Re: [db-wg] 2022-01 Review Phase (Personal Data in the RIPE Database)
On Sun, Oct 09, 2022 at 01:33:43PM +0200, Sander Steffann via db-wg wrote: The RIPE NCC has prepared an impact analysis on this latest proposal version to support the community???s discussion. You can find the proposal and impact analysis at: https://www.ripe.net/participate/policies/proposals/2022-01 https://www.ripe.net/participate/policies/proposals/2022-01#impact-analysis The executive board feedback corresponds to my opinion on this policy, especially these points: - It significantly reduces the usability for one of its core purpose - being able to contact resource holders about their number resources. This presumes a "traditional" model of resource assignment and allocation that is no longer ubiquitous. For virtually all LIRs I have a hand in managing resources for, the end users have neither the inclination nor the ability to manage the /29 they are assigned - they expect their provider to do this. Should an end-user wish to manage their assignment themselves, or the LIR to devolve this responsibility, they can still create an inet(6)num for the assignment. In the NCC's Impact Analysis, it states as the legal reasoning for GDPR purposes "the legitimate interest of the RIPE community". I consider this reasoning naive. The "RIPE community is an unconstituted and ephemeral collection of individuals and can't be a legal subject. Whom do I take to court if I want to test my privacy rights against the "interest of the RIPE community"? Every member of the mailing lists individually? - We would welcome a discussion that focuses more on which parts of the data are publicly available, rather than a sweeping removal. Any data that should not be publically available should also not be in this database. A reasoned argument may be made to have this data in a *separate*, non-public database. That said, I still oppose this proposal based on other grounds, such as the attempt to introduce yet another "verification" requirement and the resulting overhead to both the NCC and the membership. rgds, Sascha Luck -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
Re: [db-wg] 2022-01 Review Phase (Personal Data in the RIPE Database)
Sander Steffann via db-wg wrote on 09/10/2022 12:33: The executive board feedback corresponds to my opinion on this policy, especially these points: - It significantly reduces the usability for one of its core purpose - being able to contact resource holders about their number resources. - It puts at risk the public chain of custody of Internet number resources. - We would welcome a discussion that focuses more on which parts of the data are publicly available, rather than a sweeping removal. I think a new and more detailed discussion is indeed necessary for this proposal to go anywhere. The current proposal is not acceptable to me. I'm inclined to agree with this, for the reasons given above. The justification for maintaining this data seems clear under the GDPR. Individual people are obviously welcome to disagree with this justification, but that doesn't mean that the justification is invalid. One of the conversations we had at the DBTF early on was the idea of approaching the ripe database with a chain saw and engaging in some far-reaching proposals to clean out a good deal of content from it. Tempting as that might have seemed at the time, the consensus view at the end of the DBTF process was that this would break too many things, and that an incremental clean-up would be more useful. The 2022-01 proposal is likely to break too many things, while creating an extremely large work pile for the RIPE NCC to manage. This doesn't seem like a good approach to dealing with any of the problems that the proposal aims towards (data accuracy / privacy / etc). Nick -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
Re: [db-wg] 2022-01 Review Phase (Personal Data in the RIPE Database)
Hi Denis, Thank you for your observation. There was a typo in the published document that has been fixed from 8 to 1.8 million and now the number of PERSON objects matches the one mentioned in the "RIPE Database:" paragraph of the Impact Analysis. Kind regards, Angela Angela Dall'Ara Policy Officer RIPE NCC On 17/10/2022 15:42, denis walker via db-wg wrote: This also means that: 8 million PERSON objects will need to be deleted or replaced; We don't have 8 million PERSON objects in the database now. Does this number include deleted objects? They are not mentioned in the proposal. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
Re: [db-wg] 2022-01 Review Phase (Personal Data in the RIPE Database)
Colleagues For now I want to focus on the privacy part of the proposal. I will come back to verification later. So below is my response to all the issues raised in the impact analysis (with references to verification removed for now). cheers denis proposal author > Impact Analysis > > Note: to support understanding of the proposal, details of an impact > analysis carried out by the RIPE NCC are included below. This analysis > is based on existing data and should be viewed only as an indication > of the potential impacts that might result if the proposal is accepted > and implemented. > > Executive Summary > > If this proposal is accepted: > > Personal data, especially personal contact details, will no longer be > required for the RIPE Database to fulfil its purpose. Therefore, > personal contacts can no longer be added to the RIPE Database. It never was required, most people just entered it anyway. > Although the legality of having published data prior to this policy > will not be affected, existing data will have to be re-evaluated based > on this policy. The RIPE NCC will have to follow-up with resource > holders to ensure they comply with the policy by removing all personal > data from the database. Personal contact data not personal data. Names and (partial) addresses are still recognised as necessary in some situations. > This will be required even if the resource > holder or their contact person prefers to use personal data in the > RIPE Database. Many people don't realise the consequences of broadcasting their personal contact details to the world. Some people are coerced into entering personal details otherwise they are refused IP addresses. > > This also means that: > > 8 million PERSON objects will need to be deleted or replaced; We don't have 8 million PERSON objects in the database now. Does this number include deleted objects? They are not mentioned in the proposal. > In cases where the resource holder is a natural person, the person who > creates/updates an object containing a postal address must explicitly > confirm that they have their approval. The proposal says they must hold documentary evidence, not explicitly confirm it. It has always been 'said' that consent must be given by data subjects to have their personal details entered into the database. How is that done today? A nod and a wink or is it written into a contract they sign? > The RIPE NCC has the right to follow up and ultimately deregister > Internet number resources and terminate contractual agreements in the > case of non-compliance with the RIPE policy and related RIPE NCC > procedures. This is the hard stick anyone can be hit with for non compliance with any policy. In practice, this stick is rarely if ever used for some policies, like having a working abuse-c email address. > A. RIPE NCC's Understanding of the Proposed Policy > > It