted above, quite easily take care of this on their own? Was RIPE actually responsible for hiding physical addresses for all of the past 20 odd years of its existance, but for some strange reason we are only finding out about it now? Again, I think not. Nothing has changed, morally, eithically,
Re: [anti-abuse-wg] personal data in the RIPE Database
In message denis walker wrote: >We are talking about restricting access to one piece of data, the >address of natural persons. I accept that a lot of abuse may come from >address space held by natural people. I understand that a lot of >investigation work is done by companies and individuals. How much of >an impact would it be on your activities to not know the private >address of these natural people? Just a second. Let's pause here for a moment and look at this question of the "physical address" information as it relates to WHOIS records. One of the many things that have, over the past several years, rendered almost all of the information that is now available in *domain name* WHOIS records virtually entirely worthless was the decision, some considerable time ago, by ICANN, to permit the use of essentially anonymous P.O. box addresses in the WHOIS records for domains registered within the gTLDs. Additional commonly used methods of obfsucation in these domain name WHOIS records include but are not limited to (a) the use of "proxy" registrants and (b) the use of addresses of incorporation agents and (c) use of the addresses of attorneys. (I have not surveyed the policies of the various ccTLDs with regards to their level of acceptance of such shenanigans but I have no reason to doubt that even the .US TLD allows for all of these clever methods of "hiding the ball" with respect to the actual physical location of the domain name registrant. Hell! The policies governing the .US domain are crystal clear in prohibiting non-US legal entities from registering .US domains, but the operators of the .US registry demonstratably make no attempt whatsoever to check for conformance with even this minimal requirement.) So, as I have listed above, there are many different frequently-used ways that any natural person may use to obfsucate their actual physical location when registering a domain name. This prompts a rather obvious question: Do there exist any policies, rules, or regulations which would prevent a natural person from using any one of the several techniques I have listed above to obfsucate their actual physical location when they generate their RIPE organization WHOIS record? And more to the point, is it true or false that, as I have previously asserted, any member can put literally any inaccurate garbage they want into their public-facing RIPE WHOIS records with no consequence whatsoever? If the answer to *either* question is "yes", then it seems to me that enlisting RIPE NCC to embark upon a deliberate program to hide personal information in public-facing WHOIS records EVEN WHEN THE CORRESPONDING REGISTRANTS HAVE NOT THEMSELVES REQUESTED THAT is not only clearly unnecessary, but actually and demonstratably counterproductive. Should a natural-person who actually WANTS to be directly contacted for any and all issues relating to their RIPE number resources have that opportunity closed out, perhaps without even their knowledge or consent, by some small over-agressive cabal of GDPR fanatics acting unilaterally? I think not. As noted above, if any RIPE registrant wants to have their physical address info obfsucated then there appears to be any number of simple alternatives available to the registrant themself to achieve exactly that. Thus, this new push to get RIPE NCC to hide information in public-facing WHOIS records seems to be a solution in search of a problem, and just another misguided top-down enforcement of an extremist view of "privacy", pushed onto the community whether the people actually affected, i.e. the registrants themselves, like it or not. (Note: I am not intending to pick specifically on RIPE here. To the best of my current knowledge there are -no- policies or rules in -any- RIR globally that explicitly prohibit the use of P.O. boxes, proxy registrants, or the addrsses of associated corporate registration agents or lawyers within public-facing number resource WHOIS�records. Nor do any RIRs have any clear policies which would have the effect of requiring there to be -any- clear correlation between what appears in a registrant's public-facing WHOIS records and anything corresponding to objective reality.) >I can only think of three reasons why >you would need the full address. You intend to visit them (unlikely), >you want to serve legal papers on them or you attempt some kind of >heuristics with the free text search in the database to match up >resources with the same address. I agree with this list of possibilities, 1, 2, 3. So which of these three are you attempting to hobble? Are you in favor of making it harder to serve people with legal papers? If so, why would you do that and who would be the beneficiaries of that? Are you in favor of making it harder for open-source researchers to search the data base for textual correlations that might provide clues to untoward activities? If so, why would you do that and who would be the beneficiaries of that? Regards, rfg --
Re: [anti-abuse-wg] personal data in the RIPE Database
