In message <CAP-guGXTb9jZDFZ1WU=hbd2rddvs86ywsjgaenx2nshb_3m...@mail.gmail.com> William Herrin <[email protected]> wrote:
>Upon finding the complaint unsubstantiated, ARIN could even offer the >registrant the opportunity to redact anything they considered a trade >secret before publication... I want to be real real clear about this. It is absolutely *indisputable* that ARIN actually (and legally) *cannot* divulge anything that even remotely implicates any trade secret. That is true, I think _regardless_ of whether ARIN's investigation of any pattern of fishy facts causes them to reach a determination that the relevant member is or isn't engaged in fraud, and also regardless of any determination, by ARIN, that the member in question is or isn't in violation of policy. In short there are NO circumstances in which ARIN can, should, or may divulge trade secret or confidential proprietary business information. Indeed the mere mention, even just on this mailing list, of the notion of ever, under any circumstances whatsoever, exposing any information that might even conceivably be construed as a trade secret has likely already raised both the hackles and the alarm bells within the ARIN legal department... AS WELL IT SHOULD. So let's just keep that entirely off the table shall we? (It is anyway, legally speaking.) I personally do not ask for and would not want to be given any kind of legitimately "business confidential" information by ARIN, ever. I should clarify that I personally don't feel the need of any such anyway. Let's take as an example this case, i.e. the case of SL-206. Historical ARIN WhoWas records show clearly that this entity was granted ARIN membership on or about 12-11-2012. On or before that date, this member must have submitted, to ARIN, some sorts of bona fides documents as part of its membership application package. It may perhaps have submitted to ARIN other documents as well, including perhaps some to be used as justification for either the IPv4 /19 block that it was later assigned, and/or some to be used as justification for the ARIN-assigned ASN that it was later assigned. But any such additional documents would have been separate from any basic incorporation document(s) attesting to the mere fact that they were who they said they were, i.e. legal representatives of a Nevis-incorporated and Nevis-domiciled legal entity formally known as "1337 Services LLC". It is not clear to me what specific documents ARIN may hold that were submitted by the legal representatives of this entity and which ARIN may have required at the time in order for this entity to be granted a membership, in the first instance, and number resources, either subsequently or concurrently. In any case, in and among all of these documents we (and ARIN) may reasonably hope that there was one which was (a) signed by an actual legal representative of the company and that (b) asserted that the company would be engaging in some type of commerce or presence within the region, as called for by NRPM Section 9. Whatever document made that assertion could rather easily be redacted, by ARIN, of all other information and then presented publicly. And indeed, if I were to ever give an "I have a dream" speech, on the Capitol Mall or elsewhere, I would express my dream that someday all five Regional Internet Registries would cease racing to the bottom of the barrel against all of the most disreputable and dodgy "offshore" secrecy jurisdictions on the planet to see which one could be the absolute worst in terms of basic and minimal transparency. To put it more plainly, I see neither any justification, legal or otherwise, nor even any persuasive reason why any of the five RIRs should not immediately place on their respective web sites those documents, redacted as necessary, which would show the names, signatures, and contact information of all legal representatives of all members, as well as any additional basic assertions they have made regarding their locations and domiciles, and their bare intents, if any, to do business in this or that region. None of this information may be reasonably construed to represent either "trade secrets" or even "confidential business information", unless one is in the business of tax avoidance, money laundering, sanctions busting, or merely hiding your assets from your soon-to-be-ex spouse, and nobody can credibly claim otherwise, not even any of those high-priced mouthpieces that adorn such opaque havens, as Nevis & St. Kitts, the British Virgin Islands (whose President was just busted in the U.S. on drug charges), the Cayman islands, The Isle of Man, Guernsey, Belize, U.A.E., the Seychelles Islands and the Marshall Islands. It does not give up any real commercial advantage to have it be known who is behind a given company. This kind of information is clearly not even in the same ballpark as information saying that company X has plans to rent such as such number of racks of servers in such and such data center. All five Regional Internet Registries are however, as of now, continuing (for their own obscure reasons) to perpetrate this myth that _all_ information that is ever given to them by member organizations falls under the heading of "business confidential". This just isn't true and they know it. Yet they all continue to pretend that they are all incapable of making the kind of simple discriminations that any five year old makes when he picks the undesirable broccoli out of his salad. In Europe, all EU and NATO countries are now acutely aware that business as usual and accepting dirty money from Russian oligarchs is no longer a respectable enterprise. Even well before the outbreak of the Ukraine war, the EU had already promulgated a series of anti-money-laundering regulations which they mandated all indivdual EU contries to adapt local national laws to. The most recent of these regimes is know as 5AML -- the Fifth Anti-Money Laundering Directive. Among many other things this directs all EU conutries to "open the books" as it were and to create publicly accessible national registries wherein any citizen of earth will be able to look up the actual beneficial owners of any corporate entity within any EU country. This EU directive is still quite some ways off from full implementation throughout all EU countries, but at least we must give the Europeans credit for trying. Quite the opposite may be said of all five of the Regional Internet Registries. They all continue to jelously and greedily cling to every last scrap of information about their respective members as if even just the names of the people responsible for these member organizations were the last life preserver on the Titanic. All five remain as opaque as the proverbial black cat in a dark room. You would have more luck getting blood from a stone than you would if you ever tried to get any of the RIRs to divulge even just the names of whoever had signed the original membership application papers for *any* member, corporate or otherwise. Indeed, I have even heard it said that some of the RIRs, at least, have actively fought against even lawful subpoenas handed to them by legitimate law enforcement agencies, requesting the identities of the people behind certain member entities. In short, every last one of the RIRs has elected to to be as opaque, if not even more opaque, than the worst of the worst notorious corporate secrecy jurisdictions that I have listed above. Their decisions to pursue this course were utterly indefensible even before the outbreak of hostilities in Ukraine, and they are even less so now. How many Russian oligarchs have laundered their fortunes into large eyeball or transit providers in the U.S. and/or elsewhere? Good luck finding out because you can't. The bottom line is that it should not take either an act of congress or even a subpoena to find out just the names and the contact info for the people who have submitted membership applications to any RIR, including ARIN. But it does. None of this may seem at all related to the specific case of SL-206 and the apparent error which allowed its membership to be approved and to continue in force for ten years. And arguably it isn't. But in point of fact, it is. If anybody reading these words doesn't understand why it is, raise your hand and I will be only too happy to explain it in detail. For now, and in closing, I will just say that I am sick and, quite frankly, effing tired of all of these ridiculous "hide the ball" games. There is no reason for any of it. There is nothing in either law or contracts that obliges any RIR to keep secret even the names and contact information of the individuals who complete membership applications. When RIRs do keep that information secret, it is by choice and not by legal obligation. It is past time for the RIRs to join with Europe and the rest of the civilized world and to cease pandering to the criminal element by unnecessarily helping them to hide their faces from the disinfecting sunshine that is the light of day. If they don't, then honest men and women the world over should rightly judge them to be every bit as notorious, disreputable, and cuplable as the Cayman Islands were in decades past. (More recently, Cayman Islands has cleaned up its act considerably, or so I have read.) It is said that Caesar's wife must be above reproach. The five RIRs are failing this test miserably on the basis of their abject opacity, and I am quite sure that they all will come to regret it... even the ones that haven't already. Regards, rfg _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