is the RIPE NCC’s understanding that by accepting this proposal, > the community agrees that personal data, especially personal contact > details, is no longer required for the specified purposes of the RIPE > Database, except when it is to show who holds specific Internet number > resources. > > This policy will set requirements for the registration of personal > data in the RIPE Database. This will exclude data referenced in > database objects which are solely related to LEGACY resources not > under direct or indirect contract with the RIPE NCC. > > The publication of postal addresses will be optional for all > organisations. Postal address will be limited to country and region > for natural persons. All contacts will refer to roles instead of > people, without referencing a postal address. When applying to become a member you can specify a postal address (to be published in the database) separate to the legal address. This can be anyone's address (your grandmother maybe?), or a post box address or a false address. I believe all official communication from the NCC is done now by email. So anyone who currently does not want their real address published in the database is unlikely to give it. So postal address may as well be optional so those who want to supply it may give a real address. Natural persons completing this form should not be asked for the fine address detail. The Database Task Force also recommended to make postal address optional and eventually deprecated. (btw the member application form for a natural person does not actually ask for their legal address, just 'an address'.) > While membership termination or de-registration of resources could > happen as a result of non-compliance with the policy, the RIPE NCC > will focus on assisting LIRs to correct any non-compliant contacts. The hard stick comment I mentioned above... > > B. Impact of Policy on Registry and Addressing System > > The RIPE NCC does not anticipate any significant impact on Internet > number resource consumption, fragmentation or aggregation if this > proposal is implemented. > > C. Impact of
Re: [db-wg] 2022-01 Review Phase (Personal Data in the RIPE Database)
Hi Sander Thanks for the comments and kicking off the new discussion. I have to admit I was a bit confused by some of the comments in the impact analysis, including these. On Sun, 9 Oct 2022 at 13:33, Sander Steffann via db-wg wrote: > > Hi, > > > The RIPE NCC has prepared an impact analysis on this latest proposal > > version to support the community’s discussion. > > > > You can find the proposal and impact analysis at: > > https://www.ripe.net/participate/policies/proposals/2022-01 > > https://www.ripe.net/participate/policies/proposals/2022-01#impact-analysis > > The executive board feedback corresponds to my opinion on this policy, > especially these points: > - It significantly reduces the usability for one of its core purpose - being > able to contact resource holders about their number resources. In what way does my proposal reduce contact with resource holders, never mind significantly? Currently you can contact a resource holder via the ORGANISATION object that may contain: Postal address Phone number Fax number Several email addresses Several contact references If this proposal is accepted it may still contain all of the above. The only changes are that I am saying the phone and email should be business and not their personal details and postal address is optional. A resource holder who wants to add their postal address will still do so. Those who don't may currently add a false address. So there is really no difference in the way you can contact a resource holder. Note that the Database Task Force also recommended making postal address optional and went further to suggest it should then be deprecated. > - It puts at risk the public chain of custody of Internet number resources. I don't see how this proposal in any way impacts the public chain of custody of internet number resources. On the other hand the recent proposal, 2022-02, would completely destroy this chain. > - We would welcome a discussion that focuses more on which parts of the data > are publicly available, rather than a sweeping removal. This is an interesting comment. My first version of this proposal did suggest making some of the data private. There was strong opposition to that idea. But again this proposal is not suggesting any sweeping removal of data (unlike 2022-02). I suggest changing the data from personal based to business role based, not removal. Yes, the PERSON object will be removed. But the contact data will remain as business ROLE data. cheers denis proposal author > > I think a new and more detailed discussion is indeed necessary for this > proposal to go anywhere. The current proposal is not acceptable to me. > > Cheers, > Sander > > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/db-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
Re: [db-wg] 2022-01 Review Phase (Personal Data in the RIPE Database)
Hi, > The RIPE NCC has prepared an impact analysis on this latest proposal version > to support the community’s discussion. > > You can find the proposal and impact analysis at: > https://www.ripe.net/participate/policies/proposals/2022-01 > https://www.ripe.net/participate/policies/proposals/2022-01#impact-analysis The executive board feedback corresponds to my opinion on this policy, especially these points: - It significantly reduces the usability for one of its core purpose - being able to contact resource holders about their number resources. - It puts at risk the public chain of custody of Internet number resources. - We would welcome a discussion that focuses more on which parts of the data are publicly available, rather than a sweeping removal. I think a new and more detailed discussion is indeed necessary for this proposal to go anywhere. The current proposal is not acceptable to me. Cheers, Sander -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
[db-wg] 2022-01 Review Phase (Personal Data in the RIPE Database)
Dear colleagues, Policy proposal 2022-01, "Personal Data in the RIPE Database", is now in the Review Phase. The goal of this proposal is to allow the publication of verified Personal Data in the RIPE Database only when they are justified by its purpose. The proposal has been updated to version 3.0 after the last round of discussion. This version differs from version 2.0 as follows: - it is not explicitly proscribed to enter the name of a person in role objects - the verification of fax numbers is not required The RIPE NCC has prepared an impact analysis on this latest proposal version to support the community’s discussion. You can find the proposal and impact analysis at: https://www.ripe.net/participate/policies/proposals/2022-01 https://www.ripe.net/participate/policies/proposals/2022-01#impact-analysis And the draft documents at: https://www.ripe.net/participate/policies/proposals/2022-01/draft As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue discussion of the proposal, taking the impact analysis into consideration, and to review the full draft RIPE Policy Document. At the end of the Review Phase, the Working Group (WG) Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase. We encourage you to read the proposal, impact analysis and draft document and send any comments to before 4 November 2022. Kind regards, Angela Dall'Ara Policy Officer RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg