Hi Sara, Assuming that law enforcement indeed has insurmountable problems obtaining the address of a resource holder during an investigation, and given all the international mechanisms and legislation currently in place, I think this is a big assumption, is there really no better idea you can come up with besides just publishing a bunch of personal information in a public database?
Regards, Alex Le Heux > On Oct 10, 2018, at 07:21 , Marcolla, Sara Veronica > <[email protected]> wrote: > > Hi Mark, > > You are indeed right. Very often self-employed people and really tiny > undertakings with specific activities operate from the private address of the > owner which then doubles as the address of the undertaking. However, for what > I can understand this Regulation does not cover the processing of personal > data which concerns legal persons and in particular undertakings > established as legal persons, including the name and the form of the legal > person and the contact details of the legal person. But even those have to be > somewhat recorded as businesses in their country, right? > > I would like to clarify that the aim of the proposal was never aimed to > publish information for which a warrant is needed. Only data that is publicly > available in national company registries. > > This is why I am actually liking a lot your idea of publishing the number > provided by a chamber of commerce or similar in the specific country. This > wouldhelp to unambiguously identify the resource holder, without prejudice to > the privacy of the individuals. The NCC has the registration number from the > registration papers that resource holders must sent them. Many countries > allow now to verify company details online, and for the others, it will be a > small step of additional due diligence (like thoroughly checking the > registration paper or asking for additional documentation). Implementing it > could imply slightly more manual work as we only started recently to save the > registration numbers of new members. Still, that would be something RIPE NCC > would need to sort out if such proposal would reach consensus. > > @ All > > What would you think if the proposal would be adjusted in that way (to > publish the registration number and the country of registration for resource > holder)? > > If there is a CSIRT rep on the list I’d as well like to hear their opinion on > this. > > Kind regards, > Sara > > > > From: Mark Scholten [mailto:[email protected]] > Sent: 10 October 2018 12:32 > To: Marcolla, Sara Veronica; [email protected] > Subject: RE: @EXT: RE: [ncc-services-wg] 2018-05 New Policy Proposal > (Publication of Legal Address of Internet Number Resource Holder) > > Hello Sara, > > If no address is used that is used as a home by someone and it is verified by > RIPE NCC it can work. However a business address can be a home address at the > same time. When that happens I'm strongly against publishing it. > > A better option is to mention the country off the resource holder and a > number provided by a chamber of commerce or similar in the specific country. > And if they don't have that some other number that can be used to identify > the organization. That way the legal system can work as normal (you can find > someone based on this number) and no new publication of an address is > required. > > At this moment I'm against this proposal and as long as at least this isn't > resolved I will be against. > > Kind regards, > Mark > > From: Marcolla, Sara Veronica [mailto:[email protected]] > Sent: Thursday, September 27, 2018 23:58 > To: Mark Scholten; [email protected] > Subject: @EXT: RE: [ncc-services-wg] 2018-05 New Policy Proposal (Publication > of Legal Address of Internet Number Resource Holder) > > Hi Mark, > > I read your concern about individual privacy and I am sure that in the > implementation of the policy, the safeguards and guarantees that are aimed at > protecting personal privacy and individual rights, especially following the > provisions of the GDPR, will be guaranteed. On this point, I believe that > even in this strong disagreement, we do agree. > > The aim of the policy, as you indeed understand, is to publish the location > of where to address non-technical concerns. That we like it or not, there are > other reasons that call for the need of quickly contacting a resource holder > other than a merely technical issue. And as Internet is global but chamber of > commerce databases are local, it is to be welcome an addition to a database > that can serve this purpose. Do you agree? > > In this sense, it is indeed helping to speed up legal processes - and it > speeds up the most basic first hurdle, that is “to whom can I address my > concerns that are not of (purely) technical nature”? I am not only speaking > here of Law Enforcers - but I am also speaking here of all those entities > that have to put into practice provisions coming from the NIS Directive for > example, or perhaps even the GDPR. All these require to immediately contact > for legal reason an entity, and this policy proposal would be a step into > this direction. All what can be done on the technical level (and you > rightfully mention RPKI and other measures surely effective technically) > needs to be complemented by what can be done to facilitate certain processes > in place that require actions other than technical. There are as well as you > say other actions to speed up other parts of the legal process and they are > being explored, but