> On 25. Aug 2021, at 17:17, Ronald F. Guilmette wrote:
>
> In message
>
> Leo Vegoda wrote:
>>
>> Are you making a proposal for the RIPE NCC to change the way it
>> operates, or something else?
>
> I only wish that I could even answer that question. Sasdly, I cannot, for
> the simple reason that the various RIPE legal, policy, and procedure
> documents which I have seen so far, and which other people have been kind
> enough to point me to, have not served to clarify what the current policy
> with respect to corporate registration documents, or if there even exists
> a current policy with respect to those documents. (My sense is that there
> currently exists -no- policy relating to those documents.)
>
> It would be technically inaccurate, I think, and a misuse of the English
> language to say that I desire to see a change to something which does not
> now even exist.
>
>
> Regards,
> rfg
I really have no idea where this discussion is heading, I am not a lawyer,
etc. etc, but let me play "devil's advocat" and be a bit provocative :-)
* My ad-hoc assumtion for any organization would be that any partner/
member/customer information is confidential unless the affected parties
have agreed to make it public.
viz. https://www.ripe.net/publications/docs/ripe-733#31
From one of your yesterday's emails:
> *) The first sentence makes a quite sweeping and a quite generalized
> assertion
> and yet provides exactly -zero- references to support the assertion.
>
> From whence does this alleged "duty of confidentiality" arise? From
> law?
> If so, which law and in which jurisdiction?
Jurisdiction, at least, is easy. RIPE-673 (initially quoted by
you but outdated) and all it's successor documents until the current
RIPE-745 state in the very last section:
Article 11 – Governing Law
11.1 All agreements between the RIPE NCC and the Member shall be
exclusively governed by the laws of the Netherlands.
https://www.ripe.net/publications/docs/ripe-673
https://www.ripe.net/publications/docs/ripe-745
> *) Isn't the publication of WHOIS information a quite apparent and obvious
> violation of this purported "duty of confidentiality"? Or whould that
> be more accurately referred to as "the exception that proves the rule"?
>
> Could there be other and as-yet unenumerated exceptions to the general
> rule?
I would not consider this an exception. What goes into WHOIS and/or
into the RIPE database is well documented and can be known in advance
by anyone applying for resources.
This
https://www.ripe.net/manage-ips-and-asns/db/support/highlighted-values-in-the-ripe-database
e.g. explicitly mentions the distinction between public and confidential
resource holder data.
> My points above are, of course, pertaining only to information relating to
> legal
> entities other than natural persons, for whom GDPR is controlling. I should
> say
> also that although some may view me as nitpicking, these matters are of grave
> and serious concern, not just to me, but also to law enforcement and "open
> source"
> researchers everywhere.
Hmmm ... to put it bluntly:
* If you are law enforcement, get a warrant.
* If you are an "open source researcher", why should RIPE feel any
obligation to cater for your personal research needs?
Just because there might be non-competitive information that the
RIPE NCC is not obliged to keep confidential does not mean it is
obliged to make it publicly available, either …
… well, unless you are making a proposal for the RIPE NCC to
change the way it operates, as suggested earlier :-)
As I said in the beginning, intentionally provocative (and not necessarily
my personal opinion everywhere) … just because I can.
Cheers
-Andi