In message , Suresh Ramasubramanian wrote: >The person you should invite for this is Ron Guilmette > >Ask him about Romanian LIRs from eight or nine years back and you will >probably get chapter and verse. > >For example https://seclists.org/nanog/2013/Jan/328 Indeed. I could write a book about the voracious Romanian gang. And a whole additional one about some similarly voracious folks in Moldova. The only question is: Who would read them? Nobody seems to care. Regards, rfg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
On Mon, 6 Jun 2022 at 22:30, Suresh Ramasubramanian wrote: > > Registered companies have in the past been LLCs or the local country > equivalent and in some cases, using the id of random people paid a few euro > to allow their name to appear in LLC paperwork, if I remember right. > > The same thing is quite likely for “natural person” to be “some old drunk I > met in a bar who handed over his ID to be used for registering ripe resources” This defeats your own argument. You were arguing you need to know the addresses of these natural persons so you can link separate resources having the same address. Using the IDs of random people and drunks from a bar will give them all different addresses. Knowing these addresses doesn't help you in any way. Also an LLC is a registered business. Their addresses will remain public in the database. cheers denis proposal author > > --srs > > From: anti-abuse-wg on behalf of denis > walker > Sent: Tuesday, June 7, 2022 12:19:43 AM > To: Richard Clayton > Cc: anti-abuse-wg > Subject: Re: [anti-abuse-wg] personal data in the RIPE Database > > On Mon, 6 Jun 2022 at 19:27, Richard Clayton wrote: > > > > In message > jgzda...@mail.gmail.com>, denis walker writes > > > > >On Mon, 6 Jun 2022 at 17:57, Suresh Ramasubramanian > > >wrote: > > >> > > >> Always a useful thing to do if you want to block all resources held by a > > >single actor or set of actors. > > > > > >So are you saying that you DO use the ORGANISATION object address to > > >match resources held by different members at the same location? If so > > >there are technical ways to offer that functionality within the > > >database without exposing the full address of natural person members. > > > > you're about to suggest hashing ... that doesn't provide what is needed > > because it is far too fragile to be useful given that WHOIS entries are > > not canonicalised and also contain minor errors > > I had something similar in mind. > > > > > you can find countless examples of typos, old addresses etc within the > > RIPE data. For a contemporary example check for inconsistent use of > > Kiev/Kyiv for resources held by exactly the same person/organistion. > > OK lets narrow it down a bit. The address of a registered business > will still be publicly available in the database. So if someone has > registered multiple businesses at the same address this data will > still be available, even with any spelling mistakes. > > What we are talking about are the resource holders who are natural > persons. When these people apply to be a member I am sure the RIPE NCC > requires proof of identity and proof of address. (They will correct me > if I am wrong.) So unless a group of natural persons are all living at > the same address and all provide proof of that, then you are not going > to get this address correlation anyway. If a group of natural persons > are all operating from a common commercial address, not a personal > address, then the address will still be publicly available in the > database. > > The only resource holder's addresses that will be restricted are for > natural persons who are operating from their home address. Those > addresses are likely to be unique in the database. > > I will give a balanced argument and point out that there is a > downside. RIPE policy allows multiple LIRs. So a natural person > operating from their home address can become a Member and then set up > multiple LIR accounts. Each of these accounts will be linked to > separate ORGANISATION objects with the same address. Because it is a > natural person and their home address, that address will have > restricted access. Each of these LIRs can get separate, distinct > allocations and the address link between these allocations is lost > publicly. This can be fixed if we modify address policy, requiring the > RIPE NCC to publicly identify the link between multiple LIRs with the > same owner. Relying on the address as the main link between multiple > LIRs is not perfect anyway. A Member may be able to set up multiple > LIR accounts with different addresses. Having an official link would > be far more reliable. > > The bottom line is that there are honest, law abiding people who are, > or would like to be, resource holders but are exposed to considerable > personal danger by making their name and address public. We must take > the personal privacy issue seriously. If this creates problems in > other areas we need to find solutions to those problems. > > cheers > denis > proposal author > > > > > > > > -- > > richard Richard Clayton > > > > Those who would give up essential Liberty, to purchase a little temporary > > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > > -- > > > > To unsubscribe from this mailing list, get a password reminder, or change > > your subscription options, please visit: > >
Re: [anti-abuse-wg] personal data in the RIPE Database