this proposal complements them, does not substitute them. > I know. It might sound a little philosophical but is in the end reflecting > the reality of what internet is now: not only a community of technicians and > enthusiasts, but a wider one. > > Kind regards, > Sara Marcolla > > Typed with a very tiny keyboard this mistakes can occur > > From: Mark Scholten <[email protected]> > Date: Thursday, 27 Sep 2018, 10:12 PM > To: [email protected] <[email protected]> > Subject: Re: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of > Legal Address of Internet Number Resource Holder) > > Hello, > > This should have come from my personal account. > > This are my personal opinions. > > Regards, Mark > > > -----Original Message----- > > From: ncc-services-wg [mailto:[email protected]] On Behalf > > Of Stream Service > > Sent: Thursday, September 27, 2018 23:08 > > To: [email protected] > > Subject: Re: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of > > Legal Address of Internet Number Resource Holder) > > > > Hello, > > > > I'm against this policy. Publishing the a number that refers to some local > > chamber of commerce registration is not a problem for me (if the resource > > holder is a company). However having an extra location to publish the > > address is something I'm against. Especially when the address/building is > > also the home of someone. If someone has a genuine right to obtain the > > address they will likely be able to get it anyway. > > > > Also in some cases the resource holder is a natural person. Please keep > this > > in mind with any policy that is created. > > > > This policy greatly violates any privacy law that might apply. At least > when > > the home address of someone is published. If it is a private person that > is > > the resource holder publishing the address is also a privacy violation I > > believe. > > > > Now about the rationale: > > > > > To make it more difficult for malicious actors to hijack block of IP > > addresses and therefore play a preventive role in protecting the community > > against malicious actors > > > > I don't believe this to be true. The only thing that really helps against > > malicious actors are technical actions that can be taken by networks to > > prevent accepting any routes that are not good. RPKI might help and other > > options might exist or can be created in the future when there is a > problem. > > A non-technical solution will not help in this situation. > > > > > Competent authorities to serve legal process to the party responsible > for > > the resources > > > > There are already legal options to get the relevant information and to > > contact the resource holder. No change for this is required to make it > > possible. > > > > > To reduce delays in serving legal process, avoid lost leads and evidence > > > > A better option for this is to look into the legal process and try to > speed > > that up in general. This doesn't help for it. > > > > In short: I'm strongly against the policy. > > > > Regards, Mark > > > > > -----Original Message----- > > > From: ncc-services-wg [mailto:[email protected]] On > > Behalf > > > Of Marco Schmidt > > > Sent: Thursday, September 27, 2018 15:11 > > > To: [email protected] > > > Subject: [ncc-services-wg] 2018-05 New Policy Proposal (Publication of > > Legal > > > Address of Internet Number Resource Holder) > > > > > > Dear colleagues, > > > > > > A new RIPE Policy proposal, 2018-05, "Publication of Legal Address of > > > Internet Number Resource Holder", is now available for discussion. > > > > > > The goal of the proposal is for the RIPE NCC to publish the validated > > > legal address information of holders of Internet number resources. > > > > > > You can find the full proposal at: > > > https://www.ripe.net/participate/policies/proposals/2018-05 > > > > > > As per the RIPE Policy Development Process (PDP), the purpose of this > > > four-week Discussion Phase is to discuss the proposal and provide > > > feedback to the proposer. > > > > > > At the end of the Discussion Phase, the proposer, with the agreement of > > > the RIPE Working Group Chairs, decides how to proceed with the proposal. > > > > > > We encourage you to review this proposal and send your comments to > > > <[email protected]> before 26 October 2018. > > > > > > Kind regards, > > > > > > Marco Schmidt > > > Policy Officer > > > RIPE NCC > > > > > > Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum > > > > > > > > ******************* > > DISCLAIMER : This message is sent in confidence and is only intended for the > named recipient. If you receive this message by mistake, you may not use, > copy, distribute or forward this message, or any part of its contents or rely > upon the information contained in it. > Please notify the sender immediately by e-mail and delete the relevant > e-mails from any computer. This message does not constitute a commitment by > Europol unless otherwise indicated. > > ******************* > ******************* > > DISCLAIMER : This message is sent in confidence and is only intended for the > named recipient. If you receive this message by mistake, you may not use, > copy, distribute or forward this message, or any part of its contents or rely > upon the information contained in it. > Please notify the sender immediately by e-mail and delete the relevant > e-mails from any computer. This message does not constitute a commitment by > Europol unless otherwise indicated. > > *******************
