Subject: [ncc-services-wg] @EXT: RE: 2018-05 New Policy Proposal (Publication of Legal Address of Internet Number Resource Holder) Date: Wed, Oct 10, 2018 at 03:23:06PM +0000 Quoting Marcolla, Sara Veronica ([email protected]): > Hi Erik, > > I must disagree. Information about the location of legal incorporation of a > company has nothing to do with the privacy of an individual as a natural > person. I think we should be very clear on this. We have repeated across this > mailing list several times now, this is why the amendment to the proposal was > put up for discussion in the first place. I (personally) believe it is a very > slippery slope to consider legal persons having the same rights as natural > persons - but this is not the place to discuss this.
1. When the legal entity is a one-person or very small conpany,
it under certain circumstances can be run as what is called
"enskild firma" in Sweden. In effect, this is an individual,
(that can have employees) taxed as a company, and as a person,
where the VAT registration number is derived from the SSN. You can
not separate the companmy from the person. If one goes bankrupt,
so does the other. Et cetera.
Putting this into the RIPEdb of all places is exposing the
individual. Probably to a level that would make the NCC liable in
any number of ways. Still, the data concerns a company.
Of course, this can be dealt with by exceptions, but rules that
need exceptions to even remotely work, are generally bad rules.
2. Today, the RIPEdb data needs independent verification. Anyway,
because anyone can inject pretty much anything. And associate it
to anything. (under their control) Since I control several objects
in the RIPEdb, I can create a person entry for you, and associate
you with my objects, making it look like you are responsible for my
networks. At least at a level that would fool the casual onlooker.
Trusting a directory that can not be trusted does not seem like a
fantastic idea.
3. The only sensible path, as has been discussed, is to follow the money.
You do not need every company in the RipeDB for that. Probably better
to ask peeringdb where people make certain that their data is up to
date so you can reach them with peering proposals.
4. Suggested route without useless data in RIPEdb:
a. You have an IP adress. Look it up in BGP.
b. Look up the AS you get from BGP in peeringdb.
c. Find website with contact details.
d. If no data in peeringdb, look in RIPE RIS for upstreams, get
a warrant or ask kindly which of their customers is using the
IP address. To get more specific data, that warrant should help.
This can be done _today_ without any policy work from RIPE. Without
furthering the police state. Without any privacy risks. But it does
require competence and curiousness from the investigator. I hope this
is not lacking, for then we're truly lost.
--
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE SA0XLR +46 705 989668
Are you selling NYLON OIL WELLS?? If so, we can use TWO DOZEN!!
signature.asc
Description: PGP signature