Registered companies have in the past been LLCs or the local country equivalent and in some cases, using the id of random people paid a few euro to allow their name to appear in LLC paperwork, if I remember right. The same thing is quite likely for “natural person” to be “some old drunk I met in a bar who handed over his ID to be used for registering ripe resources” --srs From: anti-abuse-wg on behalf of denis walker Sent: Tuesday, June 7, 2022 12:19:43 AM To: Richard Clayton Cc: anti-abuse-wg Subject: Re: [anti-abuse-wg] personal data in the RIPE Database On Mon, 6 Jun 2022 at 19:27, Richard Clayton wrote: > > In message jgzda...@mail.gmail.com>, denis walker writes > > >On Mon, 6 Jun 2022 at 17:57, Suresh Ramasubramanian > >wrote: > >> > >> Always a useful thing to do if you want to block all resources held by a > >single actor or set of actors. > > > >So are you saying that you DO use the ORGANISATION object address to > >match resources held by different members at the same location? If so > >there are technical ways to offer that functionality within the > >database without exposing the full address of natural person members. > > you're about to suggest hashing ... that doesn't provide what is needed > because it is far too fragile to be useful given that WHOIS entries are > not canonicalised and also contain minor errors I had something similar in mind. > > you can find countless examples of typos, old addresses etc within the > RIPE data. For a contemporary example check for inconsistent use of > Kiev/Kyiv for resources held by exactly the same person/organistion. OK lets narrow it down a bit. The address of a registered business will still be publicly available in the database. So if someone has registered multiple businesses at the same address this data will still be available, even with any spelling mistakes. What we are talking about are the resource holders who are natural persons. When these people apply to be a member I am sure the RIPE NCC requires proof of identity and proof of address. (They will correct me if I am wrong.) So unless a group of natural persons are all living at the same address and all provide proof of that, then you are not going to get this address correlation anyway. If a group of natural persons are all operating from a common commercial address, not a personal address, then the address will still be publicly available in the database. The only resource holder's addresses that will be restricted are for natural persons who are operating from their home address. Those addresses are likely to be unique in the database. I will give a balanced argument and point out that there is a downside. RIPE policy allows multiple LIRs. So a natural person operating from their home address can become a Member and then set up multiple LIR accounts. Each of these accounts will be linked to separate ORGANISATION objects with the same address. Because it is a natural person and their home address, that address will have restricted access. Each of these LIRs can get separate, distinct allocations and the address link between these allocations is lost publicly. This can be fixed if we modify address policy, requiring the RIPE NCC to publicly identify the link between multiple LIRs with the same owner. Relying on the address as the main link between multiple LIRs is not perfect anyway. A Member may be able to set up multiple LIR accounts with different addresses. Having an official link would be far more reliable. The bottom line is that there are honest, law abiding people who are, or would like to be, resource holders but are exposed to considerable personal danger by making their name and address public. We must take the personal privacy issue seriously. If this creates problems in other areas we need to find solutions to those problems. cheers denis proposal author > > -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
On Mon, 6 Jun 2022 at 19:27, Richard Clayton wrote: > > In message jgzda...@mail.gmail.com>, denis walker writes > > >On Mon, 6 Jun 2022 at 17:57, Suresh Ramasubramanian > >wrote: > >> > >> Always a useful thing to do if you want to block all resources held by a > >single actor or set of actors. > > > >So are you saying that you DO use the ORGANISATION object address to > >match resources held by different members at the same location? If so > >there are technical ways to offer that functionality within the > >database without exposing the full address of natural person members. > > you're about to suggest hashing ... that doesn't provide what is needed > because it is far too fragile to be useful given that WHOIS entries are > not canonicalised and also contain minor errors I had something similar in mind. > > you can find countless examples of typos, old addresses etc within the > RIPE data. For a contemporary example check for inconsistent use of > Kiev/Kyiv for resources held by exactly the same person/organistion. OK lets narrow it down a bit. The address of a registered business will still be publicly available in the database. So if someone has registered multiple businesses at the same address this data will still be available, even with any spelling mistakes. What we are talking about are the resource holders who are natural persons. When these people apply to be a member I am sure the RIPE NCC requires proof of identity and proof of address. (They will correct me if I am wrong.) So unless a group of natural persons are all living at the same address and all provide proof of that, then you are not going to get this address correlation anyway. If a group of natural persons are all operating from a common commercial address, not a personal address, then the address will still be publicly available in the database. The only resource holder's addresses that will be restricted are for natural persons who are operating from their home address. Those addresses are likely to be unique in the database. I will give a balanced argument and point out that there is a downside. RIPE policy allows multiple LIRs. So a natural person operating from their home address can become a Member and then set up multiple LIR accounts. Each of these accounts will be linked to separate ORGANISATION objects with the same address. Because it is a natural person and their home address, that address will have restricted access. Each of these LIRs can get separate, distinct allocations and the address link between these allocations is lost publicly. This can be fixed if we modify address policy, requiring the RIPE NCC to publicly identify the link between multiple LIRs with the same owner. Relying on the address as the main link between multiple LIRs is not perfect anyway. A Member may be able to set up multiple LIR accounts with different addresses. Having an official link would be far more reliable. The bottom line is that there are honest, law abiding people who are, or would like to be, resource holders but are exposed to considerable personal danger by making their name and address public. We must take the personal privacy issue seriously. If this creates problems in other areas we need to find solutions to those problems. cheers denis proposal author > > -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
In message , denis walker writes >On Mon, 6 Jun 2022 at 17:57, Suresh Ramasubramanian >wrote: >> >> Always a useful thing to do if you want to block all resources held by a >single actor or set of actors. > >So are you saying that you DO use the ORGANISATION object address to >match resources held by different members at the same location? If so >there are technical ways to offer that functionality within the >database without exposing the full address of natural person members. you're about to suggest hashing ... that doesn't provide what is needed because it is far too fragile to be useful given that WHOIS entries are not canonicalised and also contain minor errors you can find countless examples of typos, old addresses etc within the RIPE data. For a contemporary example check for inconsistent use of Kiev/Kyiv for resources held by exactly the same person/organistion. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
In message , denis walker writes >On Mon, 6 Jun 2022 at 16:15, Richard Clayton wrote: >> You appear to be under the impression that Internet security and safety >> arises out of the activities of Law Enforcement Agencies whereas in >> practice private individuals and companies do the vast majority of this >> work -- generating referrals to LEAs when it is appropriate for action >> to be taken that only they can perform >We are talking about restricting access to one piece of data, the >address of natural persons. it's several lines of data ... > I accept that a lot of abuse may come from >address space held by natural people. I understand that a lot of >investigation work is done by companies and individuals. How much of >an impact would it be on your activities to not know the private >address of these natural people? what matters is the matching of data, so that it becomes possible to link otherwise disparate activity together -- and also to proactively deal with the risk of further abuse >From the country attribute in their >ORGANISATION object (accurately maintained by the RIPE NCC) you know >the country that they are legally operating from. You don't know the >street or city they work out of. exactly -- now for bad people, this data is often inaccurate and incomplete, but nevertheless patterns (and consistent inconsistencies!) are often apparent >I can only think of three reasons why >you would need the full address. You intend to visit them (unlikely), >you want to serve legal papers on them or you attempt some kind of >heuristics with the free text search in the database to match up >resources with the same address. the last of these three is what matters -- the other two activities are generally the purview of Law Enforcement and they will be working off rather more information than WHOIS (correspondence with RIPE, payment information etc). -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
On Mon, 6 Jun 2022 at 17:57, Suresh Ramasubramanian wrote: > > Always a useful thing to do if you want to block all resources held by a > single actor or set of actors. So are you saying that you DO use the ORGANISATION object address to match resources held by different members at the same location? If so there are technical ways to offer that functionality within the database without exposing the full address of natural person members. cheers denis proposal author > > --srs > > Denis walker > > you attempt some kind of heuristics with the free text search in the database > to match up resources with the same address. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
Always a useful thing to do if you want to block all resources held by a single actor or set of actors. --srs Denis walker you attempt some kind of heuristics with the free text search in the database to match up resources with the same address. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
Hi Richard On Mon, 6 Jun 2022 at 16:15, Richard Clayton wrote: > > In message il.com>, denis walker writes > > >They were very clear that the address of resource holders is also very > >important to LEAs in their investigations. So I am going to make a > >controversial suggestion here. Currently we have two categories of > >registry data, Private and Public. The Public data is available to > >LEAs and their use of it is covered by agreed purposes of the RIPE > >Database defined in the Terms & Conditions. For Private data they need > >to get a court order, which is an expensive and time consuming > >process. Suppose we add a middle category Restricted data. This could > >be data like the address of natural persons who hold resources. Data > >that is now public but we are proposing to take out of the public > >domain. We could allow LEAs (and maybe other recognised public safety > >agencies) to continue to have access to this Restricted data without a > >court order. (There are technical ways of doing this which are out of > >scope for this discussion.) > > You appear to be under the impression that Internet security and safety > arises out of the activities of Law Enforcement Agencies whereas in > practice private individuals and companies do the vast majority of this > work -- generating referrals to LEAs when it is appropriate for action > to be taken that only they can perform > > Moving to a situation where only LEAs can see what is currently > available in RIPE whois data would be a very retrograde step and would > seriously impact the security and stability of the Internet. We are talking about restricting access to one piece of data, the address of natural persons. I accept that a lot of abuse may come from address space held by natural people. I understand that a lot of investigation work is done by companies and individuals. How much of an impact would it be on your activities to not know the private address of these natural people? From the country attribute in their ORGANISATION object (accurately maintained by the RIPE NCC) you know the country that they are legally operating from. You don't know the street or city they work out of. I can only think of three reasons why you would need the full address. You intend to visit them (unlikely), you want to serve legal papers on them or you attempt some kind of heuristics with the free text search in the database to match up resources with the same address. cheers denis proposal author > > -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
Yes and when private parties asking about whois get told “we are not the internet police”, that is the ripe community’s very own “not in my backyard” --srs From: anti-abuse-wg on behalf of Richard Clayton Sent: Monday, June 6, 2022 7:45:03 PM To: anti-abuse-wg Subject: Re: [anti-abuse-wg] personal data in the RIPE Database In message , denis walker writes >They were very clear that the address of resource holders is also very >important to LEAs in their investigations. So I am going to make a >controversial suggestion here. Currently we have two categories of >registry data, Private and Public. The Public data is available to >LEAs and their use of it is covered by agreed purposes of the RIPE >Database defined in the Terms & Conditions. For Private data they need >to get a court order, which is an expensive and time consuming >process. Suppose we add a middle category Restricted data. This could >be data like the address of natural persons who hold resources. Data >that is now public but we are proposing to take out of the public >domain. We could allow LEAs (and maybe other recognised public safety >agencies) to continue to have access to this Restricted data without a >court order. (There are technical ways of doing this which are out of >scope for this discussion.) You appear to be under the impression that Internet security and safety arises out of the activities of Law Enforcement Agencies whereas in practice private individuals and companies do the vast majority of this work -- generating referrals to LEAs when it is appropriate for action to be taken that only they can perform Moving to a situation where only LEAs can see what is currently available in RIPE whois data would be a very retrograde step and would seriously impact the security and stability of the Internet. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
In message , denis walker writes >They were very clear that the address of resource holders is also very >important to LEAs in their investigations. So I am going to make a >controversial suggestion here. Currently we have two categories of >registry data, Private and Public. The Public data is available to >LEAs and their use of it is covered by agreed purposes of the RIPE >Database defined in the Terms & Conditions. For Private data they need >to get a court order, which is an expensive and time consuming >process. Suppose we add a middle category Restricted data. This could >be data like the address of natural persons who hold resources. Data >that is now public but we are proposing to take out of the public >domain. We could allow LEAs (and maybe other recognised public safety >agencies) to continue to have access to this Restricted data without a >court order. (There are technical ways of doing this which are out of >scope for this discussion.) You appear to be under the impression that Internet security and safety arises out of the activities of Law Enforcement Agencies whereas in practice private individuals and companies do the vast majority of this work -- generating referrals to LEAs when it is appropriate for action to be taken that only they can perform Moving to a situation where only LEAs can see what is currently available in RIPE whois data would be a very retrograde step and would seriously impact the security and stability of the Internet. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg