Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Martin Hannigan  wrote:

>You can't describe a single bad act related to $state of a corporation in
>any US commonwealth, state, province or possession

Well, the term "bad act" is potentially rather broad, and might cover a whole
lot of things that aren't even unambiguously illegal in the jurisdictions
where they originate.  But as a general matter, it was never my intent to
prove what you call "bad acts" on the part of any specific or individual ARIN
resource holder, nor would any such proofs even be relevant here.  This is not
thet Bad Acts mailing list.  This is the ARIN public policy maling list, and
the only things that are relevant here are ARIN policies and procedures, and
I've provided ample evidence here, AS YOU DEMANDED, to support my primary con-
tention that there exist entities, and perhaps even many entities, that have
been formally and irreversably dissolved within their home jurisdictions and
that nontheless continue to be registrants of (scarce) ARIN number resources.

I understand that this continued mis-allocation of scare resources to long-
dissolved corporate entities doesn't bother you in the slightest.  That's fine.
You are entitled to your opinion.  I however see the situation as being at
least problematic, and I suspect that most or all of the organizations which
have been waiting patiently for months on the ARIN Wait List for fresh resources
do also. 

I suppose that we could ask them.  Shall we do that?


Regards,
rfg

___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Martin Hannigan  wrote:

>As a smaller member of ARIN and someone managing multiple entities I can
>confirm its easy to miss a regulatory filing.

Yes.  Or two of them, or three of them, or ten of them in a row, apparently.

>It's also fixable by coming back into compliance with the required filing,
>payment or action.

In some states and for some entities this is true, apparently.  In other states
and for other entities it is not true however.  (I know.  I checked.)

For example the Colorado entity formerly known as "Azure Technology Co., 
Limited"
has been dissolved in an IRREVERSABLE manner via judicial order, and based upon 
an
unopposed legal action whichw as filed by the Colorado Attorney General's 
office,
and which is presently abailable on the Colorado Secretary of State's web site.

This Colorado judicial action is NOT reversable.  I know.  I checked.  You 
cannot
un-ring this bell.

>Serious people may want to read:
>
>https://www.delawareregisteredagent.com/delaware-registered-agent/how-to/revive-delaware-corporation?gclid=3DCj0KCQjwrs2XBhDjARIsAHVymmRqXJv9AkEGHs4yPSXGQKon8kASoWnk4RKT0WOXBBn2cZLFXL21wPwaAlyhEALw_wcB

You should make it point to read your own references.  I quote:

   3. If you dissolved your Delaware corporation it will show as "Cancelled".

  The Delaware Division of Corporations supports a lot of our state. As 
such, it's more
  like a business operation than an arm of a government branch. It's one 
big operation
  and as many of you feel, a little bit of a racket. Most states just 
dissolve your
  company after a few years...

Please read that last sentence again.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <08e5ce04-437c-476e-8929-ec1db4bbb...@arin.net>, 
John Curran  wrote:

>> I remind you also that official California State records indicate that this 
>> company has
>> been dead and dissolved for TEN YEARS.
>> 
>> Would you care to explain John?
>
>Please note that the company in question is _suspended_ not dissolved.  As 
>previously 
>noted, there is a significant difference ? ARIN does not act against 
>organizations solely 
>on the basis of their corporate status being suspended, as it can easily be 
>the result of 
>tax filing delay, etc.  

I stand correscted and thus owe you, John, my profuse and abject apology.

You're right, and I now have to hang my head in shame, not only because I was 
wrong
about the exact status of this company in official California records, but also
because I'm embarassed that my own home state of California, in its infinite
wisdom, has apparently elected to allow companies that fail to meet their legal
obligations to the state to continue to exist in this sort-of goofy (but 
apparently
reversable) zombie "suspended" state for as long as ten years or longer.  (I 
will be
having a word or two about this with my State Senator and my State 
Representative.)

Other states, e.g. Colorado and others, do in fact take binding and irreversable
legal action against companies that fail in their minimal obligations to their
home states, but not California.  Given that sad fact, I have to agree that 
there
are serious limitations on what ARIN can do or may do with respect to the 
perennial
zombie that is Centauri Communications and/or any other such zombie corporate 
entities
that are similarly situated.

That all having been said, I think that I still do have a valid point in saying
that the community and/or the management could, if either wished to do so, 
reclaim
resources from entities that have indeed been fully, irreversably, and legally
dissolved.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Martin Hannigan  wrote:

>So you're the only right person on planet earth? I admire that.

I can't recall having made any such assertion.

>You already admitted you had zero data to backup your claims. *Stop wasting
>our time, Ron. *

I also have no clear recollection of having said that, but even if I did,
that was then and this is now, and I've done some research over the past
couple of days that's turned up a number of dead/defunct/dissolved corporate
entities that remain as ARIN customers.

So, you want data?  Here's some data for you to chew on.  I have listed
below twenty eight (28) different dead/dissolved ARIN resource customers.
The non-legacy stuff is listed first, followed by the legacy stuff.

I believe that I have been conservative in formulating this list, i.e. I'm
only listing ARIN resource customers that I am fairly certain are in fact,
and provably defunct, legally speaking.  But of course, if I have made
any mistakes, then I'd be grateful to be enlightened about those.

If these 28 companies aren't enough for you, then by all means let me know,
because there's plenty more where these came from, and as I said, it is
pretty much like shooting fish in a barrel to find these things.


NON-LEGACY STUFF
---

CENTA-3 - Centauri Communications (US/CA - dissolved)
74.116.64.0/21
199.16.104.0/22 (unrouted)
208.74.64.0/22

CTC-211 - Azure Technology Co., Limited (US/CO - dissolved)
(foormerly CloudDOS Technology Co. Limited - Hong Kong)
AS53587
45.61.192.0/18
104.171.224.0/20
104.232.128.0/19
168.235.240.0/20

2020N - 2020Net, Inc. (US/VA - never registered??)
204.232.0.0/18 (unrouted)

2CHEC 2checkout.com, Inc. (US/GE,OH - status: withdrawn)
ASS32734
64.128.115.0/24
162.221.60.0/22

111S One Eleven Internet Services (US/IL - Dissolved)
AS12285
216.175.0.0/18

1UWEB - 1U Web, INC. (US/CA - never registered??)
AS32045
173.255.0.0/20
206.221.208.0/20

INTER-1366 - Internex Inc. (US/FL - dissolved - 09/28/2012)
AS12110
199.47.172.0/22


LEGACY STUFF [*]
---

1000KL - 1000Klub Software (US/CA - never registered)
204.107.243.0/24 (unrouted)

101INT - 101 International, inc. (US/CA - surrendered)
198.134.161.0/24 (unrouted)

1CCC - 1990 CyberNet Communications Corporation (CA/BC - Inactive)
199.60.233.0/24 (unrouted)
199.60.234.0/23 (unrouted)
199.60.236.0/24 (unroured)

1SS - 100 Percent Software Solutions, Inc. (US/CO - Administratively Dissolved)
198.49.96.0/24

1UPCOM 1-Up Computing (US/CO - dissolved)
(note: name chagned to UPLINK COMPUTING SOLUTIONS, INC)
199.165.157.0/24 (unrouted)

22SOLU - 22 Solutions (US/CA - never registered)
204.75.133.0/24 (unrouted)
204.75.134.0/24 (unrouted)

2500AD - 2500 AD Software, Inc. (US/CO - never registered)
198.184.135.0/24 (unrouted)

2CS-1 - 21st Century Systems, Inc. (US/CA - never registered)
205.159.228.0/24 (unrouted)

3CC - 3C Consulting Corporation (US/IL - dissolved)
205.142.192.0/22 (unrouted)

3KASSO - 3k Associates, Inc. (US/VA - Inactive/Terminated as of 07/31/2018)
198.151.172.0/24 (unrouted)

NAAINE - Naai Net, Inc. (US/CA - never registered)
204.238.33.0/24 (unrouted)

NAC-16 - Network Architecture Consulting Incorporated (US/CA - never registered)
192.124.36.0/24 (unrouted)

NAI - North American International (US/IN - dissolved)
(Note: DBA of NORTH AMERICAN INTERNATIONAL TRADING & INVESTMENT 
CORPORATION)
198.199.130.0/24 (unrouted)

HAMILT - Hamilton Communications (US/CA - never registered)
192.207.15.0/24 (unrouted)

PATHFI - PathFinders (US/KS - never registered)
199.233.175.0/24 (unrouted)

MSCIMGT - Minnesota Supercomputer Center, Inc. (US/MN - withdrawn)
198.207.141.0/24 (unrouted)
198.207.142.0/23 (unrouted)
198.207.144.0/24 (unrouted)

REACHS - Reach Software (US/CA - surrendered/terminated)
199.165.185.0/24 (unrouted)
199.165.186.0/24 (unrouted)

CBFSYS - CBF Systems, Inc. (US/MI - existance ceased - 2008)
(aka "VMP MORTGAGE SOLUTIONS, INC.")
198.184.134.0/24 (unrouted)

OPT-4 - Open Port Technology, Inc. (US/IL - dissolved - 1 July 2006)
205.166.150.0/24 (unrouted)

TCGCL - Thomas Cook Group ( Canada ) Ltd. (CA/ON - inactive/discontinued)
198.102.224.0/22 (unrouted)

SINIST-2 - Sinister and Solitary (US/ME - never registered)
AS10255

---
[*] Note: Some long-dead entities may have ceased to exist so long ago that
now there are no records of even their existance anymore, either on the web,
or in any 

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

John Curran  wrote:

>ARIN has not been directed by the community in any policy to embark on a 
>general review
>of all entities in the ARIN database looking for ?dead and defunct corporate 
>entities? - so if
>this is what you are suggesting, then you are correct - such a task would be 
>very low priority
>indeed.

I should clarify that I am _not_ proposing and that I shall not be proposing 
that ARIN
staff should proactively launch a search for dead/defunct/dissolved ARIN 
resource-holding
customers.  Indeed there seems to be no need for that, as I and other 
volunteers can do
that job.  (I have already found over a dozen such defunct entities that remain 
ARIN
resource holders, just by surveying a small, semi-random sample of ARIN IPv4 
resource
customers.)

The problem isn't finding these things.  The problem is that ARIN clearly 
doesn't want to
*do* anything about these cases, even when ARIN is informed about them.  The 
example of
CENTA-3, which ARIN sat on, and which it is still sitting on, with no action 
for nearly
two years now makes that altogether clear and obvious.

I stopped working on my random sample survey after awhile because it started to 
just be
ridiculous.  Frankly, it was like shooting fish in a barrel.  These things are 
not at
all hard to find, and there are a lot of them.

There are some 31,000+ direct resource customers of ARIN represented within the 
current
ARIN WHOIS data base.  And that isn't even counting the organizations that hold 
only
ASNs but no IP address resources.  If a mere 10% of those are legally dissolved 
now,
then that means that some 3,100 of them could have their IP block resources 
reclaimed
and eventually redistributed to the 407 legit and legal organizations that are 
currently
sitting patiently on the ARIN Wait List, thus easly eliminating the Wait List 
altogether,
and several times over.  That would be an Absolute Good.

And lest anyone incorrectly think that only 10% of ARIN current direct resource 
customers
are dead, defunct, and dissolved former corporate entities, allow me to here 
dissuade
you of any such notion.  Based upon my own very limited random sample, my 
conclusion is
that the true figure may be *conservatively* estimated to be much higher, and 
in fact
somewhere well north of 25%.  (I was going to say "well north of 30%" but if I 
did,
none of you would believe me, so let's just call it 25%.)

But of course, none of that matters so long as ARIN staff have been given the 
order to
do nothing, even about the dead companies they are told about.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <69ed05b4-afc0-48ea-b466-417b2dab4...@arin.net>, 
John Curran  wrote:

>From where I am sitting, and based on my substantial knowledge of ARIN's 
> past actions,
>your answer sounds an awful lot like "No, we're not going to do that.  We 
> have better
>things to do."
>
>Actually, my meaning is absolutely clear based on plain language usage -
>We _will_ endeavor to look into such situations and correct where possible

Great!  When?

In October of 2020, a spokesperson for ARIN was quoted by journalist Brian 
Krebs as
saying that the matter of the long-ago dissolution of Centauri Communications
(CENTA-3) would be investigated:

   https://krebsonsecurity.com/2020/10/the-now-defunct-firms-behind-8chan-qanon/

It is now August, 2022, and the evidence of ARIN's commitment to investigating 
such cases
(or rather, the utter lack thereof) is now crystal clear and evident for all to 
see.  A
full 21 months later and the ARIN staff has done absolutely nothing to either 
investigate
or action this case in any way.

This isn't ambiguous.  We have the reciepts.  ARIN was informed.  ARIN said it 
would
investigate.  ARIN did nothing.  ARIN lied.

And yet here you are, repeating the lie yet again, and still falsely claiming 
that ARIN
"_will_ endeavor to look into such situations and correct where possible".

The problem is that ARIN won't.  The evidence is clear.  ARIN just won't.

(I was wrong in my prior email to suggest that ARIN would give a low priority 
to the task
of reclaiming number resources from dead companies.  In fact, the evidence is 
clear that
ARIN has given and will give this effort ZERO priority... or maybe even a 
negative
priority.)

>And finally, could you please explain, John, how your reluctance to 
> reclaim those
>valuable IPv4 assets from dissolved and now non-existant corporate 
> entities comports
>with ARIN's basic mission to be good shepherds of ARIN's finite and 
> limited resources?
>Because I'm not seeing it.
>
>
>There's no reluctance on ARIN's part to researching any reports submitted and 
>taking
>appropriate action - including "reclaim(ing)  those valuable IPv4 assets from 
>dissolved 
>and now non-existant corporate entities"

You are prevaricating John, and the facts regarding Centauri Communications 
demonstrate
otherwise.  ARIN was informed about this case over 21 months ago, and an ARIN 
spokesperson
at that time confirmed to Brian Krebs that this case would be investigated.  
However as
anybody who knows how to use the ARIN WHOIS server can plainly see, absolutely 
nothing
has changed with respect to this long-dead entity and/or the several IPv4 
blocks that
were and are registered to it (and that are now being squatted on by 
_somebody_) in all
of the past 21 months.

I remind you also that official California State records indicate that this 
company has
been dead and dissolved for TEN YEARS.

Would you care to explain John?

Why has ARIN staff utterly failed to keep its commitment to investigate this 
case,
and/or to reclaim the associated IPv4 blocks, even a full 21 months after making
a commitment to do so?

Why does ARIN continue to allow unknown squatters WHO HAVE NO RSA CONTRACT WITH 
ARIN
to use the four IPv4 blocks assigned to the long-dead Centauri Communications?

Why must the pending IPv4 requests of numerous live and legitimate organizations
languish unfulfilled for months on end on the ARIN Wait List when there are 
blocks
being squatted on, illegally and without any contract, that ARIN is simply 
turning
a blind eye towards?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <15104.1659732...@segfault.tristatelogic.com>, I wrote:

>Although I have no objections whatsoever to giving my best effort to drafting
>and defending a policy proposal on the topic of dissolved resource-holding
>entities, I am well aware that the policy adoption process could possibly
>take quite some months.  In the interm. what, if anything, does the CEO feel
>either can or should be done, by staff, with respect to such dissolved entities
>that may come to staff's attention?  Obviously, having clear and ratified 
>policy
>guidance in place is optimal, but I am not persuaded that the current absence
>of such clear guidance entirely precludes ARIN staff from appropriately 
>actioning
>such cases on its own authority, consistant with ARIN's overall mission of 
>being
>good shepherds of limited resources.
>
>Your thoughts?


Still awaiting your response on this John.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies

[Ronald F. Guilmette]

In message <1488039433.20658.1659838764951.javamail.zim...@cameron.net>, 
Mark Andrews  wrote:

>Go back and read John's comments again.
>He did say heirs/successors had rights in probate.
>I asked him to repeat that and he did.

Of course heirs and successors have rights in probate!  However if John had
mistakenly asserted that the heirs and successors of any party that had ever
signed Version 12.0 (or 11.0 or 10.2 or 10.1, or 10.0) of the RSA have
_any_ rights with respect to the number resources that were assigned to
that (now dead) person or company, then I would urge John, and indeed
everyone with a serious interest in these matters to re-read Section 7
and also Section 10(c) of Version 12.0 of the RSA/LRSA.  Because those
sections are quite clear.  ARIN-issued number resources are explicitly
NOT property and also are explicitly NOT a part of any bankruptcy estate.
Thus they MAY NOT be inherited by a heir, successor, or assign.  Period.
Full stop.  It's in the contract.

I suspect that if John said anything about "inheriting" rights to number
resources, then he was most likely only refering to those (legacy) resources
for which no RSA�or LRSA had even been entered into.

In short, rights to legacy resources may be inherited by heirs, successors,
and assigns.  In contrast, rights to non-legacy resources (where a previously
signed RSA or LRSA does exist) MAY NOT be inherited by an heir, successor,
or assign.


Regards,
rfg

___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies

[Ronald F. Guilmette]

In message , Steven Ryerse  wrote:

>The many posts to the PPML reflect your desire to somehow reclaim Legacy
>IPv4 space that isn't being used or space that might have been acquired
>in a way that is deemed unethical or possibly worse. 

Who exactly are you responding to?  Me?  If so, I will clarify yet again
that *I* have not expressed any "desire to somehow reclaim Legacy IPv4 space".
Somebody else in this thread may have expressed such a desire, but not me.

I have been consistant, I think, in expressing a desire only to see ARIN
staff reclaim number resources that remain assigned to legal entities that
have ceased to exist.  Some of those number resources are legacy rsources,
but many (most?) of them are actually non-legacy resorces.  (The example
that I put forward here was of a set of non-legacy resources that remain
assigned to what is clearly a long-dead company.)

Indeed, I have gone out of my way to make it clear that I have less than
zero desire to have ARIN staff perform any reclamation specifically on
or against legacy resources UNLESS the resources involved are assigned
to demonstratably defunct corporate registrants.

>ARIN has to treat all legacy holders the same whether they were Class A
>or Class B or Class C

No, it doesn't.  If the "holder" no longer exists, legally speaking, then
ARIN can reclaim the associated number resources.  (But I do agree with
you that the _size_ of the resources involved is totally irrelevant.)


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] ARIN actions regarding address blocks with no valid POCs (was: Re: Deceased Companies?)

[Ronald F. Guilmette]

In message <0d9ea1a5-fa43-2576-282c-2a0ca4d1a...@ipinc.net>, 
Ted Mittelstaedt  wrote:

>Nobody not even me is suggesting that.  What I am saying is that the 
>ARIN community has that power.

Yes, the ARIN staff can do whatever the ARIN community directs it to do
with regards to legacy blocks... at least until someone with deep pockets
decides to go to court and seriously fight against whatever the community
decided to do.

I feel sure that it would greatly simplify the lives of both John Curran
and the entire ARIN staff if all of the legacy resources could, without
any consequences, just be returned to inventory.  But I don't see that as
being at all likely, particularly in the case of the non-dead legacy
resources holders, many of which would surely sue.  And here is where
the example of AFRINIC becomes a cautionary tale.

For my own part, I feel entirely content to leave well enough alone when it
comes to non-dead registrants of legacy resources.  Where a legacy resource
is still assigned to a dead/dissolved entity however, I believe that
reclamation is appropriate, and if it were done then it isn't even clear who,
if anyone, would even have standing to sue over that.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] ARIN actions regarding address blocks with no valid POCs (was: Re: Deceased Companies?)

[Ronald F. Guilmette]

In message <9f1deed6-7de7-aaff-33ff-8b71f4fcb...@dilkie.com>, 
Lee Dilkie  wrote:

>The legacy blocks were created and in existence before ARIN took responsibility
>of them and while ARIN could simply take them all back, with no regard for
>history, it smacks of "colonialism" to me. You know, where the enlightened
>civilized folks take property from the savages because they can put it to
>better use. Those savages aren't even paying tax (arin fees) so really they
>should have no rights at all.

Even ignoring the rather colorful and vivid imagery of the above statement,
I would suggest that, as a purely pratical matter, it would be highly
inadvisable for ARIN to make any effort to reclaim any of the some 175+
million IPv4 addresses currently assigned to the United States Department
of Defense.

They have tanks.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] ARIN actions regarding address blocks with no valid POCs (was: Re: Deceased Companies?)

[Ronald F. Guilmette]

In message <651e83ae-3cb5-c5ff-5601-07ffefd44...@ipinc.net>, 
Ted Mittelstaedt  wrote:

>It is likely that what the community does with regards to the legacy 
>blocks will have an effect on the "deceased company" issue but the 
>simple reality with registered blocks, which John has tried to get 
>people to understand, is that as long as an entity is paying the renewal 
>fees, while it might be apparent that the block is "on autopilot" and is 
>not in use/being sat on/etc. and that is incredibly irritating, the 
>existence of ongoing payments and ongoing claims that the block is "in 
>use" by the payor and the existence of the original contract between the 
>entity and the RIR, all of that establishes a legal right to continue to 
>have the registration, by that entity.

No.  I believe that you are seriously misreading and misinterpreting John's
comments.

My interpretation of John's comments here recently is that if indeed a
legal entity to which ARIN staff had assigned some resources ceases to
exist, e.g. because it has been dissolved, then by definition, and under
law, any previously executed RSA or LRSA that the entity in question and
ARIN both entered into is effectively null and void.  Standing on its own,
any such contract has no more legal weight than if you had a contract with
a dead man.

 "If you had a contract, it was with him, and it died with him."
-- Pappagallo (Michael Preston)
-- The Road Warrior (1981)

I am in complete agreement with this viewpoint, and indeed, I believe that
this is the only legally defensible view that it is possible to have on this.

>From a legal perspective, it doesn't matter one wit if some _other_ person,
persons, corporate entities, or some other unrelated mystery benefactor(s)
have been continuing to pay the annual ARIN invoices.  Absent some explicit
judicial ruling to the contrary, you can't have a contract with a dead man,
or with a dead company.  That's just not how any of this works.

Now, it is of course possible that some court in some jurisdiction _may_
possibly issue a ruling that the dead company's assets, including, in
particular, its ARIN-administered number resources (or the rights associated
therewith), shall be transfered to some new and different "owner", but if
ARIN staff do not receive a verified copy of such a judicial ruling in a
timely fashion then there is nothing which would reasonably preclude ARIN
from simply (and unilaterally) declaring the old contract null and void,
and then returning all relevant number resources to inventory.

Please note also that the most recent version(s) of the RSA and LRSA take
some pains to assert that EVEN IF some heir, successor, or assign (or any
other party) of some recently deceased entity were to try to have a court
transfer ARIN-administered number resource assets to that heir, successor,
or assign, any such attempt is itself null, void, and contrary to the plain
terms of the RSA/LRSA contract, (See Section 7 and also Section 10(c).)

Also, John asserted another sepatate but relevant point:  He knows of no
special "magic" which forces, legally or otherwise, ARIN to treat legacy
resources any differently from non-legacy resources EXCEPT insofar as ARIN
staff have been explicitly _instructed_ to treat legacy resources differently
BY THE COMMUNITY.  (I feel sure that John will correct me if I am
misrepresenting his recent comments here in any way, but I don't think that
I am.)

So there you have it friends.  Legally speaking, and in the absence of any
explicit judicial ruling to the contrary, it doesn't matter in the slightest
if some related or unrelated party has or has not continued to pay the
annual ARIN invoices.  It also doesn't matter in the slightest if the
number resources at issue are legacy or non-legacy.  If the legal entity
to which the resources were originally assigned is dead, then it's dead.
Full stop.  (Note that the vast majority of both legacy and non-legacy
resource registrants are quite obviously non-dead, e.g. AT, the U.S.
Department of Defense, MIT, Hewlett Packard, Stanford University, Apple,
Inc. etc., etc..)

For all entities that _are_ dead/dissolved however, ARIN owes them nothing,
for the simple reason that there is no applicable contract which has not
already been rendered null and void by the demise of all such entities.
And it logically follows that ARIN can do with the assigned number resources
of all such entities whatever it pleases, or, more accurately, whatever the
community directs ARIN staff to do with or about such resources.

>The actual truth is that if the community was united it could revoke all 
>legacy blocks tomorrow despite whatever legalities people out there 
>would argue. 

I am not persuaded that this is true.  As I have argued above, I believe
that ARIN staff may, if so directed by the community, reclaim and return
to inventory most or all of the number resources that have been assigned

Re: [arin-ppml] ARIN actions regarding address blocks with no valid POCs (was: Re: Deceased Companies?)

[Ronald F. Guilmette]

In message <651e83ae-3cb5-c5ff-5601-07ffefd44...@ipinc.net>, 
Ted Mittelstaedt  wrote:

>ARIN is the only RIR that has legacy blocks...

As Mike Burns noted, and as I can confirm, this is not actually accurate.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <985aee56-362c-47cb-a6a9-c1f296573...@arin.net>, 
John Curran  wrote:

>> ...
>> Second, with respect to the rather superficial legal analysis included in
>> my prior email, that analysis was and is hampered somewhat by a key point
>> of ignorance on my part.  Specifically, it is unclear to me if ARIN staff
>> (or policy) requires that resource-holding entities sign and return a fresh
>> new RSA... presumably having the latest and greatest RSA version number...
>> at every point in time when such an entity has requsted (or is assigned)
>> some new allocation of number resources.  Can any kind soul enlighten me
>> on this point?
>
>If one engages with ARIN to obtain new resources (or make any similar 
>substantial
>change to their number resource holdings), ARIN will seek entry into the 
>current RSA
>if the present agreement is more than two versions back.   We don't update the 
>RSA 
>very often, but feel that some leeway in this regard is still operational 
>sound and helps
>reduce administrative overhead of working with ARIN. 

Thank you for this info John.

My own feelings on this are quite entirely different.  Although a case can be 
made
that it is a laudable goal to reduce the "administrative overhead" that 
resource-
holding entities must deal with, that consideration is, I believe, far 
outweighed
by the value, to the community. to the membership, and yes, even to the staff, 
of
having as many resource holders as possible bound by the exacting legal language
of the latest and greatest RSA at all times.  In fact, if by some miracle I were
to be elected king of ARIN tomorrow, I would immediately decree that all 
resource
holders that have ever entered into an RSA or LRSA contract with ARIN would be
obliged to sign and submit a fresh and up-to-date new RSA or LRSA with ARIN 
annually,
in conjunction with their annual fee payments.

That having been said, I understand that I might possibly be the one and only
person in the community holding such a view.  Even so, acquiring new number
resources from ARIN staff is, for most resource holders, a somewhat rare but
very significant event, and I believe that it is not and would not be an undue
burden on any resource holder to sign and submit a new, fresh, and up-to-date
RSA or LRSA as a condition of being granted any new number resources.

That having been said, I understand that this also should be the subject of its
own separate and formal policy proposal.  I will endeavor to create such.

>> I can well understand why ARIN staff and management may wish to have the
>> average Joe Schmo looking only at the most current version of the RSA,
>> but deliberately making older versions of this key document unavalable,
>> even to researchers, is unacceptable and should be rectified forthwith.
>
>This is not intentional (nor different than the practices of most 
>organizations)
>but rather the desire to minimize confusion and potential for parties using the
>wrong version when dealing with ARIN.  However, it should be relatively easy
>to provide a suitable reference archive, and we will endeavor get such setup
>shortly for that purpose. 

Thank you for that also John.  Much appreciated.  Even some future Internet
historians may someday thank you for making all versions of the RSA widely
available.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <892467ae-f237-49b1-b854-c5e682397...@arin.net>, 
John Curran  wrote:

>It is altogether clear to me what must, at the very least be done.  At the
>very least, the community and/or the membership should give clear guidance,
>immediately, to John Curran and the ARIN staff regarding what they should
>do when they become aware, VIA ANY MEANS OR CHANNEL, of the dissolution of
>any resource-holding entity that has ever signed an RSA agreement with
>ARIN.
>
>...
>So, it is clear, to me at least, what must, at a minimum, be done.  The
>question remains of what process should be used to achieve it.  Should this
>be a "consultation" or should it instead be a formal policy proposal?
>
>
>I would suggest a formal policy proposal; you can find additional 
>informationon 
>submitting such here - https://www.arin.net/participate/policy/pdp/appendix_b/

Thanks for this John.

Would I be correct to infer also from your other comments that the CEO would
have no objection if a policy proposal were put forward to give clear guidance
to ARIN staff, specifying what its response should be to cases of dissolved
resource-holding entities, even if that proposal were generalized so as to apply
to corporate dissolutions of either/both legacy and/or non-legacy organizations?

One other question also John, if you please.

Although I have no objections whatsoever to giving my best effort to drafting
and defending a policy proposal on the topic of dissolved resource-holding
entities, I am well aware that the policy adoption process could possibly
take quite some months.  In the interm. what, if anything, does the CEO feel
either can or should be done, by staff, with respect to such dissolved entities
that may come to staff's attention?  Obviously, having clear and ratified policy
guidance in place is optimal, but I am not persuaded that the current absence
of such clear guidance entirely precludes ARIN staff from appropriately 
actioning
such cases on its own authority, consistant with ARIN's overall mission of being
good shepherds of limited resources.

Your thoughts?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In my my immediately prior email on this topic I neglected to mention three
important and entirely relevant points.

First, I should clarify the reason for my interest in this topic of dead
resource-holding organizations.  As some but not all here may be aware,
I personally have invested quite a lot of time and effort over the years
in finding and exposing Bad Actors on the Internet.  In the many years
that I have been doing this entirely uncompensated work, I have quite
certainly noticed what appears to me to be a marked correlation between
dead legal entities and the various kinds of Bad Actors that I seek and
too often find on the Internet.  Based on that, I cannot help but believe
that opportunities for mischief on the Internet would be reduced, to the
benefit of all, if ARIN and the other RIRs were to be somewhat more pro-
active in recycling the number resources of dead entities.

Second, with respect to the rather superficial legal analysis included in
my prior email, that analysis was and is hampered somewhat by a key point
of ignorance on my part.  Specifically, it is unclear to me if ARIN staff
(or policy) requires that resource-holding entities sign and return a fresh
new RSA... presumably having the latest and greatest RSA version number...
at every point in time when such an entity has requsted (or is assigned)
some new allocation of number resources.  Can any kind soul enlighten me
on this point?

This is no small matter.  In relation specifically to CENTA-3, if ARIN staff
has been in the habit of giving new resource allocations to old entities
_without_ simultaneously requiring the old entities to enter into a fresh
new RSA agreement, then the only signed RSA agreement that is legally
binding upon this now-defunct entity, CENTA-3, is whichever version of
the RSA was current as of 2006-08-22.  If on the other hand, ARIN staff
has been consistant if requiring a fresh new RSA�to be signed at each
point in time where new resources were granted, then the specific RSA
version which was current as of 2011-10-04 is the one that is legally
binding upon both parties.

This makes a difference, because the exact wording of what is now Section
10 of the most recent RSA version (12.0) most probably has changed, over
time, and may have been markedly different in 2006 than it was in 2011
and vise versa.

Third and lastly, I am compelled to express my profound dismay that ARIN
staff appears to be playing a somewhat elaborate game of "hide the ball"
when it comes to making available older / non-current versions of the RSA.
Reasonably diligent efforts to find these older RSA versions, by me, and
on the ARIN web site, were consistantly met with either web site "not
found" errors or by redirections to the current and latest version (12.0)
of the RSA, which is not at all what I was seeking.

Needless to say, the inability to obtain copies of older versions of the RSA
makes it literally impossible to form any reasoned opinion about what various
organizations, dead or otherwise, may or may not have been contractually
bound to do or not do.

Frankly, this all seems rather deliberate.  There are significant numbers of
historical documents available in the "vault" section of the ARIN web site,
however historical versions of what is arguably THE most important ARIN
document of all, i.e. the RSA, do not appear to be available, either in the
"vault" section of ARIN's web site, on in any other part of the ARIN web site.

To add further insult to this injury, I asked an old friend to contact the
ARIN billing department on my behalf to specifically and explicitly request
copies of the old RSA versions.  He did this, in the first instance, by phone,
and he was instructed to send the request via email to the billing department,
which he then did.  More than 48 hours later, no response whatsoever has
been received to this request, not even an acknowledgement of reciept.

I can well understand why ARIN staff and management may wish to have the
average Joe Schmo looking only at the most current version of the RSA,
but deliberately making older versions of this key document unavalable,
even to researchers, is unacceptable and should be rectified forthwith.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <9f92e0fc-2f3a-a6e3-ae88-dc260dfea...@ipinc.net>, 
Ted Mittelstaedt  wrote:

>I have used the block 199.248.255.0/24 previously on this list in the 
>past as an example of ARIN's nonsense when it comes to reclaiming old 
>blocks and to embarrass John Curran when he claims ARIN is cleaning house.

Although I am greatly appreciative of Ted's comments, which appear to be
supportive of the primary point that I most recently attempted to make here,
I am obliged to point out that the example of the 199.248.255.0/24 block,
and ARIN's seeming reluctance to reclaim it, *does not* actually support
the point that I have attempted to make here most recently. for one very
glaringly obvious reason:

RegDate:1994-10-11

199.248.255.0/24 is unambiguously a legacy block.  Thus, ARIN may or may
not have in hand either a signed RSA or a signed LRSA that is relevant and
applicable to this block.  For the sake of argument, let's assume that it
doesn't.

Other people may reasonably disagree with me, but I personally am at least
somewhat sympathetic to the various legal assertions and bold claims that
have been made by various IPv4 legacy registrants, over time.  I am also
at least somewhat sympathetic to ARIN's understandable reluctance, if any,
to sally forth and do battle in the courts over such legacy-related claims.

In contrast to the 199.248.255.0/24 block and its registrant however, last
week I put forward here the very different example of the organization
denoted by the handle "CENTA-3" (created in the ARIN WHOIS on 2006-08-22)
and its associated number resources, which are as follows, and which have
the allocation/registration dates noted:

  AS19214  2006-09-12
  74.116.64.0/21   2009-08-04
  199.16.104.0/22  2011-10-04
  208.74.64.0/22   2007-01-18

Given the date upon which the organization record for CENTA-3 was created in
the data base, and given the allocation/registration dates shown above for
the various associated number resources, it does not seem to be much of a
stretch to infer that this organization *did* at some point in time (or
perhaps even at multiple points in time) sign an RSA with ARIN, and that
those legal agreements remain in force and binding upon both parties, i.e.
the organization denoted as CENTA-3 and ARIN.

In short, I assert that the evidence is clear in this case that the number
resources listed above, which are all assigned to CENTA-3, are clearly
non-legacy resources.  And that is, in a way, quite convenient, because it
means that we can look at and analyze this case *without* having to go down
the long, twisty, and confusing road that we might be obliged to travel *if*
we were trying to analyze the legal rights of the parties in a "legacy"
sitation.  This is not that.  And the signed RSA(s) in this case controls
the legal relationship between the parties.

So, now the question arises:  What, if anything, can ARIN legally do in a
case such as this, where a signed RSA�is in place, but the legal entity that
originally signed it has become formally dissolved, either voluntarily or
involuntarily, within the legal jurisdiction where it was originally created?

Section 10 of the current version (12.0) of the RSA, as published on the
ARIN web site, goes to some lengths to cover exactly such a situation.
It defines a set of numerous different possible events in the life of a
registrant organization, and it defines what is, in effect, a catch-all
term for a group of such possible events, including "dissolution".  This
catch-all term is "Bankruptcy Event".  A corporate dissolution is explicitly
one of the several different types of corporate events that the RSA
collectively defines as a "Bankruptcy Event".

Section 10(a) of RSA version 12.0 is clear that *any* kind of "Bankruptcy
Event"... including, explicitly, a corporate dissolution... obliges the
registrant to "promptly provide written notice to ARIN thereof."  (I feel
sure that we could pay attorneys hundreds of dollars an hour to argue
endlessly over the exact legal meaning of the word "promptly" in this context,
but for the sake of expediency let's just skip over that fine point for now.)

The bottom line here is that CENTA-3 signed an RSA, and most likely several
of them.  And when this corporate entity was dissolved by the State of
California back in 2012, it either did or did not "promptly provide written
notice to ARIN thereof".  (There is no third possibility.)

If this organization DID "promptly provide written notice to ARIN thereof",
either back in 2012, or at any time since, then what, if anything, did ARIN
staff do in response to that notification?  The available evidence certainly
suggests that if any such notice was ever transmitted to ARIN staff in this
case then ARIN staff did nothing with that.

If, on the other hand, this organization DID NOT "promptly provide written
notice to ARIN" of its fromal and legal dissolution back in 2012, and if it
has ever signed any version of the RSA 

Re: [arin-ppml] Member Existance Documentation (or the lack thereof)

[Ronald F. Guilmette]

In message 
Martin Hannigan  wrote:

>On Thu, Jul 28, 2022 at 15:56 Ronald F. Guilmette 
>wrote:
>
>> So you don't think that vetting members should be rightfully construed as
>> an important matter of policy?
>
>
>No.

OK, well, you're entitled to your opinion.

I would argue however that the entirety of Sections 8.2 and 9 of the NPRM
are dedicated to being explicit about who gets what and under what exact
conditions.

Now, if I say to John "ARIN ought to have a policy to make sure organizations
are validly constituted and are who they say they are" then he will say to
me "OK, fine.  That's a policy matter, so propose a policy."  Meanwhile
_you_ will say "That is a mere administrative matter, and doesn't need to be
specified in a policy."

Congratulations!  You seem to have worked out a foolproof two-pronged strategy
for insuring total inaction on anything that doesn't suit your personal tastes.
A really admirable example of Catch 22.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Member Existance Documentation (or the lack thereof)

[Ronald F. Guilmette]

In message 
Martin Hannigan  wrote:

>You're asking lawyer questions.

No.  I'm not.  I'm asking if it should be harder to claim your coat at the
dry cleaner than it is to become a resource-holding ARIN member.

It doesn't take a law degree to answer that question.

>Im not a lawyer.

Fine.  I wasn't asking you specifically.

>You're also asking what
>the majority of us believe are administrative non policy questions.

So you don't think that vetting members should be rightfully construed as
an important matter of policy?

And you're entirely sure that you speak for the majority on this point?

All I can say is that I think this evasion is altogether worthy of British
civil servant and Permanent Secretary Sir Humphrey Appleby, who also famously
opined on the frequent confusion between the policy of administration and the
administration of policy.

https://twitter.com/yessirhumphrey/status/1378200915409309699


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

[arin-ppml] Member Existance Documentation (or the lack thereof)

[Ronald F. Guilmette]

[[ Changing the Subject: line now because I want to veer off in a somewhat
   different direction ]]

In message 
, 
Martin Hannigan  wrote:

>> But seriously, what basic bona fides does ARIN require these days just
>> in order to open a membership, totally independent of any resource
>> allocations?
>>
>> For a corporate entity?
>
>You'd have to ask them, but presumably...

Why?  Why should I have to ask them?  Why isn't the answer to this simple and
obvious question spelled out, either the NPRM or in the RSA agreements, or even
just on the ARIN web site?

It is my hope, of course, that the answer to this simply question hasn't been
deliberately burried as a sort of backhanded way of allowing ARIN staff to vet
new applicants based on their personal senses of smell, rather than on the basis
of objective and publicly-known criteria.

I did a lot of reading about this topic last night and I have to say that it was
an extraordinarily eye opening experience!  The stuff I read raises far more
questions than it answers.

In the first place, the procedures that ARIN has in place appear to have been
designed to make it impossible to create an ARIN membership without 
simultaneously
making the implicit assertion (via a signed RSA) that the organization making 
the
membership application will be desiring to receive number resources allocations.

Simple question: Why?

In the AFRINIC Region, for one, there is a special kind of RIR membership
available that is sort-of analogous to a United Nations "Observer Status".
You get to participate in members-only things, including members-only mailing
lists and... not sure about this...  perhaps even voting, but you _do not_
have any assigned number resources.

If this is available in the ARIN region, then my organization would like to
obtain ARIN Observer Member Status.  If such a category of membership is not
presently available in the ARIN region, then why isn't it?

Moving on to more topics...

I found the following astonishing statement on the MEMBERSHIP FAQ page of the
ARIN web site (https://www.arin.net/participate/oversight/membership/faq/):

"Your organization does not need to be an ARIN Member to apply for
resources from ARIN..."

I read this, and I'm like "WAIT!  WHAT???"  I'm not even sure now what the
purpose of an ARIN membership is if a membership isn't even needed in order to
get ARIN number resources.  I do hope that someone will enlighten me.  The only
answer that comes immediately to mind is that maybe some organizations just want
resources and are perfectly happy to do without any voting rights.  But even
that doesn't make a lot of sense to me.  Why would anyone NOT want to have a 
vote??

Now we come to my most important point.

Quoting again from the MEMBERSHIP FAQ page:

 Is my organization eligible to become an ARIN General Member?

Your organization must also have a name that legally exists.

What does that even mean?  Does the name "127.0.0.1" legally exist?  It is not
_illegal_, as far as I know!

My name is "Ronald Fredrick Guilmette".  That name exists.  Legally.  It is on 
both
my birth certificate amd my driver's license, as well as in many other places
connected to me, such as financial institutions, property records, etc.  (Of 
course,
it could be argued that "Ronald Fredrick Guilmette" is not in any meaningful 
sense
"organized", but that's besides the point.)

I want to know, precisely, what will cause ARIN to assert that a given name 
_does_
"legally exist" and conversely, what will cause it to assert that a given name 
_does
not_ "legally exist".  Of course I'd also like to know both how and, more 
importantly,
*when* ARIN makes its determination(s) that a given name does or does not 
"legally
exist".

It would appear, based on facts that I've previously posted here, that ARIN does
not vet the continued existance of its member organizations on any kind of an
ongoing basis, but rather only as a "one-off" at the beginning of the member's 
term
of membership.  But I will, of course, be happy to be corrected if I'm wrong 
about
that.

In my state (California) a sole proprietor may legal forgo any registration with
the state and may opt instead to just obtain the legal right to use a so-called
"Fictitious Business Name".  Rights to use such names are issued by California
counties, and sole proprietors are required to have one in each county within 
which
they do business.

These "FBNs" are, in effect, a legal form of a "DBA" or Doing-Business-As kind 
of
a thing.  These names _do_ "legally exist" under law within the State of 
California.

So this raises the obvious question:  May a California sole proprietor who is
verifiably in possession of properly-issued Fictitious Business Name from his
county become an ARIN General Member, and if not why not?  Maybe I just missed
it, but I'm not finding a crisp answer to this question anywhere in the NRPM or
the RSA or on the ARIN web site.

I hope that everyone will forgive me.  I am 

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <4b6e79f3-b99c-01f5-ccb9-9f556728f...@impulse.net>, 
Jay Hennigan  wrote:

>Are convicted felons barred from obtaining number resources? If so, 
>where is this stated?

Beats me!  I heard a rumor to that effect some years ago now, but that
may perhaps have been in relation to memberhips in some other RIR.
I just can't recall anymore.

>Likewise, those on *ANY* international sanctions 
>list? As a mild example, President Joe Biden is on a Russian sanctions 
>list. https://www.mid.ru/ru/maps/us/1814243/ (Number 33)

Well, you know, I kinda think that that one wouldn't apply, at least not
within the ARIN region.

>I disagree that ARIN should spend time or resources researching either 
>of these, nor do I see any clear value to ARIN or the community in doing 
>so.

What if I told you that it was going to cost ten cents and take five minutes
of effort, total, for _all_ ARIN members to be vetted for "liveness"?  Would
that change the calculus for you any or have any effect on your opinion?

To put it another way...

Are you opposed to vetting membership liveness strictly on the basis of cost
concerns?  Or are you opposed because the very notion offends some other
personal sensibility?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Martin Hannigan  wrote:

>> >How big [real] is the problem? One body? Or five hundred?
>>
>> I had a premonition that someone might ask that.
>>
>> The honest answer is:  I don't know.  But I can certainly imagine [ clip ]
>
>I don't doubt that this occurs. But I doubt its on such a scale to warrant
>members absorbing costs to go on a witch hunt.  Willing to look at a data.

(*) Witch hunt and batteries not included.

But seriously, what basic bona fides does ARIN require these days just
in order to open a membership, totally independent of any resource
allocations?

For a corporate entity?

For a natural person?

I'm seriously asking because I don't know.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Martin Hannigan u wrote:

>> There are a lot of things that ARIN should clearly not waste its time on.
>> Knowing whether its members are alive or dead is not one of them.
>
>
>How big [real] is the problem? One body? Or five hundred?

I had a premonition that someone might ask that.

The honest answer is:  I don't know.  But I can certainly imagine that
if some totally impartial party were to volunteer, then we could put
all of the handles for all of the ARIN member orgs into a hat, and then
have the impartial party draw from the hat, say, one hundred org handles
at random, and then those could all be scrutinized with an eye towards
detmining how many are clearly live, how many are clearly dead, and how
many are incorporated in jurisdictions where it is simply not possible
to tell.

The results from the random sample could then, I think, be extrapolated
to the universe of ARIN member orgs, thus producing estimates of total
live, total dead, and total indeterminate.

I certainly have every belief and faith that at the present moment there
is likely more than one ARIN membership that is associated with a dead
person or entity.  Consider that I appear to have found _two_ such, just
by sniffing around the edges of one particular clump of unambiguous online
anti-social nastiness that happened to cross my personal line-of-sight.
How many other dead members may there be out there that have avoided all
scrutiny from anyone, simply by keeping their heads down and doing nothing
which is controversial, remarkable, or even noteworthy.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Martin Hannigan  wrote:

>> Similarly, when GlobalCrossing was bought by Level3, there was no
>> sudden requirement that every record within ARIN that used to say
>> "GlobalCrossing" now say "Level3" (I mean Qwest) (no wait, I mean
>> CenturyLink) (shoot, no, now I mean Lumen).
>>
>
>And those companies don't die.  They get adopted. In my $dayjob we still
>receive payments and do agreements with XO, MCI and Level3. They are indeed
>wholly owned by another, but the corporate entities continue to exist.
>Those records are likely to be valid in many cases. Untangling such vast
>enterprises is more expensive than simply changing who owns the shares and
>the branding. It is quite common from my view as a lord of telecom land.
>
>This is not a task for ARIN. Members will pay dearly for such a time waste.
>No thank you.

I agree.

I've raised two different issues in recent days and I should apologize
for having done that and for having possibly confused matters by doing so.

One issue is the question of whether or not ARIN should have some clear
notion of the identities of the benficial owners of any corporate member
that is *not* a publicly traded company.  (In the case of publicly traded
companies, I suspect that not even the SEC knows from one millisecond to
the next who all of the hundreds of thousands of individual shareholders
are.)

In the case of non-publicly-traded companies, I believe that there would
be a clear value in ARIN knowing, at the very least, that none of the
beneficial owners are either (a) convicted felons or (b) are on any
international sanctions list.  Having said that, I understand at least
some of the reasons why arranging things so that ARIN could know the identities
of all beneficial owners of all non-publicly-traded companies might be
controversial.  So let's just set that idea aside for the moment.

The other and entirely separate issue I have raised is whether or not ARIN
currently knows, or currently even cares to know whether or not any given
ARIN member still exists, legally speaking.

This, I believe, should not be in the least controversial.  What good is a
signed RSA agreement if the member is dead?  And is it a Good Thing or a
profoundly Bad Thing if unknown interlopers are usurping, without any
legal authority, the ARIN-issued number resources of a deceased person or
a deceased corporation?

There are a lot of things that ARIN should clearly not waste its time on.
Knowing whether its members are alive or dead is not one of them.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Matthew Petach  wrote:

>If the corporation stops doing business, but someone continues to pay the
>bills for it on their behalf, I know from experience that ARIN will continue to
>preserve the number resource registrations associated with the entity.

It would appear so.

I may be alone, but I find this fact problematic in multiple ways.

For one thing, the RSA contract arguably becomes legally inoperable if the
corporate or natural-person entity that was the member has ceased to exist.
For another thing, by continuing to keep open the ARIN membership of a dead
corporate entity or a dead person, and by continuing to allow some unknown
parties to make unfettered use of that (now defunct) entity's ARIN-assigned
number resources, it could be reasonably argued, I think, that ARIN is helping
to keep the corpse in a sort of zombie state, financially speaking, and that
thus, ARIN may perhaps thus be said to be aiding and abetting state-level
tax fraud.

>If it's a natural person who held the number resources that passes away,
>the estate goes into probate, and if a beneficiary takes over payment of
>the ARIN bills, it's unclear how ARIN would ever know the natural person
>passed away.

I also find this situation problematic in multiple ways, i.e. basically the
same ways mentioned above in the case of the death of a corporate entity.

How will (or how can) ARIN enforce the terms of the RSA contract against a
dead guy?

>It's the same as the GlobalCrossing/Level3 etc. situation.
>
>We don't know if the old companies still exist as legal entities or not;

I have no idea why you say that.  It is easy enough to find out if a given
named corporate entity still exists or not, using readily accessible public
records.  (At least this is true for corporate entities that were incorporated
in what I would call "civilized" countries.  In jurisdictions such as Nevis &
St. Kitts determining whether a particular corporate entity is alive or dead
does become problematic however.  But for the vast majority of the ARIN region,
and for the vast majority of all ARIN memberships, determining if the corporate
entity or natural person is alive or dead is not in any sense difficult.)

>If I had a california company, but decide I don't want to deal with
>california business taxes, and I close down the california corporation
>and incorporate in delaware instead, am I obligated to return the
>number resources, or can I simply update my registry entries to
>the new business address and continue using them?

In that specific situation there is no question, I think, that if the new
(Delaware) corporation has _legally_ acquired the assets of the old
(California) corporation, including, specifically, its ARIN-related assets,
and as long as all of the other criteria set forth in NRPM Section 8.2 are
satisfied, then all such assets are indeed simply transferred to the new
entity.

>If you go trolling through the list of defunct companies, you'd
>see my california business as being defunct; but that wouldn't
>mean ARIN should reclaim my number resources;

I agree.  And in an ideal universe there should ne -zero- names of
defunct companies anywhere in the ARIN WHOIS, and certainly never as
organizations that are holding number resources.

>Just because you tell ARIN my california corporation is dead
>doesn't mean ARIN is going to reclaim my resources; they may
>well look at it, recognize that the california corporation is dead,
>but a delaware corporation has taken its place, and is paying
>the bills, and thus no action needs to be taken.

Sorry.  No.  In such a circumstance, ARIN should reach out to all relevant
contacts and request documentation demonstrating the _legal_ transfer of
ARIN-assigned number resource assets from the old entity to the new entity,
and if no such docummentation of _legal_ transfer is provided in a timely
manner, say, within 30 days, then ARIN should terminate the membership and
reclaim all relevant resources.  Because that's the only thing that makes
sense.  Otherwise, over time, zombies will end up comprising the majority
of all ARIN-registered organizations, and zombies will also end up holding a
majority of all ARIN-assigned number resources.

>If what you're really asking is for ARIN to report on every
>complaint that is issued...

As a general matter, I'm not asking ARIN to report on anything.  I'm asking
ARIN if it has a sensible plan for handling end-of-life events among its
members.

So far, the evidence seems to point to the conclusion that ARIN has no
specific plan at all for dealing with member end-of-life events.

I understand that this doesn't bother _you_.  It does however bother me,
and for the reasons I have stated above, as well as one more:  The kinds
of people who are still paying the bills and still making use of publicly
routed ARIN-assigned number resources that they likely have no legitimate
legal rights to are exactly the kinds of low-life characters that I have
been fighting now 

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <4b84b1b4-8559-4b48-ad1d-44c403742...@arin.net>, 
John Curran  wrote:

>Deceased entities generally don't pay their renewal invoices. which then 
>results
>in revocation of the associated number resources?  (and no need to track them) 
>
>Your stream of hypothetical situations has predominantly been regarding 
>deceased
>entities that somehow have still manage to have their ARIN invoices paid on an 
>ongoing basis - not likely to be a very common occurrence with truly defunct
>entities. 

Perhaps that is true, John. only because ARIN's definition of "truly defunct 
entities"
is just one whole hell of a lot more informal and relaxed than is the actual 
law and
the actual legal view on these things in most or all of these United States.

I am reminded of a famous line from the movie "The Princess Bride" (1987):

  "He's only MOSTLY dead."
  -- Miracle Max (Billy Crystal)

Anyway, since you have challenged my hypothetical as being implausible, you now
oblige me to move from the general and the hypothetical to the specific and the
concrete.  I didn't want to do that, but given that you are now challenging my
hypothetical as being implausible you leave me no choice, even though I'm sure
you'll inform me that just by being specific I am violating some obscure mailing
list Code of Conduct provision, even though all the relevant facts are already a
matter of public record, including even in the press.

I call your attention, John, to the following blog article dated October 22, 
2020,
i.e. well more than a year and a half ago:


https://krebsonsecurity.com/2020/10/the-now-defunct-firms-behind-8chan-qanon/

Please take note of the following relevant points:

*  Two specific companies are called out in this blog article as being
   dissolved and defunct with respect to their incorporations within their
   respective home states -- Nevada for the first one and California for
   the second one.

*  The first of these two companies (the Nevada one) has since rectified the
   deficiencies it had in October of 2020 with regards to its Nevada State
   corporate registration, and thus is no longer of concern.

*  The second of these two companies (the California one) has NOT rectified 
the
   deficiencies it had in October of 2020 with regards to its California 
State
   corporate registration.

*  The blog article from October, 2020 includes the following quote, 
attributed
   to an unnamed ARIN official:

 "ARIN has received a fraud report from you and is evaluating it," a 
spokesperson
 for ARIN said.

*  Public records freely available on the California Secretary of State's 
web site
   indicate quite clearly that the California corporate entity named in the 
blog
   article was incorporated in California on 8/15/2006, that it 
subsequently failed
   to file its legally required annual Statement of Information as of 
8/31/2010,
   that it has likewise failed to file its legally required annual 
Statement of
   Information continuously, and every year since 2010, and that as a 
result of
   these failures, this entity was administratively dissolved by the 
California
   Secretary of State's office as of 8/29/2012, nearly a decade ago.

*  The company's web site indicates clearly that the company is still doing 
business
   within the state of California under the trade name mentioned in the 
Krebs blog
   article which is the same one associated with the ARIN organization 
handle CENTA-3.

*  The company's physical location, as given in the ARIN WHOIS record for 
both the
   organization and its contact points appears to be nothing more than a 
UPS P.O.
   box located in Fremont, California.

*  The company's phone number, as given both on its web site and in its 
associated
   ARIN WHOIS records rings as BUSY, even at 1:30 AM, California time.

*  A check of public records relating to Fictitious Business Names 
registered in
   Alameda County, California (which contains Fremont, California) shows 
there as
   being no record of any registered Fictitious Business Name having the 
name of
   this company in Alameda County.

*  Despite all of the foregoing, this long-dead California corporate 
entity, which
   is designated in the ARIN WHOIS data base via the handle CENTA-3, as of 
this
   moment appears to still be a member in good standing of ARIN, holding 
one ARIN-
   issued ASN and also 4094 ARIN-issued IPv4 addresses.

I look forward to your explanation of how the above set of facts comports with 
current
ARIN policy and/or current ARIN procedures, or with the statement that was 
given, by
ARIN, to the press regarding this matter back in October of 2020.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing 

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
Matthew Petach  wrote:

>Why would ARIN be the place to track changes of ownership of corporate
>entities?
>
>If Elon Musk, for example, were to buy Twitter...

Now you are taking about (a) publicly traded companies and also about (b)
companies whose names are unlikely to change after an acqusition due to
the desire to keep all existing branding.

The vast majority of ARIN member organizations (a) are NOT publicly traded
and also (b) DO NOT have any compelling, overriding, or substantial investment
in branding.

So please, don't get off into the weeds.  My questions have been simple and
straightforward questions about non-publicly-traded companies which have
only some modest numbers of shareholders.  And as I have said, corporate
entities of this type, together with natural persons, represent the overwhelming
bulk of all ARIN memberships.

>Sure, you can look to SEC records to see the change in ownership; it's not a
>secret; but it's not something that's on ARIN's head to track.

Well, actually, even the SEC itself is not obliged to divulge the identities
of every last shareholder of every publicly traded company... which is as it
should be.  (Any anyway, in the modern era, doing that would be nearly
impossible anyway, logistically, because share ownership in publicly traded
companies these days varies millisecond by millisecond.)

But anyway, we agree.  It is clearly _not_ ARINs job to keep track of who
owns how much of any given member organization.  And although I might like
it to be otherwise, at least for non-publicly-traded companies, that is not
the topic de jure.  Today we're just taking about dead member cleanup, or
the lack thereof.  (We can come back and argue about whether or not ARIN
should be collecting beneficial ownership information for non-publicly-
traded companies some other day.)

All that having been said, it _is_ indeed my opinion that it _is_ ARIN's job to
know at least the identities of all of the legal entities that are its members.
And in general, I believe ARIN _does_ know all of that, except when it comes to
deceased entities, where it appear to be blind as a bat.

>Similarly, when GlobalCrossing was bought by Level3, there was no
>sudden requirement that every record within ARIN that used to say
>"GlobalCrossing" now say "Level3" (I mean Qwest) (no wait, I mean
>CenturyLink) (shoot, no, now I mean Lumen).

Maybe there should be.  Do you have something against Truth in Advertising
when it comes to public-facing WHOIS records?

(Note: I think that you may possibly be overlooking the possibility that just
because Level3 got acquired by some other legal entity, that DOES NOT
automatically imply that the legal entity known as Level3, Inc. has itself
necessarily ceased to exist.  It may still exits and may still be using
the same resources as it has in the past, all while simply having different
ownership.)

>Nowhere does the NRPM say that ARINs records must change
>when the name or owner of a company changes.

Right.  That's what I said.  And thus, because of that obvious hole in the
rules, I asked John how anybody outside of ARIN could reliably and independently
check to see that ARIN is actually doing what John claims it is doing, i.e.
cleaning up the leftovers of dead companies and making sure that those remnant
resources get properly assigned to the new legal heirs of the old (and now dead)
company, if any, or properly recycled otherwise.

>(You can verify this for yourself by searching through ARIN whois
>records for "global crossing", "Level 3", etc. to see that there has
>been no requirement that records be immediately updated to show
>that ownership and control has changed.)

Not only is there apparently no requirement for the WHOIS records to be
properly updated "immediately" but apparently there is no requirement for
the WHOIS records to be corrected/updated *ever*.

You may think that's just swell.  I do not.  But in any case, for me this
also is somewhat of a side-issue at the moment.  My first order concern is to
find out if ARIN really and truly is committed to cleaning up the remnants
of old, dead and defunct companies and persons that were formerly members
but that are now "pushing up daisies" as it were.

It is still not 100% clear to me that ARIN is doing that, even in cases
where the now-dead members are (to use John's words) "brought to the
attention of ARIN".  ARIN may be doing it, or then again, maybe not.  It
appears that, as with so many ARIN things, there may be no way for an "outsider"
to know if they are doing it or not.  And even if they are doing it, they
may perhaps be doing it on a geological time scale, which for me at least,
would be rather unsatisfying.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <55579a4c-f9e7-4dea-9948-f4f34b2d1...@arin.net>, 
John Curran  wrote:

>> I provided a straightforward hypothetical of a small business that was 
>> validly operating
>> within the state of California, which was formerly (a) registered as an ARIN 
>> member, and
>> which (b) was the registrant/Holder of ARIN resources, and which (c) either 
>> by deliberate
>> choice of the owner(s) or by defaulting on its legal obligations to the 
>> State, became
>> dissolved as a legal entity, i.e. it ceased to exist as a legal entity.
>> 
>> What is the legal basis for you to claim that such an entity "appears to be 
>> a reorganization"?
>
>I did not provide a legal basis; I noted the basis in ARIN number resource 
>policy. 

Yes, you referenced NRPM section 8.2.  However that section makes no mention 
whatsoever
of either the (a) dissolution of an incorporated entity or (b) the death of a 
natural
person (which could also be an ARIN member and resource holder).  And indeed, 
if my
browser's search function is working properly then it would appear that neither 
the
word "death" nor the word "dissolution" appears anywhere in the entire NRPM.  
Would
you agree that these terms and/or terms having similar meanings are not 
mentioned at
all, either in the NRPM or in the RSA?

>> Please provide a clear answer to this question John.  Just mumbling some 
>> vague musings
>> about "working with the member to try to rectify/cure the situation" is not 
>> what
>> I'm looking for here.
>
>There is no organization to speak with - if such a case were brought to our 
>attention and the
>resources were not being used, we?d revoke.  If they were in use, we?d try to 
>reach the party 
>using them first (as there may be a legal successor after all and we just 
>didn?t identify that 
>properly.) 
>
>> Please keep in mind when answering that you/ARIN may not even know who the 
>> real legal 
>> successors, heirs, and assigns of the (now defunct) company even are.  So 
>> who the
>> bleep would ARIN be trying to "work the problem out" with anyway if you 
>> don't even
>> know for sure who owned the dead company at the time of its death?
>
>Precisely. 

John you _seem_ to be agreeing that that if a corporate entity that was a 
member and
resource holder has become dissolved by default (or if natural person which was 
a
resource holder has died) and if the relevant resources are still in use, that 
ARIN
would, quite reasonably, attempt to make contact with the current user of said 
resources
and that ARIN would ask that current user (or those current users) to provide 
some
legal documentation which would legally and definitively indicate the identity 
(or
the identities) of the heirs, successors, or assigns of the now-former member.  
Is
that a correct reading of your statements, or am I inferring too much?

And are you also asserting that in the absence of any timely production of such
documentation, ARIN would reclaim all relevant number resources and terminate 
the
associated (now defunct) membership?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <050367fd-7090-4f98-9c34-2904f1129...@arin.net>, 
John Curran  wrote:

>> Section 8.2. of the NRPM covers "Mergers, Acquisitions, and 
>> Reorganizations".  The policies
>> and procedures that are to be applied in all of those situations are quite 
>> clearly set
>> forth there.  Section 8.2. of the NRPM quite clearly *does not* cover 
>> dissolutions.
>> Please provide a straight answer to the question I did ask, which related to 
>> dissolution
>> situations.
>
>It appears to be a reorganization of the failing operation from an LLC to now 
>operating under
>under a registered legal name instead. 

You are still evading the question John.

I provided a straightforward hypothetical of a small business that was validly 
operating
within the state of California, which was formerly (a) registered as an ARIN 
member, and
which (b) was the registrant/Holder of ARIN resources, and which (c) either by 
deliberate
choice of the owner(s) or by defaulting on its legal obligations to the State, 
became
dissolved as a legal entity, i.e. it ceased to exist as a legal entity.

What is the legal basis for you to claim that such an entity "appears to be a 
reorganization"?

(Frankly, I am glad that you've never worked as a county coroner.  If you had, 
we might
have ended up with a whole lot of "reorganized" individuals, feeding worms and 
taking up
space in various mortuaries.)

>> You are being deliberately obtuse and evading the question.  If the 
>> hypothetical TMBBATS LLC
>> goes belly up, then when will the Registration Services Helpdesk, or any 
>> other part of ARIN
>> even notice this fact and take some action (i.e. ANY action)?  After 1 year? 
>>  After 2 years?
>> After 10 years?  Ever?
>
>No, not unless specifically brought to the attention of ARIN.  Note that such 
>conditions, 
>as we have discussed here, are sometimes transitory and may be cured or 
>reinstated, 
>so absent clear direction in policy we will not monitor and/or reclaim under a 
>lapse in 
>regisration. 

You have just contradicted yourself within the space of two sentences John.  
First you
make a rather vague and entirely non-commital comment which you apparently hope 
will
give us the vague impression that ARIN might actually DO SOMETHING if a dead 
company
which is a member and resource holder is "specifically brought to the attention 
of ARIN".
And then, in the very next sentence, you appear to assert that ARIN won't do 
damn thing
about any such cases, EVEN IF they are "specifically brought to the attention 
of ARIN",
because you have been given no explicit policy guidance that would apply in 
such a case.

So?  Which is it?  Please get down off the fence John.  It must be rather 
uncomfortable
for you sitting on that.

I will restate the question yet again in an effort to try to further reduce the 
chances
for another non-responsive answer.

If a given (now former) corporate entity was dissolved, either voluntarily or 
otherwise,
by the competent legal authority that oversees such matters within its 
incorporation
jurisdiction, and if all available evidence indicates that this is NOT merely a
"transitory" situation, but rather one that has gone on for many years, 
continuously,
and if this member is "specifically brought to the attention of ARIN" (your 
words)
then what, if anything, will ARIN do, right now, today, in such a case?

Assume for the sake of argument that whoever or whatever ARIN staff may _feel_ 
is the
rightful heir, assign, or successor of the now dead company is utterly 
unresponsive
to any and all outreach from ARIN.   What will ARIN do in such a case?

Please provide a clear answer to this question John.  Just mumbling some vague 
musings
about "working with the member to try to rectify/cure the situation" is not what
I'm looking for here.

Please keep in mind when answering that you/ARIN may not even know who the real 
legal 
successors, heirs, and assigns of the (now defunct) company even are.  So who 
the
bleep would ARIN be trying to "work the problem out" with anyway if you don't 
even
know for sure who owned the dead company at the time of its death?

I understand that it is ARIN's default position to consistantly back away from 
anything
that might be even the tiniest bit confrontational, but if a company has been 
dead for
two years or five years or ten years and if _someobody_ is still nontheless 
clinging
onto that dead company's ASNs and IPv4 blocks as if they were the last life 
preserver
on the Titanic, then at what point, if any, does the whole situation become 
just so
eggregious and just so laughable that ARIN might actually get up off its policy 
and
DO SOMETHING?

(Please note that as I have previously clarified in this thread, my own personal
specific interest and questions are *only* about *non-legacy* members and 
resources.
I do not at the moment care to get distracted, or to be led on a merry chase, 
off
into the weeds discussing any of the more legally questionable issues relating 

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
William Herrin  wrote:

>On Mon, Jul 25, 2022 at 1:28 PM Ronald F. Guilmette
> wrote:
>> Anybody can claim anything in court.  [...]
>> I personally believe that ARIN has no legally enforcable obligations to
>> any party that it has no explicit contract with.
>
>Hi Ronald,
>
>If two parties have a contract with each other (let's say you and your
>Internet provider) and a third party does something unreasonable which
>obstructs the performance of that contract, the third party has broken
>the law. It's called "tortious interference with a contract."

I am quite entirely aware of this type of legal claim, and with all
due respect, I think that until you are ready to give me your bar
number it might be better for you to refrain from attempting to
educate me on this topic.

It is unambiguously the case that if, three weeks ago or so, I had
swooped in and made a $45 billion dollar offer to buy Twitter, thus
topping Elon Musk's $44 billion dollar offer, and if I had put that in
writing and if I had in fact entered into a contract with Twitter, Inc.
to make that purchase, then I would be subject to a colorable claim of
tortious interference.  Similarly, if I had contracted with Twitter
to pay that company, say, $2 billion dollars if they would just simply
not agree to be acquired by Elon Musk, then in that case also I would
be subject to a colorable claim of tortious interference.

Those sets of facts are readily distinguishable however from the case
where a party has _no_ binding legal commitments or agreements with
the other two parties involved, as in the case of ARIN doing something
that might affect some legacy holder and some other party that has a
contract with said legacy holder.  ARIN has no legal obligations to
either party.  Either of those two parties could _claim_ tortious
interference, but they would lose, because ARIN has no contract, nor
any specific legal obligation to either of them.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message <91f20ecc-6de8-4de7-822c-b3436465e...@arin.net>, 
John Curran  wrote:

>> So I ask again, where is the justification, either in legal principals or in 
>> the
>> actual text of the RSA that says that George retains (or obtains) _any_ 
>> interest
>> in the /24 upon the death of George's LLC?  The way I read the plain 
>> language of
>> the RSA, all claims, rights, and titles to the /24 must necessarily pass 
>> back to
>> ARIN upon the death of the LLC, if for no other reason, then at least for the
>> obviious reason that "The Holder" no longer exists and thus can no longer 
>> pay the
>> annual fees.
>
>Wonderful logic.  I'll note that telecommunications companies routinely 
>consolidate, and 
>that it is quite possible that invoices will paid from an account other than 
>one that signed 
>the ARIN agreement. (Given how some organizations are about updating their 
>merger 
>records, any other position would be irresponsible...) 

This is a clear evasion of the question John.

I have not asked you to comment on the convenience, or lack thereof, to some 
unspecified
_merging_ telecommunications companies, or whether it is nicest for them to 
make payments
to ARIN in this manner or in that manner.  My question was, I think, both clear 
and specific.
It was about a legal entity that has simply ceased to exist, and _not_ because 
it was
merged into some other legal entity.

Please answer the question that I did ask, and not the one that you would have 
preferred
me to ask.  I will state it again, so that there will be no confusion:

Where is the justification, either in legal principals or in the actual text of 
the RSA
that says that George retains (or obtains) _any_ interest in the /24 upon the 
death of
George's LLC? 

Section 8.2. of the NRPM covers "Mergers, Acquisitions, and Reorganizations".  
The policies
and procedures that are to be applied in all of those situations are quite 
clearly set
forth there.  Section 8.2. of the NRPM quite clearly *does not* cover 
dissolutions.
Please provide a straight answer to the question I did ask, which related to 
dissolution
situations.

Where is the justification, either in legal principals or in the actual text of 
the RSA
that says that George retains (or obtains) _any_ interest in the /24 upon the 
death of
George's LLC?

You have also cleverly evaded answering my other clear and straightforward 
question
entirely, so you oblige me to state that one again also, and hope again for some
answer that is not deliberately evasive.

>>> I suspect that the Registration Services Helpdesk would ask that
>>> George register TMBBATS as a sole proprietorship, provide an appropriate 
>>> attestation of 
>>> the events, and update the records accordingly. 
>> 
>> Well, that's a part of my question:  Would they?  When would they?  Why 
>> would they?
>
>Yes, RSD would handle accordingly - there is no reason not to, particularly 
>given that the 
>address block is presently utilized and there is no other party claiming they 
>hold the rights. 

You are being deliberately obtuse and evading the question.  If the 
hypothetical TMBBATS LLC
goes belly up, then when will the Registration Services Helpdesk, or any other 
part of ARIN
even notice this fact and take some action (i.e. ANY action)?  After 1 year?  
After 2 years?
After 10 years?  Ever?

The evidence that I am looking at confirms that ARIN is not lifting a finger to 
clean
the stables of all of the dead and defunct resource holding members, ever.  As 
much as
you would like to distract from that central fact by injecting irrelevancies 
about mergers
and/or the wonderful helpfulness of Registration Services Helpdesk, reality is 
still
reality, and if you had anything positive to say about ARIN's approach to the 
problem
of dead companies cluttering up your books then you would have said it by now, 
rather
than just trying to change the subject.


Regards,
rfg


P.S.  You wrote:

 "It is interesting - people alternately accuse ARIN of being hard to 
satisfy, and then express 
 surprise when we go above and beyond to accommodate people attempting to 
clean up the registration
 records..."

I, for one, have never accused ARIN of being too hard.  An indeed the evidence 
from both my own
research *and* multiple federal criminal cases all shows unambiguously that 
ARIN is, if anything,
an easy mark... a sucker and a pushover for anyone with a good song and dance 
and the right re-
registered domain name(s).
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message 
, 
William Herrin  wrote:

>John can correct me if I'm wrong but as far as I know, ARIN has NEVER
>reclaimed legacy resources which were neither voluntarily returned nor
>then operating under a specific registrant contract with ARIN (such as
>the LRSA).
>
>John will claim that ARIN has that authority regardless. Such a claim
>is dubious at best. Without a contract it's unclear from whence such
>authority would arise. Without such authority, ARIN could find itself
>running afoul of the law. For example, a legacy registrant could claim
>tortious interference with its contract with an ISP should ARIN act to
>reassign the legacy addresses without permission.

Anybody can claim anything in court.  Believe me I know.  Having a claim
hold up to close scrutiny is however a rather different matter, as at
least one chief executive well known to all found out not long ago...
about 60 times in a row.

In any case, I personally disagree with the above legal anaylsis, and
I personally believe that ARIN has no legally enforcable obligations to
any party that it has no explicit contract with.  That having been said,
at the moment my personal concerns relate only to non-legacy members and
resources, so I shall endeavor to confine myself to commenting only on
that rather separate and different topic.


Regards,
rfg

___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message , 
John Curran  wrote:

>I am unsure of ARIN's legal ability to not accept payment from George,

OK.  I'll bite.  Why are you unsure?

It seems to me altogether clear.  It is right there is black & white in the RSA.
It says "Holder shall pay..." It does not say "Anybody who ARIN management
unilaterally deems to be an acceptable stand-in for Holder shall pay..."

>but I am not certain it is relevant in this case, as:
>
>- George was associated with the original request for the address 
> block for TMBBATS

No.  He wasn't.  His LLC was.  He himself may have been _legally_ affiliated
with the LLC in some trivial or non-trivial way, but from a purely legal
perspective I am not persuaded that any such connection, however strong or
however tenuous and superfluous, has any clear legal relevance.

>- The ARIN payments have been made

Yup.  (My hope, of course, is that this is not the one and only consideration, 
i.e.
that the check cleared and made it into ARIN's bank account.)

>- TMBBATS has wound down (as opposed to be sold to some other party or 
> creditor)
>- The address block in question has been utilized throughout 

Not really.  Not in the hypothetical as I described it.  The /24 was originally
granted on the basis of "need" for an Internet cafe.  Now it is just hosting the
web sites of George and a couple of his friends.  So maybe only 5 IPv4 addresses
are being used out of the whole /24 block now.  In short, vastly underutilized.

>So, while it is true that the resources are registered to an entity that no 
>technically longer 
>exists, they are being utilized by a party that has a credible claim to be the 
>legal successor 
>to the rights to the address block,

Now we come to the crux of the matter.

John, please point me at the specific language in the RSA that grants any sort
of right or claim to the resource(s) to any entity other than the entity to
which those reasources were originally assigned.  To put it another way, what
basis in law do you have for asserting that George automatically inherits some
rights, titles, or claims to or upon -this- specific asset upon the (legal) 
death
of his (former) LLC?  (For the moment, we need not even delve into the various
possibilities that could clearly arise if it transpired that George's ex-wife
and/or George's brother-in-law and sister-in-law were in fact the real and only
beneficial owners of the now defunct LLC, with George himself perhaps having
owned a grand total of 0% of the LLC at the time of its demise.)

For now, let just pretend that this is a simple and obvious case where George
did indeed own 100% of the LLC at the time of the LLC's demise.  Even that
simplifying assumption does not really help at all to clarify who, if anyone,
might have some claim to or rights to the /24 after the demise of the LLC.

(Note:  I myself have an immediate family relative who "owns" a house.  And I am
that relative's sole legal death beneficiary for ALL of his assets.  But I will
NOT be getting the house in question, nor even any part of it, when he shuffles
off this mortal coil because he's got a reverse mortgage on the house, and the
way those work is that the reverse mortgage company gets the house, and the
whole house, upon his death.  Because that's what the contract says.)

So I ask again, where is the justification, either in legal principals or in the
actual text of the RSA that says that George retains (or obtains) _any_ interest
in the /24 upon the death of George's LLC?  The way I read the plain language of
the RSA, all claims, rights, and titles to the /24 must necessarily pass back to
ARIN upon the death of the LLC, if for no other reason, then at least for the
obviious reason that "The Holder" no longer exists and thus can no longer pay 
the
annual fees.

If you seriously believe otherwise, then I for one would be enlightened if you
would explain the basis for your differing view on this key point.

>ARIN's job is to administer the registry for productive use, and it would 
>appear that is what
>is happening in this case.

No.  It isn't.  I think that I was clear in my hypothetical, which is not at
all far fetched, that when the LLC was a real and going concern, it needed, 
used,
and most importantly *justified*, to ARIN that it would be using most or all of
an entire /24.  Now, it's just George and his drinkin' buddies, and they are 
using
maybe 5 out of 256 of those IP addresses.

This is not my personal idea of efficient utilization of scarce resources.  
Others
may of course disagree.

>I suspect that the Registration Services Helpdesk would ask that
>George register TMBBATS as a sole proprietorship, provide an appropriate 
>attestation of 
>the events, and update the records accordingly. 

Well, that's a part of my question:  Would they?  When would they?  Why would 
they?

Are you asserting that the Registration Services Helpdesk is, as we speak, 
aware of
all cases in which ARIN members, corporate 

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

In message , 
Chris Woodfield  wrote:

>I'd expect that in the case of an assignee subject to the
>RSA/LRSA, this would be a self-correcting issue - if the assignee or its
>successor does not pay their registration fee...

I'm sorry, but you have misunderstood the thrust of my question, most
probably because I have failed to make it clear.  Please allow me to
try again by way of a hypothetical.  (DISCLAIMER:  Any resemblance to any
person or legal entity, living or dead, within the following text is purely
coincidental.)

Imagine the following scenaro:

George Smiley is an avid fisherman residing in Lakeport, California.  In
2001 George decides to turn his avocation into a professional endeavor.
So George incorprates his new business, obtains a business bank account,
and opens his new fishing supplies shop in Lakeport under the rubric of
"The Master Baiter Bait & Tackle Shop, LLC".  He is told by a friend
shortly thereafter that the best way to get his shop noticed by a lot of
fishermen is to set up his own web site, and that he could even make some
additional money on the side by setting aside one corner of his volumous
store and converting it into an Internet cafe for the locals of Lakeport.
So of course, George goes to ARIN and gets a membership for his business
(hereinafter "TMBBATS, LLC") and he also obtains from ARIN a /24 block.

Hypothetically, let's just say that this all happens around, say, 2003,
give or take.

In late 2008 the Great Recession hits and George's business drops off
dramatically.  He is forced to close the Bait & Tackle shop and its
associated Internet Cafe.  He does so, and also closes the company's
bank account.  (Because why wouldn't he?)  He is a lazy bugger however,
so rather than doing the correct, proper, and decent thing and sending
a notice to the State of California that he is closing his business, he
simply stops filing the annual reports that all active California
corporations are obliged, under law, to file every year.

After a year or two, the State of California notices this and thus strikes
George's business from the rolls of active California corporations.

But there is still that matter of TMBBATS, LLC's ARIN membership and its
associated ARIN-issued /24.

Because George had put his home address in as the "official" mailing address
of TMBBATS, LLC, even after George has effectively dissolved his company
he continues to receive (by snail mail or email) annual invoices from ARIN,
Inc.  He and a few of his his friends are still using the /24 to host a
handful of their personal web sites, so George responds to these annual
ARIN invoices by sending ARIN an appropriately sized check *from his own
personal bank account* every year, like clockwork.

My question was/is:  Is there anything within either the RSAs or within the
NRPM which either (a) obliges or alternatively (b) prohibits ARIN from
accepting an annual fee payment from a legal entity that is *different
from* the legal entity which was the original recipient of the relvant
ARIN membership (i.e. the one that entered into the RSA�contract with ARIN)?

I am looking at the first sentence in Section 4 of the current edition of
the ARIN RSA and I see that it contains the following language, which is
arguably definitive:

"... Holder shall pay..."

Perhaps I am just missing it, but I am not seeing where, within the current
edition of the RSA, there is any obligation created on the part of ARIN to
accept payment for annual fees due from any party other than "Holder".
I supposed that ARIN _could_ do so, if it desired to do so.  And based on
facts know to me I gather that ARIN _does_ in fact accept payments from
parties other than the "holder" (of a membership and/or resources).  I am
just not seeing where, within the RSA, ARIN is contractually obligated to
do so.

But as I say, perhaps I am just missing it.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

Please allow me to ask a different but related question.

As I understand it, all ARIN members are obligated, on an annual basis,
to pay a fee to ARIN for their membership, and also some additional fees,
again annually, based upon their assigned number resources, and more
specifically, based upon the number thereof.

If any of that is not correct, then I hope and trust that someone will
gently correct me.

Assuming that it is correct however, is there anything within either the
RSAs or within the NRPM that obliges member entities to make these annual
payments to ARIN themselves, directly?  Or may some third party make some
such payments on behalf of, say, some specific member entity?


Regards,
rfg


___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

[arin-ppml] Deceased Companies?

[Ronald F. Guilmette]

Can some helpful soul please point me to the section of the NPRM that lays
out the ARIN policy/policies that relate to ARIN members / resources holders
that were, once upon a time, legally constituted corporate entities, but that
have ceased being validly registered corporate entities?

I am most particularly interested to know whether ARIN is either permitted
or obligated to reclaim any number resources that may have been assigned to
such entities.

NOTE:  I am asking now *only* about NON-LEGACY memberships & resources.



Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <40f8e6ce-ecbe-4982-8c44-6dfd3456d...@arin.net>, 
John Curran  wrote:

>When I highlighted the the adoption of NRPM section 9 was in 2016,
>I did so via a link to the NRPM change log (which includes all of the
>versions of the Number Resource Policy Manual since inception) - 
>https://www.arin.net/participate/policy/nrpm/changelog/#nrpm-change-log

Just to put an end cap on the lengthy discussion we have had relating to policy
enforcement vis a vis the member entity designated as SL-206, I have verified
what John has said and thus, as I have already noted, the only error in this
case was mine.

That having been said, relevant historical WhoWas records indicate that both
the member's membership and the member's number resources were assigned /
granted in 2012.

By that point in time I believe that it was already apparent, or at least
should already have been apparent to all members of ARIN that ARIN's IPv4
free pool resources were headed towards exhaustion.  That ultimate and
inevitable outcome, when it did arrive, certainly did not come as an
unexpected lightning bolt from the blue.  It was both predictable and
predicted well in advance of the actual event.

Likewise, it seems to me that even back in 2012, and before, it could have
been predicted that as available IPv4 resources were dwinding towards zero
in all regions, there existed a finite and non-zero probability that out-
of-region interlopers might come into the ARIN region and attempt to usurp
portions of ARIN's remaining and limited free pool... which is arguably
exactly what did happen, at least in some cases.

My only point in relating all of this well-documented history is to provide
my only excuse for having failed to grasp that totally out-of-region entity
memberships were not expressly prohibited by policy within the ARIN region
until 13 July 2016:

https://www.arin.net/vault/policy/proposals/2015_5.html

It would appear that the ARIN membership, in its infinite wisdom, did not reach
agreement to prohibit outside interlopers from obtaining ARIN memberships and
resources until 19 April 2016, i.e. the date when proposal ARIN-2015-5 was
formally adopted.

I hope and trust that everyone can understand why this might appear more than
a little perplexing to me, given that IPv4 exhaustion in the ARIN region had
already been officially declared as of 24 September 2015:

https://www.arin.net/vault/announcements/2015/20150924.html

Offhand I'd have to say that it would appear that the ARIN membership finally
reached agreement to close the barn door only well after the horses had
already bolted.  This is not at all what I would have expected, but it does
seem to be the case, based on the historical record.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Privacy of ARIN registry data (was: Re: Reclamation of Number Resources)

[Ronald F. Guilmette]

In message , Adam Thompson  wrote:

>> As I've already noted, the Europeans have brilliantly constructed for
>> themselves a world in which none of their citizens can even know anymore
>> if they are living nextdoor to a serial child rapist.
>>
>> This is not the path that I want to go down.  Is this the path that YOU
>> want to go down John?
>
>Yes, yes, yes.  I absolutely DO want to go down that path.

Noted.  You are entitled to your preferences, which in many jurisdictions
includes not being at all obliged to wear a face mask during a deadly
global pandemic.  Others of us however may have some different feelings
about how society (and the Internet) should function in order to best
serve the common good.

>ARIN is entirely justified in, as a policy, *not* enabling lynch mobs or
>vigilante justice in general.  Vigilantism represents, and also contributes
>to, a breakdown of order in the governmental and structural mechanisms...

So simple requests for information now represent "vigilante justice"?

Please do continue.  I am facinated.

>Have you realized that your emails resemble vigilantism more and more,
>with every accusation you publicly level?

No, I'm sorry, I don't.  I presented a set of facts which quite certainly
_may_ have represented a possible instance in which ARIN made a small
mistake.  As John has now explained, it didn't.  How you made the leap
from that rather simple inquiry to "vigilantism" is frankly beyond me.

>Let me re-state that more specifically: your continuation of an extremely
>vocal one-man crusade to eliminate all manner of false pretense from the
>internet is not helping.

Your opinion is noted.  Other people appreciate the work I have done, and
the work that I am doing.

>By constantly questioning and challenging it, you are eroding the very
>authority ARIN has to handle the problem.  You're dismantling, one
>microscopic bit at a time, the only entity with the authority to
>help you accomplish your goal!

I hardly think so.  ARIN is functioning today just as well as it did two
weeks ago.  I haven't "dismantled" anything.

I understand that there are a lot of people in society who feel that citizens
should never question anything that is done by people in positions of
authority.  You are apparently one of them.  I am not.  And indeed, I am
and remain proud of the fact that I do so, even when no one else will.
(As you are perhaps not aware, I uncovered and exposed a rather sizable
scandal in another region precisely because I _did_ question authority
when others were loath to do so.)


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <5f5a1774-977c-4815-a7b5-259f8ac06...@arin.net>, 
John Curran  wrote:

>You're seeking more detailed information about the legal entities that hold
>the rights to number resources in the ARIN registry.

Yes and no.  I am seeking information about entities that have been granted
ARIN memberships, regardless of whether they have been assigned any number
resources.

>Some of the information you seek may indeed be collected and processed at
>the time of entering a registration services agreement and/or making a
>resource request

*Someone* has to sign on the dotted line, or else no membership and no
resources, right?  We all know that, so why are you even bothering to
equivocate on this point?

>but it is not collected for purposes of publication

Yea.  So?

>nor is it clear that ARIN, under present policies, could ever assert a
>necessary purpose that would allow publication

OK. I'll bite.

Why does ARIN need to have a "necessary purpose" to publish the names of the
people who sign on the dotted line?  Why isn't it sufficient that by publishing
this info, ARIN is serving the Greater Good and the Community's Best Interests?

Where is it written in law that ARIN must have a "necessary purpose" and where
is that term defined, exactly?

Does the UK goverment have a "necessary purpose" in publishing the names and
addresses and nationalities of all of the beneficial owners of all UK
corporate entities?  If so, then what is that "necessary purpose" exactly?
If not, then please explain why the UK can publish information that ARIN
cannot?  (This ought to be interesting!)

>Therefore, if you wish more detail on a given legal entity that happens to
>hold number resources in the ARIN registry, you need to deal with the
>corporate register of the respective country.

I believe that's what we call a "non sequitur", i.e. a conclusion that does
not follow from the premise.

As far as I am aware, ARIN is incorpotated in the U.S. State of Virginia and
must thus conform its behavior to the laws as they exist in the State of
Virginia.  You seem to be making the rather remarkable claim that ARIN's
behavior is dictated by the laws that exist in Nevis & St. Kitts.

On what are you basing that very facinating conclusion?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <35bbe370-4e3c-4ff7-9bf7-eebce4129...@arin.net>, 
John Curran  wrote:

>Are you unilaterally defining the purpose of this mailing list to only
>include the _formulation_ of policy but never its associated enforcement?
>
>
>Not at all - If you wish to discuss a policy-related enforcement issue _in
>general_ (whether due to existing policy language or ARIN's implementation
>of same), feel free to utilize the arin-ppml mailing list for that purpose.  

That's a rather clever Catch-22 you've set up there John.

I could have just come here and said "I think that ARIN might not always be
vigorously enforcing the policy that requires members to have a substantial
connection to the region" and you would have instantly said "Ron, you have
no evidence to support that."

OK, so, we'll do it in the opposite order next time.  I'll make a generalized
claim and you'll then challenge me for a specific example and I'll present
the specific evidence.

I can't see how it makes much difference, one way or the other, since we
end up with both the general claim and the specific example in the end
either way.  But if it pleases you to start with the general and then
proceed to the specific, I'm OK with that.  Your wish is my command.


Regards,
rfg


P.S.  I'm not sure that I ever saw from you a crisp answer to the question
"How many times has ARIN enforced policy against a member in cases that
(a) did not involve the non-payment of fees and that also (b) did not
involve criminal fraud?"  Is that number zero?
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
Matthew Petach  wrote:

>Shareholders?Seriously?
>
>*facepalm*
>
>That's never going to work.
>How would you even begin to identify all million-plus shareholders of
>Facebook?

It is clear to me that you have never looked a the web site of the UK's
CompaniesHouse or any of its beneficial owner information.

You may want to try doing that someday.

>You generally do good work, Ronald--but I don't think you thought this one
>through very carefully first.  ^_^;;

In the UK, it is not required to disclose beneficial ownership information
for either (a) publicly traded corporations or else (b) corportate entities
where no single shareholder owns 25% of more of the stock.

Their system seems to have been reasonably well thought out and although it
has its critics, it worksm and it does provide a geat deal more transparency
than the absolutely nothing that preceeded it.

ARIN and all of the RIRs could and should follow suit and mirror what the UK
is now doing by way of corporate transparency.


Regards,
rfg


P.S.  Note that as a result of 5AML, most other EU countries either are
already providing this same "beneficial ownership" information, or will
be doing so in the near future.

The days of criminals being able to hide behind shell companies are ending.
They should not be allowed to hide behind the five RIRs either, even though
some clearly are doing that, right now, as we speak.
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Privacy of ARIN registry data (was: Re: Reclamation of Number Resources)

[Ronald F. Guilmette]

In message <6d0e26dd-2b7d-49f3-9889-6b2d0cc41...@arin.net>, 
John Curran  wrote:

>If you wish the ARIN registry to obtain and/or publish "the names and full
>contact information of any and all officers, directors, shareholders, and/or
>legal representatives of any given member", you would need to propose a policy
>that clearly notes the necessary purpose for the collection and processing
>for this information, and have the ARIN community concur and adopt said
>policy.

Yes.

But how about a policy of ARIN just publishing the name & contact info of
each natural person representative of each legal entity that is an ARIN
member and who filed the membership application?   You already have that
information in your files, so there is no issue of "collecting" that
because you already have it, agreed?

>Absent such a policy, what you seek would represent a fairly significant
>departure from what are becoming commonly accepted principles for personal
>data privacy and processing of personally identifiable information. 

Baloney!  "Commonly accepted principles for personal data privacy and
processing of personally identifiable information" ??  Where are you
getting this from John?  Europe?  Just because THEY have chosen to
shoot themselves in the foot with their newfound privacy fetish, that's
no reason why we should.

As I've already noted, the Europeans have brilliantly constructed for
themselves a world in which none of their citizens can even know anymore
if they are living nextdoor to a serial child rapist.

This is not the path that I want to go down.  Is this the path that YOU
want to go down John?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message , 
John Curran  wrote:

>ARIN requires that organizations are properly registered as a legal entity
>in order to sign n RSA and request resources.

Yes, I think we all know that.

>Organizations requesting number resources are subject to the laws in which
>they operate

Yes, I think we all know that.

>each of these jurisdictions has its own regulations that address how much
>information about registered legal entities is made public.  

You left out "...by the national governments of those jurisdictions."

Believe me when I say that I am well and truly aware of the fact that
the national governments of Anguilla, Antigua & Barbuda, Bahamas, Barbados,
Bermuda, Cayman Islands, Nevis & St. Kitts, the British Virgin Islands,
and even some U.S. States decline to provide information about the officers,
directors, shareholders, and/or beneficial of corporate entities registered
in those jurisdictions.  In fact it is my hope that everyone on this list
is well aware of that.

But what has any of that got to do with ARIN?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <779ca4f6-751c-436e-a6c4-ca21c8db7...@arin.net>, 
John Curran  wrote:

>Hopefully this works out well and any type of information brought to any
>RIR in such manner gets investigated and in the worst case scenario
>resources get revoked as they should.
>
>No - parties that wish to bring information necessitating a review of a
>resource request should use the described reporting process, as ARIN will not
>act off allegations of this nature made on ARIN-ppml nor are such allegations
>conformant with the purpose of this mailing list.

On that last point John, are you asserting that it is somehow non-germane
to the ARIN public policy list to discuss here possible deviations, by ARIN,
of its enforcement of policy?

Are you unilaterally defining the purpose of this mailing list to only
include the _formulation_ of policy but never its associated enforcement?


Regards,
rfg


P.S.  I never requested any kind of "action" whatsoever in relation to the
set of facts I presented.  I just wanted to understand what had happened,
and why.
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message , 
John Curran  wrote:

>Of course, you are correct that this misses the real meat of the issue - the
>current review process is opaque except in cases where the issuance was
>determined to be in error (in which case the problem is corrected and a brief
>summary to that effect is provided.)   It certainly doesn't provide a detailed
>public justification of the properness of the issuance per the ARIN's staff
>implementation of applicable number resource policy against the supplied
>information from the requester, and it is unclear if such could ever be
>provided. 

Wait!  Wait!  I suppose that we can quibble about the meaning of the word
"detailed" in this context, but other than that, I think that you, John,
_have_ just proven that, in this case at least, ARIN had no problem
explaining (a) what had happaned, and also (b) why the grant of membership
was entirely within policy at the time it ocurred.  You did so succinctly,
and quite obviously without any need to resort to any kind of disclosure,
improper or otherwise, of any information that could be construed as being
this member's trade secrets or confidential business information.

So when you say (paraphrasing) "It is unclear if ARIN could ever provide a
public justification of the properness of the issuance..." of either a
membership or a number resource... well... you've just proven that it *is*
possible, at least in this one rather specific instance, yes?

Maybe it could be possible in other instances also (?)

>As I noted earlier, we rather frequently receive reports that allege improper
>issuance only to find out that that they stem from insufficient understanding
>of the applicable Internet number resource policy on the part of the submitter.

Yes.  And in all of those cases it should never be necessary for ARIN to give
out anybody's confidential information, right?  Because you can just do
exactly what you have done in this case, i.e. helpfully explain to the party
that raised the issue/question why they simply have, as you put it, an
"insufficient understanding of the applicable Internet number resource policy".
And wouldn't that be the most helpful, friendly, and polite thing to do in
all such cases?

I suppose that you are correct, John, that in this case the error was all mine
in having failed to understand and appreciate that even as recently as 2016 the
ARIN membership did not take seriously the possibility of interlopers from
outside the region coming into the region to grab whatever was left of ARIN's
already dwindling resources.  And thus, for my mistake I will say "Mea cupla!",
fall on my sword, and do whatever other groveling may be appropriate in this
circumstance.

But having done all that, I am compelled to come back to the question of how
ARIN responds to inquiries such as this, and to assert my belief that having
ARIN just tell the reporter "ARIN never makes mistakes, so you must have" is
a sub-optimal way to respond to these things.  And after all, how much did it
cost you/ARIN to educate me, with respect to this case, that policy was just
simply different back in 2012?  And am I not now a better netizen for having
been educated, by you, on this point?

>Such is the case with the particular request Ronald noted - despite not
>receiving any report, for avoidance of doubt we did complete an internal review
>the request & supporting information and indeed it was issued correctly per the
>applicable number resource policy at the time of the request.   I understand
>that answer is unlikely to satisfy some without a public dissection of the
>entire process, but that cannot occur without ARIN violating the confidential
>nature of requests for Internet number resources. 

It actually *is* entirely satisfying to *me*, and I certainly have not and
will not be requesting any information relating to this member, or to this
member's assigned resources, at least none that any reasonable person might
consider to be "confidential".  But I am hoping that you will be so kind as
to point me to the place where I may myself review the NRPM as it existed
back in 2012.  That, I'm sure, is all that is needed in order to set my mind
entirely at ease that all was done by the book in this case.

(I can only speak for myself, but *I* certain have never been so presumptious
as to demand that ARIN reveal to me any of the details of any of its internal
processes, so that is kind of a red herring in this context.)

Separate from all of the foregoing, I have already expressed here my firm
and unshakable belief that ARIN should never be shy to disclose the identities
and contact information for any and all natural persons who have formally
requested either ARIN memberships or ARIN resources, and I have vigorously
stated my rationale for that belief.

I would certainly like to know what person(s) signed on the dotted line
when this membership was requested, back in 2012, and I see no basis for
ARIN to fail to publish that information.  But to be 

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
Matthew Petach  wrote:

>Oy vey.
>
>It almost seems like people don't know how ARIN works.  :(
>
>Look, let's talk in plain and simple language.
>
>When you apply for number resources, you're doing so based on your
>current *and forecasted* needs for up to two years in the future. [0]
>
>When ARIN staff reviews your submission, they're looking at your
>*plans* for the future to evaluate whether those plans fit with the
>NRPM requirements.
>
>They cannot see into the future.

Just to be clear, I was questioning the -membership- in this case... *not*
the resource requests *or* the associated allocations that were ultimately
granted in response to those (resource) requests.

But you are correct that if ARIN had (which I see now John is asserting it
had not, back in 2012) required the prospective member to demonstrate that
it already had a significant presence in the region then that might have
(or might now have, for new applicant) represented a kind of Catch-22
situation where they might have to say "Yes, we *plan* on operating within
the region, and we'll begin doing so AS SOON AS you give us a membership
and some number resources."

I'll be frank in saying that I have no idea how such a Catch-22 could be
or should be resolved.  So I supposed that it is just very fortunate that
it likely doesn't even come up that often.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
 Matthew Petach  wrote:

>But if no fault is found, I don't think it's appropriate to have to
>release documents or records that were used to demonstrate
>innocence...

I agree 100% with that when it comes to anything that could reasonably be
construed as "trade secret" or "proprietary" or "business confidential".

As I have stated at some length, I *do not* agree with that when it comes
to identifying the name, location and other contact details about the
business (and/or the natural person) that is the member, and when it comes
to identifying the names and full contact information of any and all
officers, directors, shareholders, and/or legal representatives of any
given member that are known to ARIN.  All of that information for *all*
members should *already* be out on the table, and public, totally independent
of any cases of "fishy facts".


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
William Herrin  wrote:

>Upon finding the complaint unsubstantiated, ARIN could even offer the
>registrant the opportunity to redact anything they considered a trade
>secret before publication...

I want to be real real clear about this.  It is absolutely *indisputable*
that ARIN actually (and legally) *cannot* divulge anything that even remotely
implicates any trade secret.  That is true, I think _regardless_ of whether
ARIN's investigation of any pattern of fishy facts causes them to reach a
determination that the relevant member is or isn't engaged in fraud, and
also regardless of any determination, by ARIN, that the member in question
is or isn't in violation of policy.

In short there are NO circumstances in which ARIN can, should, or may
divulge trade secret or confidential proprietary business information.

Indeed the mere mention, even just on this mailing list, of the notion of
ever, under any circumstances whatsoever, exposing any information that might
even conceivably be construed as a trade secret has likely already raised
both the hackles and the alarm bells within the ARIN legal department...
AS WELL IT SHOULD.  So let's just keep that entirely off the table shall we?
(It is anyway, legally speaking.)

I personally do not ask for and would not want to be given any kind of
legitimately "business confidential" information by ARIN, ever.  I should
clarify that I personally don't feel the need of any such anyway.

Let's take as an example this case, i.e. the case of SL-206.

Historical ARIN WhoWas records show clearly that this entity was granted ARIN
membership on or about 12-11-2012.  On or before that date, this member must
have submitted, to ARIN, some sorts of bona fides documents as part of its
membership application package.  It may perhaps have submitted to ARIN
other documents as well, including perhaps some to be used as justification
for either the IPv4 /19 block that it was later assigned, and/or some to be
used as justification for the ARIN-assigned ASN that it was later assigned.
But any such additional documents would have been separate from any basic
incorporation document(s) attesting to the mere fact that they were who
they said they were, i.e. legal representatives of a Nevis-incorporated
and Nevis-domiciled legal entity formally known as "1337 Services LLC".

It is not clear to me what specific documents ARIN may hold that were
submitted by the legal representatives of this entity and which ARIN
may have required at the time in order for this entity to be granted a
membership, in the first instance, and number resources, either subsequently
or concurrently.  In any case, in and among all of these documents we
(and ARIN) may reasonably hope that there was one which was (a) signed by
an actual legal representative of the company and that (b) asserted that
the company would be engaging in some type of commerce or presence within
the region, as called for by NRPM Section 9.

Whatever document made that assertion could rather easily be redacted, by
ARIN, of all other information and then presented publicly.  And indeed,
if I were to ever give an "I have a dream" speech, on the Capitol Mall
or elsewhere, I would express my dream that someday all five Regional
Internet Registries would cease racing to the bottom of the barrel
against all of the most disreputable and dodgy "offshore" secrecy
jurisdictions on the planet to see which one could be the absolute
worst in terms of basic and minimal transparency.

To put it more plainly, I see neither any justification, legal or otherwise,
nor even any persuasive reason why any of the five RIRs should not immediately
place on their respective web sites those documents, redacted as necessary,
which would show the names, signatures, and contact information of all
legal representatives of all members, as well as any additional basic
assertions they have made regarding their locations and domiciles, and
their bare intents, if any, to do business in this or that region.

None of this information may be reasonably construed to represent either
"trade secrets" or even "confidential business information", unless one
is in the business of tax avoidance, money laundering, sanctions busting,
or merely hiding your assets from your soon-to-be-ex spouse, and nobody
can credibly claim otherwise, not even any of those high-priced mouthpieces
that adorn such opaque havens, as Nevis & St. Kitts, the British Virgin
Islands (whose President was just busted in the U.S. on drug charges),
the Cayman islands, The Isle of Man, Guernsey, Belize, U.A.E., the
Seychelles Islands and the Marshall Islands.

It does not give up any real commercial advantage to have it be known who
is behind a given company.  This kind of information is clearly not even
in the same ballpark as information saying that company X has plans to
rent such as such number of racks of servers in such and such data center.
All five Regional Internet Registries are however, as of now, 

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
Matthew Petach  wrote:

>*sigh*
>
>That should have been "for there is NO proof."
>
>Apologies for not catching that before hitting send.

That's alright.  We are all human and we all make mistakes.  That has been
one of the points I have tried, in my own feeble way, to make from the outset.

I believe that it is incontrovertable from the uncontested facts I've
presented that _somebody_ made a mistake in this case.  Regardless of
any suggestion to the contrary it is not, and has not been among my goals
in presenting this case to have anyone castrated as punishment for the
mistake that was made.  I am a software engineer by trade and by training,
and my first instinct is always to find the bug in the process and to
patch it.  And that's my real goal.  (We can argue about who, if anybody,
should be forced to stand in the corner wearing a dunce cap later on.)

In the aftermath of the 1986 Space Shuttle Challenger disaster, a commission
of eminent subject matter experts was empaneled to answer the dual questions
of what happened and how a repetition of this tragic event could be avoided
in the future.  The commission achieved both goals.

Although there is clearly no comparison between that event and the rather
mundane deviance from ARIN policy that we have been discussing, I do
believe that it would also be worthwhile in this instance to understand
what happened in order to debug any processes that may require adjustment
in order to avoid future such cases.  If it was all down to simple human
error, then perhaps the addition of a simple additional safety latch into
the overall process is all that is required in order to fix the problem
once and for all.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
Matthew Petach  wrote:

>What Ronald is doing is accusing ARIN of *not* going after people
>he suspects aren't following the law, without submitting any actual
>evidence to support the accusation.
>
>This is McCarthyism resurrected.

In my own defense, I agree with you that aspersions without evidence is
the essence of McCarthyism.  But I don't believe that is what I have
done.

Rather, I have elaborated a set of facts that, as far as I can tell, are
quite explicitly indicative of -someone- having messed up.  That may be
the member in question, or it could be ARIN.  I would most certainly
like to know which, but I seriously doubt that I ever will.  Not to a
moral certainty anyway.

It -is- true that due to the limited set of facts I have managed to glean
from open public sources, and from paying close attention to the comings
and goings of various Bad Guys in and on different parts of the global
Internet over more than 20 years I have raised the question of whether
or not ARIN has been, shall we just say, "lax" in its enforement of
certain policies.  And it may perhaps have been unfair for me to have
done that, but I don't believe that the jury has come in on that point
just yet.  (But due to other commitments I haven't yet been able to get
through all of my pending emails for the past 24 hours, so we shall see.
Perhaps the answer is already in there!)

I most certainly have *not* been in the least bit unfair towards the member
at issue in this case.  Quiet the opposite!  I have repeatedly been explicit
in noting that I have -zero- evidence to suspect this member of having
engaged in any amount of fraud, deception, or even mere misrepesentation
And in fact, I have gone the other way by suggesting that it appears to
me more likely than not that the "suspicious fact pattern" I have described
may be attributed to a misstep on the part of ARIN.

>We should not stoop to witch hunt allegations without any supporting
>evidence being offered.  Ronald indicated he couldn't find evidence of
>fraud, and thus wasn't willing to file a fraud report.  He simply said he
>couldn't find evidence that the accused networks and individuals *weren't*
>committing fraud

No.  In fact I believe that I have bent over backwards to avoid even using
the word "fraud".  There does seem to have been some deviance from written
ARIN policy in this instance.  That fact, at least, is, I believe, completely
clear.  But a mere deviance from policy need not amount to "fraud", and I
have taken some pains to stress that very point.

>...and that it was up to ARIN to demonstrate they weren't
>complicit in covering up for the entity.  In essence, he's demanding that
>ARIN show the world how they go about determining that every company
>that has ever applied for number resources is *not guilty* of fraud.

Nope.  I have made no such demand.  You infer too much.

I have (implicitly) asked how the fact pattern I have laid out came to be,
and I have asked if ARIN has perhaps been a bit too shy when it comes to
disciplining wayward members who have NOT failed to pay their annual dues
and who have NOT engaged in outright fraud, but whose current and/or
historical operations seems to put them in violation of ARIN policy.

This is not, I think, an altogether unreasonable question to ask, and
John Curran is certainly capable of putting forth evidence to support
the view that ARIN has historically been vigorous in its enforcement of
policy, even if that evidence is only numerical in nature.

I have most certainly *not* asked John to provide *any* details about how
his staff goes about reviewing member compliance with policy, nor would
I have any reason to do so.  NRPM Section 9 lays out quite clearly the
various criteria that ARIN should (must?) use to evaluate whether any
given member does or does not have "a real and substantial connection
with the ARIN region".  You must think very little of me if you think
that I am unable to intuit how ARIN staff might go about the process of
simply verifying a member's "substantial connection with the ARIN region".
I am not sure why you would have such a low opinion of my capability in
this regard, especially given all of the relevant facts that I have found
and documented in relation to this specific case (SL-206).  I guess you
just think I'm a dunce.

>We should *never* put the burden of proving innocence on the victim.

That raises an interesting question:  Who exactly is "the victim" in this
case?

It is my contention that all Internet users on planet earth are the victims
in this case, because we all may perhaps be victimized by some of the
questionable things that are being given DNS service by an entity that
may very well be in violation of ARIN policy.

And if _that_ contention doesn't suit you, how about if we were to say
instead that all of those perfectly policy-abiding entities in the ARIN
region who are nowadays sitting and waiting patiently on the ARIN wait
queue for some fresh new IPv4 /19 

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
William Herrin  wrote:

>On Thu, Jul 14, 2022 at 12:28 PM Matthew Petach  wrote:
>> Justice must always be a "black box", to protect the innocent,
>> until guilt is sufficiently demonstrated to warrant public action.
>> Otherwise, lives and reputations are destroyed on nothing
>> more than empty allegations from the aggrieved.  :(
>
>You understand that's not how jurisprudence generally works, right?
>Court cases and filings are almost always open to the public.

Bill, we must be cognizant of, and sensitive to the fact that we here in the
U.S. are somewhat spoiled when it comes to the transparency of our judicial
processes, and in particular of our criminal judicial processes.

In Europe, as I understand it (and largely but not entirely due to GDPR)
they take a rather dramatically different approach, and keep everything
under wraps, even *after* some slimebag has been duly and fairly convicted
of multiple heinous, bloodthirsty, and premeditated murders.  Even such
individuals have an immediate right to be instantly "forgotten", under the
law as it exists in much of Europe.  (This affords untold millions of
European citizens the absolute right to live next door to unidentified
serial rapists and/or murderers while remaining totally oblivious to
the sinister malevolence in their own neighborhoods, which is apparenly
their preference.)

Returning however to the question of ARIN and its adjudication of incoming
reports of, shall we just say "fishy fact patterns", for me at least it is
both reasonable and acceptable that ARIN should be allowed to investigate
such matters -without- any uninvolved parties looking over their shoulders
as they do so.  Where I part company with John Curran is when we come to
the question of what ARIN can or should reveal -after- ARIN has completed
its internal reviews.

As I have stated, it is my belief that both ARIN members and the Internet
using public at large would be best served if ARIN would simply give a
thumbs up / thumbs down at the end of any such review it performs.  It can
phrase these concluding pronouncements in the manner I have suggested,
i.e. by simply saying that ARIN either will reclaim resources (and/or
terminate a membership) or that it declines to do so at the present time.
(It need not explain or elaborate in any way on any such decision.)

I believe that ARIN can and should do this within one calendar month of its
reciept of the original "fishiness" report.

This, it seems to me, is neither difficult nor unreasonable.  It would provide
at least some transparency to an internal ARIN process which is at the moment
quite entirely opaque, and for me at least, that would represent real progress.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <1452393337.896930.1657826873...@mail.yahoo.com>, 
Matthew Petach  wrote:

>  On Thu, Jul 14, 2022 at 10:36, William Herrin wrote:
>  On Thu, Jul 14, 2022 at 10:27 AM William Herrin  wrote:
>> Of more concern to me is the lack of transparency in ARIN
>> investigations of fraud. I realize there's a delicate line to walk
>> here between public transparency, non-disclosure of private
>> information and defamation but it doesn't feel like we're at the right
>> balance. The whole thing happens behind closed doors. Unless it ends
>> up in court, all the public gets is a terse summary.
>
>Let me rephrase for clarity:
>
>"all the public gets is a" summary too terse to evaluate ARIN's
>enforcement of number policy.
>
>And how could it be anything but, unless actual guilt is proven, while still
>being consistent with the concept of "innocent until proven guilty?"

I think that "guilt" is not really the appropriate word to be using, at least
not in the context of the case that I have recently presented here.

Somebody messed up.  That is my conclusion.  It may have been ARIN staff.
It may have been the member.  If it was the member, then the error may
perhaps have simply been attributable to a failure, on the part of the
member, to adequately understand ARIN policies.  (Of course it may have
been deliberate and provable fraud, with malice aforethought on the part
of the member, but we can burn that bridge when we get to it.)

Generosity of spirit requires us to admit that as humans we have all made
mistakes.  And for most of us humans our mistakes do not amount to a
deliberate criminal enterprise.  Thus, although I personally prefer
maximum harshness of judgement when it comes to the enforcement of
ARIN policies, I am altogether less eager to see anyone publicly
denounced as a criminal for what may have been just some set of
screw ups.

>you disclose the nature of an investigation while guilt is still being
>appraised?

I don't think that anyone would want that.  I certainly wouldn't.  It
would however be most helpful, from my perspective anyway, if ARIN would
be entirely more forthcoming about the results of their investigations,
when and as they are completed.

If a party has some funny-looking routing or WHOIS records, but is otherwise
behaving entirely in accordance with both the law and ARIN policy, then it
certainly would do no harm to that member for ARIN to publicly absolve
that member of any and all misdeeds and/or misbehavior.  Conversely,
if a given member has violated either the law or ARIN policy, and if
ARIN has been able to establish that, based upon a careful review, then
I would argue that it would be in the best interests of both ARIN members
and Internet users everywhere for ARIN to share that determination with
the community at the earliest possible moment.  And even in those rare
cases where ARIN finds itself compelled to refer some matter to law
enforcement, in the absence of an explict court-issued gag order ARIN
is under no obligation to anyone to keep silent if it has determined to
its own satisfaction that it is more likely than not that laws have been
broken.

But I personally have not even asked for even that level of transparency
on ARIN's part!  Rather, I would be altogether satisfied if, within one
calendar month of being notified of any, shall we just say "suspicious
facts" that may implicate either law or ARIN policy, ARIN would state
publicly one of the following two things:

 *)  ARIN has reviewed this report and ARIN declines to take any
 action with respect to this matter at the present time.

 *)  ARIN has reviewed this report and ARIN has elected to reclaim
 some or all of the relevant assigned number resources, and it
 shall do so by <>.

Note that ARIN need never make any kind of public pronouncement which might
even conceivably place it into any kind of legal jeopardy.  It can simply
state that it has elected to reclaim resources... which it might do for
any number of different reasons... and leave it at that.  The public would
then be free to draw its own conclusions.

I can ask for no more, and I do ask for no less.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message 
William Herrin  wrote:

>Then don't call it fraud. Call it "use potentially inconsistent with
>ARIN policy." Let ARIN determine whether it's fraud.

See my prior post in relation to this point.  I will be happy to file any
kind of report that ARIN may desire so long as the reporting system and
associated form(s) do NOT mention the word "fraud", because that word may
boomerang back and hurt *me* if I report a member for "fraud" that is not
guilty of fraud.

>Of more concern to me is the lack of transparency in ARIN
>investigations of fraud. I realize there's a delicate line to walk
>here between public transparency, non-disclosure of private
>information and defamation but it doesn't feel like we're at the right
>balance. The whole thing happens behind closed doors. Unless it ends
>up in court, all the public gets is a terse summary.

Not even a terse summary!  Both the public even the person who filed the
report initially get absolutely -nothing- back from ARIN.  Not even a
"yea" or "nay" at the end of the investigation.  Zip.  Nada.  Nothing.

If that's not the very definition of "stonewalling" and/or "protecting the
guilty" then I don't know what is.

But I guess that ARIN feels it has the right, even if not the obligation, to
make a blanket claim of "executive privilege" over anything and everything.

This may please some.  It most certainly does not please me.  And there is
*no* rational basis for it, other than an abject and unfounded terror of
being sued by some fraudster, like Mr. Micfo, if ARIN ever says anything
unflattering about them.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <13e37dac-8488-41cf-8157-4ddfbb856...@arin.net>, 
John Curran  wrote:

>> On 14 Jul 2022, at 9:15 AM, Ronald F. Guilmette  
>> wrote:
>> ...
>> What evidence, if any, have you got to the contrary?  Why are you attempting
>> to shift blame to this member when it seems altogether apparent that the
>> fault lies only and entirely with ARIN staff?
>
>Ronald - If you have a case where you believe that resources were issued
>incorrectly, please report it. 

I would be happy to, however... and please forgive me if you think that I am
being too fastidious or too persnickety about terminology here... the problem
from my perspective is that ARIN provides a form for reporting "fraud".  That's
mervelous, however I have neither any evidence nor any clear reason to either
believe or to assert that there has been anything even remotely like "fraud"
(which is a term of art with a clear legal definition) in this case.

So let's just say, for the sake of argument. that I were to use ARIN's fraud
reporting form to report the facts of this case.  And let's also say, again
just for the sake of argument, that ARIN reviews this case in detail and
that at the end of the day ARIN determines that there has been no "fraud"
as defined by applicable law.  Would not the member in question then have
a reasonable basis for suing me, most likely in U.S. federal court ($$$),
for defamation, based on the claim that I had reported this member for "fraud"
when in point of fact they had committed no fraud whatsoever, and had merely
been inappropriately granted membership by ARIN staff, in contravention of
ARIN policy?

It is easy enough for you to encourage me to file a formal "fraud" report on
this case.  You are not the one whose neck may wind up in the noose of an
expensive federal lawsuit if the member has, as I have repeatedly suggested,
committed no actual "fraud".

I believe that there is a readily understandable disconnect here between
your attitude on all this and my attitude on all this.  I think you may be
failing to fully appreciate what I, a perfectly ordinary slob and member
of the unwashed public can know about this case, and what you know, or can
easily know about this case.  *You* can easily consult all internal ARIN
records and can thus determine rather easily if this member committed any
kind of "fraud".  In contrast, for me the situation is quite analogous to
the famous example from the world of physics of Schrodinger's cat.  I cannot
see inside the box.  Therefore I cannot know, apriori, if the cat is alive
or dead, i.e. if this member has comitted some fraud or not.  You can know
this, but no mere member of the public can know this, and certainly not to
a sufficient level of certainty to risk one's bank account on an educated
guess about it.

As I have already made clear, I do not pre-judge the situation, although I
do think that the evident facts of this case make it more likely than not
that the fault here lies with ARIN staff, i.e. in failing to consistantly
enforce policy, rather than with the member.  On that basis I am, I think,
reasonably reluctant to shout "Fraud!" in the direction of this member,
especially given that doing so could land me on the businss end of an
expensive defamation laswuit.

Perhaps the solution here is merely for ARIN to rename its current "fraud"
reporting form and change all associated documentation so as to remove all
mention of the word "fraud"... a word which has clear legal implications,
not only for the party being reported, but also, potentially, for the party
doing the reporting.  Perhaps the title of the form and all associated
documentation could simply be edited so as to make the following simple
text substitution globally:

  "fraud"  => "membership related irregularities"

That would certain be enough to assuage my own reasonable concerns about the
possible legal implications of using the reporting form/process as it now
exists.

>> ...
>> You're dodging the questions John.  I have mostly asked a number of very
>> generalized questions which have nothing specifically to do with this
>> specific member or with this specific case, to wit:
>> 
>>  *)  Has ARIN avoided enforcement of policy against some members out of fear,
>>  warranted or otherwise, of litigation?
>
>That's an easy one - No, ARIN does not avoid policy enforcement our of concern
>of litigation. 
>
>Many in the community would likely find that question amusing, as it is fairly
>well-known that ARIN is both quite familiar with litigation and has a proven
>track record of success. 

I also am aware that ARIN has prevailed in court, e.g. on the Micfo case, and
also on the more recently concluded Amobee/Adconian case.  But those were
cases of rather outright an

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message , 
John Curran  wrote:

>On 14 Jul 2022, at 7:36 AM, Ronald F. Guilmette 
>wrote:
>
> 1)  I cannot, in all honesty and good conscience, report something as
> "fraud" where the set of pertinent facts, as I have elaborated them,
> *do not* suggest that there has been any fraud, deceit, or
> misrepresentation of any kind, at least not on the part of the member
> organization in question.
>
>If you are correct in your assertions, then the organization will have made a
>representation of significant connection to the ARIN region in order to be
>issued number resources (despite having no such connection)

No.  I have asserted that the most likely explanation for the facts at hand
is that ARIN simply made a mistake and never checked if this member had any
substantial connection to the region.

What evidence, if any, have you got to the contrary?  Why are you attempting
to shift blame to this member when it seems altogether apparent that the
fault lies only and entirely with ARIN staff?

I mean any competent 10 year old could have googled the street address of
this member and thus quickly and easily established that its footprint in
the ARIN region was utterly superfluous.  So does ARIN need to hire some
fresh-faced new competent 10 years olds to perform new member vetting?
Or can we all safely assume that performing -actual- and meaningful
vetting on new member applications has just never been a task that ARIN
has been at all keen to undertake, in practice?


> 2)  I could perhaps just be mis-remembering now, but it is my recollection
> that the last time I inquired about the nature of any possible 
> follow-up
> which ARIN might undertake upon its conclusion of any investigation of
> any case submitted via ARIN's fraud reporting form that neither the
> original reporter, not the ARIN membership, nor the ARIN community,
> nor the public at large would ever be informed of the results of any
> inquiry that had been trigged by a fraud report submitted to ARIN.
>
>
>ARIN issues quarterly summaries of the results of investigation into fraud
>reports https://www.arin.net/reference/tools/fraud_report/results/
>This reports are not detailed as they nearly always represent a matter which is
>legal in nature and pending final determination. 

Yes.   And any mistakes that ARIN staff may have made, as in this case, will
then become burried in and among this singular all-pervasive wall of silence.

You'll forgive me if I note the obvious fact that this must be terribly
convenient for you and the staff.  If you folks ever mess up, no one need
ever find out, and you have the means, the motive, and the opportunity to
insure that no one ever will.

I feel sure that I could probably find a few billion other people who only
wish that they could so effortlessly bury the mistakes they make while doing
their jobs.

> 
> 3)  The case of 1337 Services LLC (SL-206), which I have gone to some 
> lengths
> to carefully research and document, raises a host of other questions 
> and
> concerns about ARIN's ability and willingness to enforce existing
> ratified policies.  It is my feeling that you, John, as CEO, should
> openly address these concerns and questions, and not simply endeavor
> to bury them all behind the opaque wall of silence that would seem to
> be ARIN's formalized "fraud" reporting process.
>
>ARIN will not publicly discuss details of specific requests for number
>resources

You're dodging the questions John.  I have mostly asked a number of very
generalized questions which have nothing specifically to do with this
specific member or with this specific case, to wit:

  *)  Has ARIN avoided enforcement of policy against some members out of fear,
  warranted or otherwise, of litigation?

  If not, then please specify how many members have had their memberships
  revoked OTHER THAN in cases of non-payment of fees and/or cases of
  outright, blatant, and legally actionable fraud (e.g. Micfo)?

  *)  How many more memberships are currently sitting on ARIN's books that,
  as in this case, obviously should never have been there, and what
  effort, if any, will ARIN now expend to find them and to terminate
  the memberships involved?

  *)  In light of the facts of this case, what will ARIN now do to strengthen
  the vetting process, going forward, for new memberships?

It is really astonishing that you find it so easy to be quite so cavalier
in the way you have simply ignored these questions.  But I guess you have
that luxury, given that the whole system of review seems to be rigged in a
manner so as to insure total unaccountability for any and all staff mistakes
in policy enforcement.

It probably do

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <9cde9492-a18e-4baf-a0f8-dd0fccda4...@arin.net>, 
John Curran  wrote:

>If you wish that we investigate this matter, please submit a report of the
>suspected Internet number resources fraud as per this process https://
>www.arin.net/reference/tools/fraud_report/

Thank you John, but I must decline that generous invitation for the following
three good and compelling reasons:

  1)  I cannot, in all honesty and good conscience, report something as
  "fraud" where the set of pertinent facts, as I have elaborated them,
  *do not* suggest that there has been any fraud, deceit, or
  misrepresentation of any kind, at least not on the part of the member
  organization in question.

  The facts of this case, as I have laid them out, indicate only that
  the member organization represented by the handle SL-206 incorporated
  itself, most likely in an entirely legal and above board manner, in
  Nevis & St. Kitts, as it had a perfect right to do, under law.  The
  known facts further indicate that this organization then applied to
  ARIN for membership, which was apparently granted.  Where in these
  facts do you find even any hint of fraud or deception on the part
  of the member with respect to ARIN?  I confess that I see none.
  How then, in all good conscience, can I reasonably report the
  organization known as 1337 Services LLC to ARIN as a suspected
  perpetrator of "fraud" and what "fraud" would that be, exactly?

  In short, your invitation to me to file a formal "fraud" report makes
  no sense in the context of this case.

  The known facts do suggest that ARIN's own internal processes for
  vetting new membership applications may at the time (12-11-2012) have
  been inadequate to detect instances where a prospective new member
  had no discernable significant connection to the ARIN region.  That
  failing on ARIN's part however does not imply the existance of any
  attempt at fraud, deceit, or misrepresentation on the part of the
  applicant organization.  For all I know, and for all the publicly
  available facts show, this organization was entirely truthful and
  forthcoming when it applied for its ARIN membership, and the fault,
  if any, must be laid at the doorstep of ARIN, given the known facts
  of this case.

  2)  I could perhaps just be mis-remembering now, but it is my recollection
  that the last time I inquired about the nature of any possible follow-up
  which ARIN might undertake upon its conclusion of any investigation of
  any case submitted via ARIN's fraud reporting form that neither the
  original reporter, not the ARIN membership, nor the ARIN community,
  nor the public at large would ever be informed of the results of any
  inquiry that had been trigged by a fraud report submitted to ARIN.

  If I am remembering that correctly then this deliberate policy of abject
  opacity, especially in a case such as this, where ARIN itself may have
  been at fault, is not only disheartening, e.g. to the original reporter
  (me, in this instance) but it should, I believe, also be concerning to
  the membership, all of whom should be entitled, I think, to honest and
  open answers about past staff failures to enforce previously adopted
  and formally ratified policies, and the reasons for any such failures.

  Again, I will beg forgiveness from all who read these words if I am
  simply mis-remembering, but it was and is my recollection that the
  ARIN "fraud" reporting process is, in essence, and by design, a black
  hole into which information may be tossed, but from which no information
  whatsoever ever emerges.  If true, this is, I believe, sub-optimal for
  a number of reasons, not least because it fails to show due deference
  to the memberhip's right to know how and even whether their ratified
  policies are being taken seriously by ARIN staff.

  It seems quite clear and apparent to me that a case such as I have
  raised with respect to 1337 Services LLC (SL-206), if it were to be
  handled in accordance with ARIN's current uniform "black hole"
  information dispersal policy, would leave no one the wiser if in
  fact this case all came down to a failure on the part of staff to
  correctly and consistantly implement policy.

  Although internally, and among yourself and ARIN staff, this convenient
  ability to sweep staff mistakes under the carpet may appear to be a
  "feature" rather than a bug, I hope that you will at least understand
  why I and others might take a different view.

  3)  The case of 1337 Services LLC (SL-206), which I have gone to some lengths
  to carefully research and document, raises a host of other questions and
  concerns about ARIN's ability and willingness to enforce existing
  ratified policies.  It is my 

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <53bfbac8-2f58-497d-b9db-aaff3ec2f...@arin.net>, 
John Curran  wrote:

>ARIN does not issue resources to organizations absent a real and substantial
>connection to the ARIN region.

I would certainly hope that this would be so, since that *is* ARIN's written
policy, however the set of facts I'm looking at suggest that this is not
always true.

I call your attention to the case of the ARIN member organization denoted
as "SL-206" aka "1337 Services LLC" which is the current registrant of
AS54990, assigned by ARIN, and also the registrant of the 198.167.192.0/19
IPv4 block, also assigned by ARIN to this member.

-
OrgName:1337 Services LLC
OrgId:  SL-206
Address:P.O. Box 590, Springates East, Government Road
City:   Charlestown
StateProv:  Nevis
PostalCode: 
Country:KN
RegDate:2012-12-11
Updated:2012-12-11
Ref:https://rdap.arin.net/registry/entity/SL-206
-

Although the Caribbean nation of Nevis & St. Kitts (KN) is most assuredly
within the ARIN gergraphic service region, I confess that I am not entirely
persuaded that this particular member organization actually has the requsite
"substantial connection" to the ARIN region which would permit it to obtain
or to retain either ARIN membership or ARIN resources.

NRPM Section 9 lists eight different indicators of a "substantial connection"
to the region.  The seventh of these is explicit in noting that mere
incorporation in the region is insufficent to establish the required
"substantial connection" to the ARIN region:

 *  Demonstrating that the entity has a registered corporation in the
ARIN region, although this factor on its own shall not be sufficient.

On that basis I am obliged to inquire as to what other indicator(s) of a
"substantial connection" to the ARIN region is/are possessed by this member
organization.  A diligent search for any such on my part has turned up
none at all, other than the high probability that this entity was
incorporated via an "offshore" incorporation firm in Nevis & St. Kitts...
a firm which has apparently also lent its P.O. box mailing address to numerous
other shell companies which are using the exact same mailing address.
(Thank you Google!)

In addition to the highly dubious nature of its alleged domicile, it is, I
think, worth of nota also that routing to the entirety of this organization's
ARIN-assigned IPv4 address block (198.167.192.0/19) appears to currently be
provided by a Finnish company named "abstract" via AS39287.  Also, traceroutes
to random IP addresses within this block appear to dead end somewhere in the
nordic region of Europe, most likely Sweden:

...
13  linx-10ge.lon1.uk.portlane.net (195.66.225.159)  152.769 ms  155.131 ms  
154.441 ms
14  be-5.cr3.ams1.nl.portlane.net (80.67.4.225)  159.697 ms  159.874 ms  
164.165 ms
15  be-4.cr1.mal4.se.portlane.net (80.67.4.239)  169.469 ms  169.371 ms  
170.246 ms
16  80.67.1.121 (80.67.1.121)  169.788 ms  170.777 ms  171.708 ms
17  r.vpn.njalla.net (198.167.192.13)  171.209 ms  169.793 ms  169.998 ms
18  * * *
19  * * *
20  * * *
...

Conversely, this organization's ARIN-assigned ASN (AS54990) appears at present
to be providing routing only to the following two RIPE-assigned IP blocks:

185.193.124.0/24
2001:67c:235c::/48

and these blocks are themselves registered to (a) a Swedish entity going by
the name "Njalla" (for the IPv4 block) and (b) in the case of the IPv6 block,
the aforementioned "abstract" company, allegedly located in Finland.

I should perhaps mention also that traceroutes to random IP addreses in the
2001:67c:235c::/48 block are also highly suggestive that the physical
infrastructure supporting this address block is likely located somewhere
in Europe, with the traceroutes passing at least through the Netherlands,
and that various web-accessible geolocation services place the address
185.193.124.1 either in the vicinity of Oslo, Norway, or, in the case of
Neustar's geolocator service, Malmo, Sweden.

These facts, I'm sorry to say, leave me altogether unpersuaded that the
corporate entity designated in ARIN records via handle SL-206 has the kind
of "substantial connection" to the ARIN region that is allegedly necessary
for its ongoing membership, let alone the lear regional connection needed to
justify this corporation's currently assigned ARIN number resources.

Current reverse DNS for the entire 185.193.124.0/24 block also does not appear
to be indicative of any real or material connection to the ARIN region:

185.193.124.1 1-you.njalla.no
185.193.124.2 1-you.njalla.no
185.193.124.33 2-can.njalla.in
185.193.124.34 2-can.njalla.in
185.193.124.230 ns2.sarek.fi

In point of fact, this corporate entity, although incorporated in the rather
notoriously opaque Caribbean nation of Nevis & St. Kitts, known as much for

Re: [arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

In message <7f1c6797-f050-4424-a26a-385b14a0e...@arin.net>, 
John Curran  wrote:

>   *)  Violation(s) of out-of-region usage policy.
>
>
>Such has not to my knowledge (and quite unlikely to occur, as "ARIN registered
>resources may be used outside the ARIN service region."
>

Thank you John.

I just want to be sure that I am clear on this point.  The relevant section
of the NRPM, which you linked to, states:

"Out of region use of ARIN registered resources are valid justification
for additional number resources, provided that the applicant has a real
and substantial connection with the ARIN region which applicant must
prove (as described below) ..."

"A real and substantial connection shall be defined as carrying on
business in the ARIN region in a meaningful manner."

(A lengthy list of possible means of demonstrating exactly such a "substantial
connection" to the region is then elaborated.)

The above, together with your statement, leaves me with two questions:

1)  The NRPM Section 9 verbiage I have quoted above is explicit in placing
a restriction upon ARIN, apparently prohibiting it from assigning
"additional number resources" to applicants that lack "a real and
substantial {and provable} connection with the ARIN region".

Perhaps I am just reading too much into this, but the way in which
this section of the NRPM is worded certainly appears to give license
to ARIN to provide *initial* assignments/allocations of number
resources to parties or entities that entirely lack any real,
substantial, and/or provable connection with the ARIN region, and
that the NRPM policy, as written, only prohibits ARIN from provding
resources to entities or parties which have no substantial connection
to the region AND that are coming back for "additional" resources,
presumably after they have already been assigned some such by ARIN.

Am I reading that right and is that your interpretation also?

2)  Am I to understand that in the entire history of ARIN, or at least
in the entire history of the above-quoted in-region "substantial
connection" requirement, there have actually been a grand total of
zero instances in which any party or entity had their ARIN resources
reclaimed on the basis that the party or entity in question was found
to have no substantial connection to the region?

As should be apparent, this latter point/question may have some relevance to
the ongoing controversies wthin the AFRINIC region.

If other regions are not enforcing any of their own written geography-based
policies then that fact alone would seem to make the argument that AFRINIC
should follow suit, and should not do so either, at least somewhat more
logically defensible.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

[arin-ppml] Reclamation of Number Resources

[Ronald F. Guilmette]

Greetings all,

As many of you no doubt know, there has been quite an extraordinarily large
brouhaha of late within the AFRINIC region relating to AFRINIC's efforts to
reclaim certain large blocks of IPv4 addresses from one particular member
organization.  This effort has resulted in considerable litigation within
Mauritius, the home country of AFRINIC.

Partially as a result of this ongoing controversy, but also just for my
own edification, I would like to ask a number of questions about any and
all prior instances in which ARIN has reclaimed number resources from
member organizations, based on policy.

It seems safe to assume that there have historically been some instances in
which ARIN memberships have been terminated, and any associated assigned
number resources reclaimed, if and when a given member has simply failed
to pay fess due to ARIN.  My questions however have to do with situations
where policy violations other than the non-payment of fees are involved.
Specifically, I would like to know if any of you can recall past instances
where number resources have been reclaimed, by ARIN, for any of the following
reasons:

*)  Usage of the assigned number resources was no longer consistant with
the original justification submitted to ARIN.

*)  Violation(s) of out-of-region usage policy.

*)  Any other policy violations.

I should perhaps stipulate in advance that I am well and truly aware of the
rather convoluted story of Micfo, Inc. and its proprietor, and that my
(naive?) assmption is that all relevant number resources have by now been
reclaimed by ARIN for the simple reason that there was outright and proven
fraud in that case.  I am not particularly interested in such cases at the
moment, but I do wish to learn only about prior instances in which number
resources were reclaimed by ARIN for any of the more mundane reasons listed
above.

Thanks in advance for any and all responses.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5

[Ronald F. Guilmette]

In message 
William Herrin  wrote:

>Generally speaking, lying in representations involving a contract can
>be fraud, not perjury.

Thank you for that clarification Bill.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5

[Ronald F. Guilmette]

In message <1819b34ad3d.c43ea0fc196.7725528628968799...@iptrading.com>,
Tom Fantacone  wrote:

>The Officer Attestation is a simpler form signed by the Buyer attesting to
>the accuracy of the justification data and doesn't require notarization.
>That's the one the draft policy seeks to eliminate.

I'm highly biased towards whatever is most pragmatic.

So, the question for me becomes:  Are there any circumstances in which these
specific attestation documents have been found, in practice, to be functionally
useful for anything?

If not, then it is probably smart to just dispense with them.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Interpretation Question -- ARIN Code of Conduct

[Ronald F. Guilmette]

In message , 
John Curran  wrote:

>{... snipped ...}

As always, thank you, John, for your response and for your clarity.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5

[Ronald F. Guilmette]

In message 
Louie Lee  wrote:

>I may even further add onto John's excellent explanation that the
>individuals within this community do not even have to reside in the ARIN
>service region to participate in ARIN policy discussions!

Thank you.  I am a lifelong Californian, born & bred, so I am quite well and
truly within the region, even if, as you noted, this is not a requirement
for participation.

Having already entered into this topical digression however, I feel that
I have at least at weak justification for extending the digression even
a bit further to ask for confirmation of the following quote from Wikipedia:

   https://en.wikipedia.org/wiki/American_Registry_for_Internet_Numbers

   "The American Registry for Internet Numbers (ARIN) is the regional
   Internet registry for Canada, the United States, and many Caribbean
   and North Atlantic islands."

Assuming the above to be accurate, I do wonder what the implications might
be of a possible future secession from the United States of America of, for
example, the State of Texas.

May we, the sane, reliably and without fear of contradiction assure our
brethern in the sovereign state of Texas that they and their memberships
shall all be summarily ejected from ARIN upon their state's official 
secession from the Union, given that they will no longer be part of the
United States proper and thus no longer part of the ARIN region, as
defined?


Regards,
rfg


Ref:
https://www.businessinsider.com/texas-gop-floats-possibility-of-seceding-from-the-us-2022-6
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5

[Ronald F. Guilmette]

In message <601ea0f8-c4ab-a977-dad1-5ad32ac4a...@egh.com>, 
John Santos  wrote:

>As a human being (or a reasonably capable facsimile thereof) who is interested
>in Internet Governance (whatever that is), you certainly qualify and your vote
>counts!  Welcome to the Community!

Thank you.  I _have_ occasionally been accused of being a reasonable facsimile
thereof, and I shall certainly endeavor to be worthy of that exalted status.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

[arin-ppml] Interpretation Question -- ARIN Code of Conduct

[Ronald F. Guilmette]

My apologies for interrupting ongoing discusions of pending policy proposals,
but I have reason at the moment to seek views regarding people's
interpretations of the word "harassment" as used repeatedly within the
ARIN Code of Conduct.

I should begin by saying that my sudden interest in this topic has been
piqued by recent events on one particular mailing list of a different
Regional Internet Registry (i.e. not ARIN).

My hope and belief is that "harassment" as used within the ARIN Code of
Conduct is sufficiently broad in its practical interpretation to cover
any and all manner of threats against any and all participants in the
ARIN community, including but not limited to threats of bodily harm,
threats of doxxing, threats to reveal personal information of any kind
which might possibly be damaging in any way to the party being threatened,
and threats of legal action, whether well founded or otherwise.

I have a particular interest in that final category of threat at the present
time, but really, because of the inherent ambiguity of the rather broad
brush term "harassment" I'd like to know if others here feel as I do that
any type of interpersonal threat should have no place in othewise civilized
discussions in or on any mailing list belonging to any Regional Internet
Registry.

I shall of course, be perusing the Codes of Conduct for all five RIRs to
try to ascertain what each might have to say on this subject, if anything,
although I'm sure that many, including myself, would have hoped that it
would have been implicitly clear to all, globally, even without any formal
codification, that threats are not exactly conducive to cooperation toward
shared goals, let alone any communal sense of esprit de corps.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5

[Ronald F. Guilmette]

In message 
Matthew Wilder  wrote:

>Would-be fraudsters on the transfer market would
>now face significant cost to execute a transfer, and presumably, an
>organization operating in bad faith could easily provide officer
>attestation.

Are these attestations signed "under penality of perjury"?

If so, it may be worthwhile to keep requiring them.  Fraudsters may yet
balk at adding yet another crime on top of whatever ones they are already
committing.  (That is my thinking anyway.)


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Draft Policy ARIN-2022-3: Remove Officer Attestation Requirement for 8.5.5

[Ronald F. Guilmette]

I am not a member, so I'm not even sure if my vote even counts, but I also
am opposed to this proposal.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] ARIN 2021-7

[Ronald F. Guilmette]

In message 
Amy Potter  wrote:

>*Problem Statement:*
>
>The current abuse contact fields are not sufficient for the abuse reporting
>mechanisms most frequently used today. For many network providers, the
>process for dealing with network abuse usually starts with a web page. The
>web page provides instructions and may offer forms for describing the abuse
>and uploading supporting material of the nature that the service provider
>needs in order to take action. It would be helpful for these organizations
>if the abuse contact had a specific field for a machine-readable abuse URI.

99% of all online abuse has been and is still email spam.

Responsible providers long ago recognized this and implemented blocks on
outbound port 25 TCP connections other than to that subset of their
customers for whom they have a high level of trust.  Such blocks have
essentially eliminated the outbound spam problem even for the largest
of providers (e.g. Comcast, etc.)

Sadly, many providers, for whatever (cockamamie?) resons have decided not
to go that route and thus, nowadays essentially all email spam that all of
us receive comes from those providers, i.e. the ones that are either too
lazy or too inept to do the Right Thing.

These providers shift the burden of dealing wth their own spam outflows
onto the recipients.  They do so every bit as much as the spammers themselves
shift the costs of their advertising onto the recipients.

So our mailboxes fill up with spam.  This is part of the price we pay to be
open to accepting inbound email from almost anyplace on earth.

The providers who are either too lazy or too inept to implement any sorts
of preventative measures... i.e. to stop spam from even leaving their networks
in the first place... are also, it seems, too lazy and/or inept to even read
or deal with the emailed reports sent to them by the 0.01% of spam recipients
who take the time to report spams to the relevant providers.  These lazy
providers complain incessantly that they "don't have the manpower" or don't
have the resources to even read "all of those damn spam complaints", at
least if the complaints in question come to them via the exact same medium
that was the medium used to commit the abuse in the first place., i.e. email.

Apparently, what's good for the goose is not also good for the gander.  Many
providers think nothing of -my- time or -my- overflowing email inbox,
but when it comes to -their- inboxes, they just can't be bothered to read
even just the tiny fraction of the email complaints that are generated as
a result of their own spammer customers.

So instead they propose this "solution" i.e. to force all spam recipients
to jump through the hoops of each provider's own unique (and often Rube
Goldberg inspired) convoluted web maze, just to tell them that they have
a spamming customer.

This "solution" begs many obvious questions.

First, how is it in any way less labor intensive to read and understand the
nature of an abuse complaint if the complaint in question is sent in via a
web form as opposed to via email?  Either way, some living person who is
prsumably made out of flesh and bone must read and try to make sense of
the report.  So this "solution" quite obviously doesn't provide any help
AT ALL with regards to reducing the manpower required to properly analyze
and then properly act on abuse complaints.

Second, if a given provider is so overwhelmed by its incoming flood of abuse
complaints that it starts searching for some "solution" to lighten the load,
then shouldn't that incoming flood of abuse complaints itself be treated as
a huge red flag, indicating that the provider in question is doing a perfectly
abysmal job at either vetting its own clients or at disiplining them when
and if they become abusive?  (Universities, government departments, and
private firms, despite often having a lot users and a lot of IP real estate,
never seem to complain that *they* are being overwhelmed by floods of
incoming abuse complaints.  Maybe it is because *they* act responsibly to
disipline their wayward users whle -commercial- ISPs often shrik their
responsibilities for doing so.)

Once again, the "solution" for an overwehlming flood of incoming abuse
complaints is -not- to simply add some additional layer of complexity and
automation.  The solution is to fix the actual problem, which is the
massive spam outflow, and the reasons for it.  (But that would require
some amount of thinking and self-conscious introspection, which I gather
is too high a bar of expectations to place upon many commericial ISPs.)

Lastly, the question arises of how exactly it is in any way ethically
defensible for any provider to first (a) shift the burden of spam onto
recipients elsewhere (i.e. by failing to control it at the source) and
yet also (b) demand from spam recipients uncompensated free labor, i.e.
figuring out each different provider's unique abuse reporting web form.

This is, I think, quite clearly just adding insult to injury. 

Re: [arin-ppml] Spammers Plead Guilty, Company Forfeits $4.9 Million

[Ronald F. Guilmette]

In message <1dccb199-ccbf-4c96-8c52-02bd72d02...@jorhett.com>, 
Jo Rhett  wrote:

>Before any of you jump up to say they also had to pay $3million against
>their revenue...

Just FYI -- If I have understood everything that I have read correctly,
then the -company- that these crooks were working for, Amobee, has had to
pay nearly $5 million dollars as a result of these proceedings.  (That
itself seems a bit inexplicable to me, given that the company itself was
not charged with any crime, at least none that I am aware of.  But I guess
that there are many things about this case�that I do not know and that the
U.S. Department of justice has not seen fit to publicly share.)

I might mention also that perhaps ARIN, or someone else, may yet file a formal
bar complaint against one of the four charged defendants, Mr. Mark Manoogian.

My understanding is that Mr. Manoogian is and remains a member in good
standing of the Massachusetts state bar, despite apparently residing in
California.

I would file such a complain myself, but I am not personally an aggrieved
party in any of these matters, and thus, I have neither any basis nor
any legal standing to file such a formal bar complaint.  It would seem to
me however that, in contrast my own personal situation, ARIN, Inc. would
and does have standing to file a formal bar complaint about Mr. Manoogian.
Whether ARIN management or the ARIN Board elect to do so is, of course,
a matter for their good judgement.


Regards,
rfg


P.S.  It has also been suggested to me privately that two of the four named
defendants are not in fact even U.S. citizens.  If that is accuarate, then
I for one will hope that the DOJ seeks to have them physically removed
from the country.  (I think that we have an ample supply of home-grown
crooks such that we do not really need any additional imports.)
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] ARIN public participation

[Ronald F. Guilmette]

In message <922521a2-ac85-5cf3-8238-8de382f11...@gmail.com>, 
Fernando Frediani  wrote:

>AfriNic trouble has been just an great example how economic interests 
>may try to force things to malfunction in the benefit of a few actors 
>and we all here that discuss proposals with the aim to have consensus on 
>them should be able to have easy access to these kind of episodes and 
>take that into account as well...

I should begin by apologizing to any and all list members for having started
this thread here, given that this whole topic is, as John C. has noted,
arguably off topic.  I also do apologize if any on my own statements here
have been improperly personal, although I do not, at present, recall any
that were.  (Please feel free to correct me off-list if I am merely failing
to remember.)

That all having been said, it is improbable that anyone who has been on this
list for any length of time will be ignorant of my own personal preferences,
and in particular my personal preference that the greatest possible latitude
should be accorded to any arguably relevant discussions here, subject, of
course, to the need for proper decorum.

I am compelled also to note my agreement with the point made by Fernando
and quoted again above.

We here in the United States are now and have been for some time passing
through a fiery trial that will light us all down, in honor or dishonor,
to the latest generation.  As we now know, this conflict was, in many
respects, both borne from and suckled by the innumerable and often subtle
ambiguities of both our country's founding documents and our subsequently
ratified national statutes.

Innumerable parties, seeking after their own personal interests, have in
recent years methodically sought to exploit all these ambiguities to their
own advantage.  And it is true, I believe, that an arguably analogous script
is now playing out within the AFRINIC region and with respect to its
established organs of governance.

One obviously hopes that no such scenario will ever arise with respect to
ARIN, but the old adage "Forewarned is forarmed" comes immediately to mind.
This is certainly one of the reasons for my original post in this thread.

It may be of use, I think, for the membership and for any and all parties
involved in ARIN policy development to be aware of the possibility that
any cracks or loopholes in either the policies or the legal constitution
of ARIN could, in theory and perhaps even in practice, be turned against
the best interests of the membership.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC vote buying

[Ronald F. Guilmette]

In message , 
Owen DeLong  wrote:

>> On Jun 1, 2022, at 14:52 , Ronald F. Guilmette  
>> wrote:
>>
>> So, just to be clear about this Owen, are you asserting that, contrary to
>> the first-person testimony contained in the video, there are not now, and
>> there have not been, within, say, the preceeding calendar year, back from 
>> today,
>> any attempts to purchase "voting rights" from any member organization of
>> AFRINIC, and that no member of AFRINIC has been either offered or given any
>> kind of compensation, renumeration, inducement, or "investment" of any kind
>> which has been conditioned upon the receiving member either changing its
>> official vote(s) or giving over control of said vote(s) to any other party
>> or parties?
>
>I am not. I have no idea one way or the other whether that has occurred
>or not.

Well, it is not exactly a secret that you are or have been employed by a
certain not-really-african shell company, inccorporated in the "offshore"
jurisdiction of the Seychelles Islands, and which has been vigorously
contesting, via any any and every means possible, AFRINIC's decision to
revoke its IPv4 allocations, for cause, including but not limited to
litigation.

It is also not hard to intuit that the vote buying scheme described in the
video likely traces back to that same company -- a company that would
seem to have reason to want to engineer a "hostile takeover" of the
AFRINIC Board of Directors, again via any and every means available.

Given that you do now work for this company, or that you have worked for
this company in the relatively recent past, I must ask if your claimed
total ignorance of this underhanded scheme is a result of your natural
lack of curiosity, or if your state of ongoing abject ignorance of these
matters may perhaps be the result of your deliberate desire not to know.

In either case, I would ask that you make appropriate inquiries with your
paymaster and get back to us in order to let the ARIN community know if
there is any shred of truth to the rather stunning claim that a coordinated
scheme to buy the votes of AFRINIC member organizations has in fact been
put into effect.

No hurry.  We'll wait.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC vote buying

[Ronald F. Guilmette]

In message , 
Owen DeLong  wrote:

>It's actually full of misinformation.
>
>It misstates the AFRINIC bylaws, the contents of the RSA, and the CPM.
>
>It is also from one of the candidates hand picked by the board and
>Nominating Committee to railroad the election.
>
>The election has been challenged and is currently blocked by court order

So, just to be clear about this Owen, are you asserting that, contrary to
the first-person testimony contained in the video, there are not now, and
there have not been, within, say, the preceeding calendar year, back from today,
any attempts to purchase "voting rights" from any member organization of
AFRINIC, and that no member of AFRINIC has been either offered or given any
kind of compensation, renumeration, inducement, or "investment" of any kind
which has been conditioned upon the receiving member either changing its
official vote(s) or giving over control of said vote(s) to any other party
or parties?

Owen, I know that, much like myself, you are enamored of extensive elaboration,
but in this instance I do believe that a simple yes or no will do.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC vote buying

[Ronald F. Guilmette]

In message <3d9344a0-0680-7c4e-44ef-a23a79f71...@gmail.com>, 
Fernando Frediani  wrote:

>In my humble personal opinion...

I don't wish to be chastized for being off-topic here, but just briefly
my own view is that "cutthoat capitalism", for lack of a better term, and
total monetization of all IPv4 resources is likely the historically
inevitable final endpoint for all these resources, however I have a
strong preference for seeing things reach that inevitable endpoint as
a result of free, fair, and orderly democratic processes, rather than
via a concerted campaign of litigation, intimidation, and bribery, the
latter approach being repugnant to my personal sense of fair play generally.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC vote buying

[Ronald F. Guilmette]

In message 
,
 
Steve Spence  wrote:

>This is a well done video.  I hope they sort things out.

I agree on both counts.


Regards,
rfg


P.S.  Perhaps other RIRs may want to take this as a wake-up call and incorporate
some sort of prohibition against vote buying (or other such fancy footwork) into
their various applicable legal agreements.

Just a thought.  Maybe worth what you paid for it.
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

[arin-ppml] AFRINIC vote buying

[Ronald F. Guilmette]

 
Even though this relates to a whole different Regional Internet Registry,
I think that some (many) of you may be interested to watch this video and
to learn what's been going on of late down in the AFRINIC region.
 
https://www.youtube.com/watch?v=32xCurWfJo4

___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)

[Ronald F. Guilmette]

In message <391242690.8.1631416835397.javamail.zim...@cameron.net>, 
Paul E McNary  wrote:

>We are out of ipv4 IP's.

Not really.  It's just that the ones that we have are very poorly distributed
and also very poorly utilized.

It is technically possible to host 100,000+ web sites on a single IPv4 address.
Is is also technically possible to provide email service for 100,000+ domains
on a single IPv4 address.  Is anybody doing that?  No.  Because the incentives
to do so just aren't there... yet.

If you think that we've run out of IPv4 addresses, talk to the U.S. DoD which
just re-routed 175 million of their 221,971,968 IPv4 addresses, just to use
them as one colossal and record-shattering honeypot.

If you think that we've run out of IPv4 addresses, talk to Comcast and ask
them why they haven't moved to IPv6 and then returned their 79,419,720 IPv4
addresses to the free pool to help everyone out and relieve this artificial
"scarcity" for the benefit of everyone.

If you think that we've run out of IPv4 addresses, talk to AT and T-Mobile
and Verizon about the huge piles of IPv4 that each is sitting on.  Or better
yet, talk to the Ford Motor Company, and The Prudential Insurance Comapny,
the U.S. Postal Service, and to Apple, none of whom is a service provider,
and all of whom are individually sitting on an entire /8 or more (i.e.
>= 16,777,728 addresses each).

Then maybe we could ask if Amazon really needs 23.3 million, if IBM really
needs a whole 17.5 million, if Google really needs 13.1 million, if Eli
Lilly really needs 11.5 million, and if Merck really needs 7.2 million,
and if Bank of America really needs 6.2 million.

We're dying of thirst in the middle of Lake Superior.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)

[Ronald F. Guilmette]

In message , "Mueller, Milton L"  wrote:

>How about dealing with this conclusion of the article we wrote about it:
>
>"...
>The tiny leftover portion of the IPv4 address space that AFRINIC controls is
>not going to sustain the kind of growth that is needed. This is a fight over
>crumbs. The collateral damage from this fight is not proportionate to the
>value of the stakes."

I feel compelled to note two things, even though doing so will likely earn
me no new friends @ gatech:

  *)  In my occasionally humble opinion, it is not within the job description
  of academics to determine the present value, or conversely the lack
  thereof, of any given commodity.  That having been said, I am sure
  that we would all welcome scholarly predictions of likely future
  trends in IPv4 pricing, especially if those could be expressed in
  concrete numerical or graphical form.

  *)  Free market participants appear to place a present value on single IPv4
  addresses at something at or well beyond $25 USD apiece.  If these are
  indeed worthless "crumbs" then they are quite certainly among the most
  valuable "crumbs" that I am aware of, and I personally would be only too
  happy to relieve any and all parties of the ongoing burden of carrying
  such annoying and troublesome crumbs on their books in exchange for any
  mutually agreeable compensation at or below the above figure, provided
  of course, that such parties hold the requisite transfer rights.


Regards,
rfg

___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)

[Ronald F. Guilmette]

In message , 
Fernando Frediani  wrote:

>I am glad that more most people seem to reject the idea that IP leasing
>may be a good or even justified thing, including for those who end up
>paying for it.

Speaking only for myself, I am not opposed to leasing, in principal, however...

I hate to use cryptocurrencies either as an example, or for any other purpose
for that matter, but that won't prevent me from using an analogy based on
that particular category of fungible commodity on this occasion.

Cryptocurrencies, as I'm sure you all know, are either bought from someone
who already owns some such, or else pieces of this commodity are manufactured
anew by someone.  This latter route to acquisition is generally understood
to involve the investment of some quantity of "work", which itself usually
entails both the acqusition and application of some amount of expertise,
together with some amount of $$$s spent on mining equipment and electricity.

In general, the payoff for such investments is typically some function of
the size of the investment(s).

As elsewhere in the global economy, in the case of cryptocurrencies there
is no such thing as a free lunch.

I suspect that I am not alone in feeling that leasing is not, in and of
itself, evil.  What -does- chap my hide, and that of many others also
I think, is the sight of some parties involved in the leasing business
that have minimized their costs/investments while maximizing their ROI,
and who have done so based on the relatively minor cost & effort needed
to acquire IPv4 addresses directly from the RIR free pools, past or present.

Call it envy if you like.  It doesn't matter.  Nobody likes to see the
system gamed except for the people who gamed it.  And most of us have to
actually work for a living.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)

[Ronald F. Guilmette]

In message <071e01d7a414$8afbd4e0$a0f37ea0$@iptrading.com>, 
"Mike Burns"  wrote:

>When marshalling arguments against the use of leased addresses as
>justification for new purposes, you have to carefully consider weighing
>them against the RIPE example, where there are no justifications, and
>no proscriptions against buying addresses in order to lease them out.[1]

... or even selling those addresses outright, after a sufficient waiting
period (2 years?), as I understand it.

>It can be done; it has been done; it's being done. If there is a genie
>in a bottle, that genie has long since escaped without incident.  

Well, I would perhaps take issue with that "without incident" part.  I am
personally aware of some Bad Actors in the RIPE region that have, in my
opinion, abused the rather loose situation there in order to acquire
large amounts of scarce IPv4 space using the expedient of numerous shell
companies.  (Personally, I probably wouldn't even mind this sort of thing
if it were not for the additional fact that the IPv4 blocks in question,
once issued, have been turned into snowshoe spamming farms of the kind
that I have been working for the past 16+ years to defeat.)


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message 
Christian Orozco  wrote:

>You already pointed out that there are hundreds of companies and yet you
>still see CI's reach as "small." That simply does not sound right. You may
>also want to check the LARUS website for their customer reference (
>https://www.larus.net/customers) and cross-check the BGP. If you still
>believe that there is only one large company that CI serves, you must have
>not informed yourself well enough.

I never said that Cloud Innovation serves only one company.  I questioned
the assertion that it serves "millions", and I still do.

On the "customers" page you pointed me at, there are logos for only 86
companies, the vast majority I have never even heard of before, and
those company logos are *not* links so it would take some time even just
to verify that those 86 companies are even all real and actually existing.

I have certainly heard of KDDI, China Unicom, Baidu, and a few of the
other big ones, but anybody can put the logos of these companies on
their web site.  Can you show me where those three, in particular, are
getting service of some kind from Cloud Innovation?  Because I am
certainly not aware of that.

One of the companies named in on that page did jump out at me... Alson
Media.  Please correct if if I'm wrong, but that is an email marketing
company, right?  And that company uses a LOT of different domain names
and IP addresses in order to get around recipient-side spam filters, right?
(Some people refer to this as the "snowshoe" technique for evading spam
filters.)

>Also, with your statement, are you implying that small entities are less
>important than large ones? And that there is nothing wrong in letting them
>die?

I never said that either.  Once again, I am simply questioning the assertion
that Cloud Innovation has "millions" of customers depending on them.  I just
don't see that assertion as being supported by the available facts, but I am
perfectly willing to be proven wrong by actual hard evidence... if you have
any such.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message 
, 
Christian Orozco  wrote:

>Cloud Innovation serves hundreds of networks, some of which are considered
>as the largest telecommunication companies in the world and the largest
>Cloud service providers even.
>It would totally help to check the BGP first for your information. That
>will best answer your question.

You made an assertion that CI was serving "millions" of end users.  I've
asked you to support that assertion with hard evidence.  You have provided
none.  Thus, I remain unpersuaded.  And yes, I *have* looked at the BGP
data, and much more.

In fact the one and only really large telecom company that I have seen as
"being served" by Cloud Innovantion is China Telecom.  If there are others
that are obtaining service from Cloud Innovantion (and not the other way
around) and where that fact can be demonstrated, then by all means, please
proceed and present that evidence.

In contrast to the picture you have painted, what I have seen, based on the
admittedly set of data points I have looked at, is that Cloud Innovantion
appears to serve a relatively small number (in the hundreds) of companies,
mostly ones in Hong Kong that are, by and large, of relatively recent vintage.
Those CI customers in turn appear to each have relatively few unique customers,
with many of them apparently specializing in running large "cookie cutter"
SEO web farms.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)

[Ronald F. Guilmette]

In message <05f901d7a03d$784620b0$68d26210$@iptrading.com>, 
"Mike Burns"  wrote:

>Geoff Huston did an analysis a few years back which pretty conclusively
>showed older and unused legacy blocks were a primary source for the transfer
>market,

I am quite entirely sure that that is the case.  But even assuming, as we
both do, that that is true, that does not undercut the point I made which
is that for all we know, there are plenty of folks out there right now
who are holding onto their unused IPv4 space in the hopes that they will
be able to sell that in the future for more money than they can today,
due to the ever-increasing scarcity.

Mining companies were continuing to mine silver and were continuing to
sell it to industrial end users for practical applications even as the
Hunt Brothers were attempting to corner the silver market in March, 1980.
The one activity ("speculating") does not preclude the other ("practical
application of the resource") or vise versa.  Both can and do co-exist.

>" Just curious Mike... Does this opinion on your part extend also to IPv6?"
>
>Of course not. IPv6 is not a scarce resource and there is no market for it
>to compete with the free pool.

IPv6 isn't scarce -today-.  If we look out 25 years it may become so.
So then what?

The "nuclear option" is just to detonate all of these RIRs and sell off
their entire remaining holdings... both IPv4 and IPv6... in exactly the
same manner that the FCC auctions off spectrum, i.e. to the highest bidder,
leaving the RIRs to be just "county property registry" type entities whose
only job is to keep the books.

This seems to be what Lu Heng and others want, and strange as it may sound
coming from me, nobody has ever persuaded me that this would actually be a
Bad Idea... and I gather that you also would tend to view this idea favorably.

Just for clarity, I've never said that I oppose this goal. I've only said
that I personally find Lu Heng's manner of trying to achieve it reprehensible.

>What you call "speculation" is I think a misnomer. That word is pointedly
>used because it has negative connotations in the mind of the economically
>illiterate.

Well, *I* certainly did not intend it that way.  Speculators can be good.
Speculators can be bad.  It all depends on specifics and context.

>What really is happening with leasing is merely a different
>channel of distribution, and it emulates the presence of leasing in auto
>markets,  equipment markets, property markets, and many others because it
>makes economic sense.  
>What if you rent out  your spare bedroom, are you a speculator? 

Arguably yes, but my mother would still love me anyway. :-)

>What if you buy the house next door and rent it out, are you a speculator?

Arguably yes, but see above.

Again, I personally don't attach entirely negative connotations to the
word "speculator".  In a very fundamental way, we are all speculators
each time we get up in the morning and go to work, expecting to slave
away all day in the hope that we will not be rendered moot by some
dinosaur crushing metor before we can make it home at the end of the day
to our gin & tonic.  Everyone takes risks and if noone did, civilization
as we know it would not only cease to exist, it would never have come
into being in the first place.

The real problem of course, and the reason why "speculators" have tended
to get a bad name, is that some few can be seen to get ahead not by dint
of hard work but rather via sharp dealing and/or secret connections.

>If it should also happen
>that meeting these needs is a profitable venture for the lessor, and the
>lessor wants to buy another block to lease out, what is the problem with
>that?

I see nothing wrong with that, as long as the playing field is level, as
long as everyone knows and conforms to both the letter and the spirit of
the rules, whatever those rules may be at the time.

In fact it is really only (a) too-clever misreadings of contracts and/or
(b) the use of secret "insider" connections by a few that really chap my
hide.  As long as people are plying the capitalism game in a fair manner,
I have no objections whatsoever and in fact I heartily endorse what has
has, over time, proven to be the best way to insure efficient use of
limited resources.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message ,
Owen DeLong  wrote:

>The claim that those users could go directly to AFRINIC given  
>AFRINIC's refusal to recognize the validity of out-of-region  
>utilization is patently absurd.

Can you provide a refrence or a URL which would illustrate this alleged
"refusal to recognize the validity of out-of-region utilization"?

I would really like to read about that, because this comes as totally new
news to me!  I was not aware that AFRINIC was or is in any sense "refusing"
out-of-region usage.

 
Regards,
rfg

___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message , 
Owen DeLong  wrote:

>... there really isn't
>anywhere else for most of those organizations to go and renumbering such
>massive networks in 90 days is extraordinarily impractical even if it were
>possible.

Are you sure about that "renumbering" part?

>From where I am sitting it appears that about 1.7 million of those 6.2
million IPv4 addresses are running web servers on port 80 and that a
significant number of those, perhaps even a majority, appear to just be
serving up what I would call "cookie cutter" essentially identical content,
reachable only via what looks to me like essentially gibberish domain
names that are being cycled in and out on a frequent basis by someone
anyway.

The remaining 3.5 million IPv4 addresses don't seem to be running anything
that responds to port 80, and I kind-of suspect that a lot of this other
space is being used for proxies, and proxies don't need any forward or
reverse DNS at all, so renumbering those should be a piece of cake.

The bottom line is that the task of renumbering, in general, can be made
really really difficult if one has some reason to wish it so.  I am not
persuaded however that it must be so in this specific case.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

[arin-ppml] The ARIN Free Pool

[Ronald F. Guilmette]

A few brief and possibly impertinent questions about the ARIN free pool...

1)  Does it contain some IPv4 space at this moment?

2)  Does ARIN's accounting firm treat that space as an asset on the books?

3)  If the answer to (2) is "yes" then on what basis are these assets valued?


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)

[Ronald F. Guilmette]

In message <058401d7a013$7797d160$66c77420$@iptrading.com>, 
"Mike Burns"  wrote:

>We tried the method you've espoused below for thirty years and 
>the result were a huge amount of wasted address space. Once the market 
>was adopted, many of those addresses found a useful place in the routing 
>table.

Well, it's sort of a Catch-22.  Mike, you're absolutely right that once
there was a free market, a lot of stuff came off the shelves and started
to be used productively.  But can any of us say with confidence that once
there was a free market, a lot of this commodity (IPv4) that was sitting
on shelves didn't just stay there -because- of the open and free market...
because the "owners" of those blocks effectively became speculators, just
waiting arond for the scarcity to become more acute, and for the price to
go up?

(I confess that I never in my life took an economics class, but it seems
to me that the entire field is chock full of head-scratching conundrums
like this... situation where you are damned if you do and damned if you
don't.)

>The free pool era is dying, let's put a fork in it as quickly as 
>possible We've seen the corruption engendered by the bait of the 
>free pool in multiple registries now, including our own.

Just curious Mike... Does this opinion on your part extend also to IPv6?

>Your old-fashioned method of address distribution would get some 
>addresses to those in need, I will concede that. However, so will 
>leasing addresses, with that demonstration of need being the lease 
>payment. Will  you concede that those who pay to lease addresses need 
>them?

Even if nobody else does, I certainly will.  But of course that's not the
only issue.

The current Cloud Innovation v. AFRINIC thing is in some ways confusing as
hell because it has brought to a head -multiple- long-standing issues that
have then gotten all tangled up with one another, making it difficult for
anybody to tease apart the various separate issues.

One of these is what might be called "equity", i.e. the social desire to
help Africa, a continent and a people who have been on the receiving end
of so much exploitation and malevolent evil, over the centuries, at the
hands of others.

Another issue is the right and proper role of RIRs.

Last but not leas (and perhaps the most troubling and most difficult to
crack open in a way that does not merely reveal our individual biases) is
the question of the proper role of what I will just call "speculators"
within any free market.

Contrary to what some might say, I think that when it comes to IPv4 addresses
at least, it most certainly -is- possible to distinguish "speculators" from
actual and legitimate end users and/or legitimate brokers & middlemen such
as yourself.  As I understand it, the current system requires people to
document their equipment purchases.  No equipment purchases?  You're almost
certainly just a speculator.

So then the question becomes two-fold:  (1) Do we want speculators in this
marketplace? and (2) Is there any actually feasible way to keep them out
of the "free" market even if the collective "we" firmly decided that we
wanted to do so?

I personally don't have answers to any of these questions.  I would only
offer up the observation that I am aware of at least a few speculators at
this moment in time, and it would be an understatement for me to say that
their actions seem to me to be both glaringly untoward and also unhelpful.
But if you ask me IN GENERAL whether "speculators" are a necessary and even
useful component of a free market, I cannot say they are not.  And it seems
I may not be alone in leaving open this possibility:

https://www.forbes.com/sites/timworstall/2016/07/09/the-theranos-implosion-and-robert-shiller-on-short-selling-and-complete-markets/

Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message 
, 
Michel Py  wrote:

>No simple yes/no response even from AfriNic ? If you are the one asking
>the question ?

I think that you are overlooking the obvious.

It is implicit in the action that AFRINIC took (i.e. to reclaim the space)
and it also has been stated by AFRINIC in clear terms publicly that in the
opinion of the staff... and, as I understand it, also the Board... the answer
is a clear "no", i.e. it is their concerted and considered opinion that
Cloud Innovantion has -not- been using its assigned AFRINIC IPv4 blocks in
a manner consistant with the company's several requests for these blocks
and/or in a manner which is consistant with the justification documents
that were submitted by the company in relation to those allocations.

So, you know, there is no open question in relation to AFRINIC or its
position here.  Rather, I believe that John was making reference to the
fact that on some other mailing lists elsewhere, Owen, in particular, was
repeatedly asked if it is Cloud Innovantion's position that nothing has
changed (with respect to how the IPv4 blocks are being used) between the
time that those allocations were granted and the present day.

In those email exchanges elsewhere, Owen has been insistent that he's already
answered the question, and that all we need to do is to find the one public
post of his where he provided this purported definitive answer.

Bloodhounds, magnifying glasses, and deerstalker tweed caps have been
deployed in search of Owen's alleged prior public answer, so far to no
avail, leaving said answer to remain listed among the missing.  Assistance
is currently being requested from Robert Ballard in the ongoing search.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message <612ebb9c.4070...@ipinc.net>, 
Ted Mittelstaedt  wrote:

>On 8/29/2021 3:15 PM, Ronald F. Guilmette wrote:
>> AFRINIC's free pool and also (b) manipulating the WHOIS records of numerous
>> long-abandonded AFRINIC legacy blocks so as to effectively cede control of
>> those blocks to various other parties.
>
>This is precisely why many years ago I pushed for - and got - annual 
>verification in section 3.6 of the NRPM  I was 1 of 3 others who pushed 
>this section into the NRPM

Although I am certainly in agreement that Section 3.6 of the NRPM is a
Good Thing, even if a similar provision had become community-ratified
policy in the AFRINIC region I do not believe that it would have made
any notable difference with respect to the stolen AFRINIC legacy blocks.

The problem was that somebody managed to get -inside- of AFRINIC and managed
to diddle all of the contact info for all of the abandoned legacy blocks...
essentially all of which were /16 or larger... and the new/fradulent contact
info for these blocks, both phone numbers and email contact addresses, were
effectively owned by the thieves.  So any attempts by AFRINIC to contact
those folks for verification purposes were greeted with responses along the
lines of "Yea, we are the real guys and we are alive and well.  Don't mess
with our stuff."

To be clear, I am *not* fully persuaded that this part of The Great AFRINIC
Heist was also carried out by the now disgraced and dismissed former AFRINIC
employee, Ernest Byaruhanga.  There exists a finite non-zero probability that
someone else performed these manipulations of legacy block contact WHOIS
records, or else allowed it to be done. There is also a finite non-zero
probability that AFRINIC was simply hacked in a manner that allowed certain
outsiders to simply alter any and all AFRNIC WHOIS records at will.

In case anyone is interested, here is a summary of all of the currently
announced routes to all of the still-stolen AFRINIC legacy IPv4 address
space:

https://pastebin.com/raw/vx9zrmTv

Regards,
rfg

___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message 
Michel Py  wrote:

>+1

I also would like to jump onto this bandwagon and likewise express my
appreciation for John's publication of his missive in support of AFRINIC.

I have a rather special and personal reason to be interested in these matters,
as some of you no doubt know.

As those who know me can attest, I have for many years now been a persistent
critic of essentially all of the organs of Internet governance, including
all of the RIRs and also ICANN.  But I like to think that my criticisms
remain fair and above the belt.  I don't believe in kicking an institution
when it's down, as AFRINIC is, at present.

Also, as many of you surely also know, back in the latter part of 2019, I,
together with my South African journalistic collaborator, Jan Vermeulen
@ MyBroadBand.co.za, publicly exposed the fact that our investigations
had revealed a years-long insider embezzlement scheme within AFRINIC
involving the theft of a great deal of valuable IPv4 address space.

Following those public revelations, the insider responsible was fired
and a police report was filed in relation to that individual's blatantly
criminal activities.  Those activities quite unambiguously consisted of
both (a) assigning himself large swaths of IPv4 address space out of
AFRINIC's free pool and also (b) manipulating the WHOIS records of numerous
long-abandonded AFRINIC legacy blocks so as to effectively cede control of
those blocks to various other parties.

To its credit, in the wake of that scandal AFRINIC conducted a detailed and
conprehensive audit of its records with assistance from APNIC, and made the
results of that audit public.  It also reclaimed into its free pool all or
essentially all of the stolen free pool space that I and Jan had identified
as having been purloined as part of the overall embezzlement scheme.

I only wish that I could say that AFRINIC's Board and management had been
quite so diligent and responsible in the case of the numerous stolen
AFRINIC legacy blocks.  Alas, they have not been, the result being that
many stolen AFRINIC legacy blocks are still in profitable use by the
recipients of those stolen goods to this day... a fact which I continue
to remind everyone about at every opportunity, for all the good it will
do.  (AFRINIC is quite obviously loath to clean up this mess for which
AFRINIC itself is quite clearly responsible.)

Crime on the Internet DOES pay, it seems, as long as one commits it in
connection with abandoned legacy blocks.  But enough about that.  I have
digressed from the real point of this email.

Despite my many disagreements with the various RIRs, e.g. over the provable
thefts of legacy blocks, over their reluctance to do anything about those,
and over what I feel is -all- RIR's pervasive and over-the-top fetishization
of secrecy, I am compelled in the present context to set aside all of those
ongoing concerns and take the side of AFRINIC in all of its several and now
very public legal conflicts.

For those unaware, there are two such conflicts that substantially pre-date
the current multi-pronged legal attacks of Lu Heng / Cloud Innovation
against AFRINIC and its board chaiman and CEO in their personal capacities.

I will not elaborate upon these other two earlier and still ongoing legal
disputes other than to say that both were brought against AFRINIC by what
appear to be disgruntled final recipients of some of the same embezzled
AFRINIC free pool IPv4 blocks that were first identified by myself and
Jan Vermeulen in the fall of 2019, based upon substantial hard evidence.
These two Plaintiffs are obviously unhappy that AFRINIC did the Right Thing
and reclaimed the provably stolen free pool blocks back into the AFRINIC
free pool so that these blocks could eventually be re-deployed for the
benefit the AFRINIC community.

Personally, I think that both of these two lawsuits are somewhere beyond
frivolous and that they are both inevitably doomed to fail, being as they
are simply attempts to misuse and abuse the Mauritian courts to reclaim
clearly stolen goods.  Indeed, it is yet another of my many criticisms
that AFRINIC, for reasons that remain unexplained, has not yet succeded
at persuading the Mauritian courts to flush these meritless actions down
the toliet, where they belong, despite both legal actions having been
pending for numerous months now.

That brings us to the present legal conflict between Lu Heng and his company,
Cloud Innovation, and AFRINIC.

It is hard to competently comment on this legal conflict given that neither
I nor any other non-party has even been allowed to see any of the relevant
legal filings.  Contrary to the default status of court documents in just
about every civilized country, all court documents in Mauritius are sealed
by default and are not considered public documents.  Fortunately however
Lu Heng and/or his various public reprentatives, real or fictitious, have
openly discussed many aspects of Cloud Innovation's multiple Mauritian legal

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

In message , 
John Curran  wrote:

>I note that the prior arin-discuss list was only open to ARIN members
>- do you have a particularly viewpoint on its replacement?

As I believe you are aware, I am not a member.  So yes, my view is that
a general discussion list should be open to non-members.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

[Ronald F. Guilmette]

Although I have, at present, a number of outstanding disagreements with
Owen DeLong on a range of issues, I would just like to echo what seems
to be his sentiment, i.e. that it would be helpful if there existed something
like an arin-discuss@ or arin-talk@ mailing list where topics of relevance
to ARIN but not clearly associated with any specific pending policy proposal
could be more freely discussed without violating the list charter.

It is my hope that any already planned technical work in this direction may
be completed expeditiously.

As Owen noted, other regions do operate exactly such generalized discussion
lists.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

[arin-ppml] Sucuri, Inc.

[Ronald F. Guilmette]

Greetings and apologies for the following arguably on-topic/off-topic
post regarding SUCUR-2 aka "Sucuri, Inc.".

I would just like to know if there are any means that ARIN has at it's
disposal to persuade this company to fix the (currently dead) contact
phone numbers that are currently present in the following records:

OrgName:Sucuri
OrgId:  SUCUR-2
Address:30141 Antelope Rd
City:   Menifee
StateProv:  CA
PostalCode: 92584
Country:US
RegDate:2014-12-11
Updated:2020-04-29
Ref:https://rdap.arin.net/registry/entity/SUCUR-2

OrgTechHandle: SOC55-ARIN
OrgTechName:   Security Operations Center
OrgTechPhone:  +1-888-318-5114 
OrgTechEmail:  s...@sucuri.net
OrgTechRef:https://rdap.arin.net/registry/entity/SOC55-ARIN

OrgAbuseHandle: SOC55-ARIN
OrgAbuseName:   Security Operations Center
OrgAbusePhone:  +1-888-318-5114 
OrgAbuseEmail:  s...@sucuri.net
OrgAbuseRef:https://rdap.arin.net/registry/entity/SOC55-ARIN


Normally, I would not treat this kind of brokeness as a Big Deal, but it
appears that this company is currently hosting and/or providing reverse
proxy services to the web site for hamas.ps at 192.124.249.13.

This is a violation of both US and EU trade sanctions against Hamas, which
has been designated as a terrorist organization by both the US and EU.

I would like to let Sucuri, Inc. know that they could be liable for up to
a $1 million dollar fine, but I have been unable to contact any rational
human at the company, in part because of their broken & dysfunctional
WHOIS contact phone numbers.


Regards,
rfg


P.S.  Yes, I did also try to contact the copmpany via both the phone number
and the interactive chat on its corporate web site, but I got absolutely
nowhere with either. (The guy on the other end of the chat session...
"Josh"...  is apparently just an after-hours robot.)
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Fwd: Advisory Council Meeting Results - December 2019

[Ronald F. Guilmette]

In message 
Martin Hannigan  wrote:

>This all seems silly to me. #IMHO, IPv4 policy should be geared only mostly
>assuaging operators to get to v6. Total exhaustion is a part of that.

If that's a goal, total IPv4 exhaustion could be legislated -today-.  All
five RIRs would simply have to agree to stop giving out any more IPv4 blocks.

I haven't heard anybody except a for few dyed-in-the-wool IPv6 afficianadoes
clamoring for quite such a draconian solution however.

>Talking about v6 exhaustion is probably better suited for the IETF. Either
>way, we'll all be dead if/when it happens...

Speak for yourself!  I have plans to still be here in 2050!  (And I even hold
out some vague hope that some encoding of myself will still be around in time
to see humanity's construction of its first Dyson sphere.)

More to the point, I do suspect that the argument that "we'll all be dead
by then" was likely pretty much the same reasoning and argument used by
the progenitors of IPv4 when they settled on 32 bits as being more than
enough to outlive them.

Needless to say, with 20/20 hindsight we now know that didn't quite work
out as planned.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Fwd: Advisory Council Meeting Results - December 2019

[Ronald F. Guilmette]

In message , 
hostmas...@uneedus.com wrote:

>[IPv6] also brings RIR's 
>back to their original record keeping role, without having to police the 
>number of addresses that a member needs.

I am not persuaded that this will be the case.  When IPv4 was first
promulgated, I do believe that just about everyone felt that there
was no way in hell that "the Internet" such as it was, or such as it
might become, could ever use up 4 billion addresses.  Now admittedly,
things -are- rather different with IPv6, where the number of addreses
is a lot closer to the number of elementary particles in the Universe,
but I do think it is unwise to ever assume that there are any practical
limits on man's ability and/or willingness to waste stuff.  In other
words, I think that some amount of thoughtful husbandry of the resource
will always be needed.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Fwd: Advisory Council Meeting Results - December 2019

[Ronald F. Guilmette]

In message <007801d5c283$ab54e6b0$01feb410$@iptrading.com>, 
"Mike Burns"  wrote:

>You are forgetting that anybody can do this in RIPE today. 
>And yesterday. 

You say that as if it is strictly a theoretical possibility.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Fwd: Advisory Council Meeting Results - December 2019

[Ronald F. Guilmette]

In message , 
hostmas...@uneedus.com wrote:

>There are those that wanted to become landlords of IPv4.  I think this 
>kinda shoots down those hopes.

It would appear so.

To be frank however, I'm not fully persuaded that the term "landlord"
should be so cavalierly tossed around as an epithet with distinctly
negative connotations.  After all, landlords are job creators!  Just
ask our Job Creator in Chief!

Consideration should also be given to the possibility that Internet
landlords could be a good thing.  Imagine if you will that in some
cases, counties and municipalities might snatch up blocks of IP
addresses and then use them to provide the Internet equivalent of
Section 8 housing for poor folks who would otherwise be obliged to
go without.

But seriously folks, the truth is that I myself have never resolved my
own internal debate between top-down socialism and unfettered laissez
faire capitalism.  Thus, one day I'll be out in the streets defending
the absolute right of Walmart to chase homeless people off their private
property, and the next day I'll be out in the streets protesting the
stranglehold that the 1% has on the media.

In theory, the entire RIR system could simply cease to exist, except for
their record keeping role, and all of the remaining IPs could be sold off
to the highest bidders.  This would result in the laissez faire capitalism
end game for IP addresses, and yes, there would inevitably be robber
baron landlords and perhaps even an eventual very destructive attempt on
someone's part to "corner the market".  Or we can just keep things as they
are now, which is a kind of benevolent socialism where we make at least
some effort, pretentious or otherwise, to give "to each according to his
needs."

I don't know the right answer, and to be frank, I worry a lot about
anybody who thinks that they do.  The present system has worked for
quite a long time, but not without what I see as many notable failures,
the most grotesque of which having only been recently uncovered by myself
in a different region.

One short anecdote may help to illustrate the fundamentally insoluable
economics conundrum.

Recently, while talking via skype to my new friend Jan in South Africa,
he noted to me that the government there is now being forced... by dire
financial circumstances... to seriously consider privatizing some or all
of Eskom, the country's government-owned and massively money-losing
electric utility.  (Note also that Eskom's huge financial troubles have
been linked to allegations of corruption.)

I laughed when Jan told me this, and informed him that here in my home
state of California, our governor has publicly speculated about going
in the exact opposite direction... perhaps having the state take over
the troubled and embattled Pacific Gas & Electric Company... PG 
in the wake of its apparent failures to perform routine maintenance...
generally considered to be the root cause of numerous massive wildfires...
thereby hopefully insuring that in future, paying regular dividends to
shareholders will no longer take precedence over badly needed maintenance
expenditures.

So which is better?  Socialist state control or laissez faire capitalism?
I think it's funamentally an insoluable debate, an economic Catch-22 in
which you are damned if you do and damned if you don't, and that at base
anyone vigorously arguing in favor of one or the other is really arguing
only in favor of rearranging the pieces on the board, without materially
changing the game, and is really just arguing in favor of exchanging one
set of crooks for a different one... no offense to any present company
intended.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] DoD to sell 13 x /8 of its IPv4 Blocks over the next 10 years and need for ARIN-2019-19

[Ronald F. Guilmette]

In message 
, Martin Hannigan  wrote:

>On the operators using DoD space? Too bad. It happened on 23/8 to me and
>many times. I would get a call and was asked to "make an exception" and let
>someone use a subnet or three while they "figured out what to do". Why
>would I or anyone subsidize another network operator? o_0 I received the
>space because I had need. Which means I didn't have the option to turn a
>blind eye. Someone buying address space should be in exactly that position
>or why would/could they buy it? Just as ARIN can't set policy to stop
>squatting, squatters have no rights.

This is a very pretty point, and it will become rather more significant
in the near future, I hope.

Quite a lot of network operators, most of them U.S. based, are, as we
speak, continuing to route provably stolen AFRINIC address space.  At
some point, I and/or others are going to ask them to stop doing that.
They will likely respond that they acted in good faith, and had no way
of knowing that the space they bought was black market IPv4 space,
and that thus, they ought to be allowed to continue routing the space...
and to continue paying rent to the very thieves who stole it.

Although this would at first glance appear to be a rather lame argument,
some will certainly point to the example of the 143.95.0.0/16 block, and
ARIN's response to the facts surrounding it, and then ask the reasonable
question:  Why should African thieves be unfairly disadvantaged relative
to their North American counterparts?  Is this an example of neo-colonialism,
or worse, racism?

Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] DoD to sell 13 x /8 of its IPv4 Blocks over the next 10 years and need for ARIN-2019-19

[Ronald F. Guilmette]

In message , Michel Py  wrote:

>It displeases the operators who have been using DoD space as Industry
>Standard Squat Space.

Having tried, and failed, to find the RFC that describes and designates
Industry Standard Squat Space, I've come to the conclusion that there
isn't one, and that thus, I ought to write one.

Would anyone like to volunteer to help me with this?

I'd like to have it drafted and ready to go by April 1, 2020.


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] DoD to sell 13 x /8 of its IPv4 Blocks over the next 10 years

[Ronald F. Guilmette]

In message , 
Fernando Frediani  wrote:

>https://www.congress.gov/bill/116th-congress/senate-bill/1790/text#toc-H3733C370A69A4095B62B213B52530170
>
>"IPv6 strategy made it into NDAA 2020, requiring DOD to sell 13 x /8s
>(1) IN GENERAL.—Not later than 10 years after the date of the enactment 
>of this Act, the Secretary of Defense shall sell all of the IPv4 
>addresses described in subsection (b) at fair market value."

Several reactions:

1)  See!  I always told you there was no real shortage!

2)  Great!  So at least the U.S. Guberment may actually be able to make
their money back on this whole elaborate DARPA networking experiment.

3)  I wonder what "fair market value" value means.  Maybe we should ask
Lehman Brothers.

4)  This news has sent IPv4 futures plumeting in overnight trading on the
CBOE.  In other news, gold, oil, and hog futures are all up.

5)  Oh, that's nothing!  Just wait until California Governor Gavin Newsom
signs into law the inevitable bill requiring all hardware sold within
the State of California to fully support addressing and routing of the
224.0.0.0/3 block by no later than January 1, 2026.  (That right there
is 32 /8 blocks!)


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.

Re: [arin-ppml] Conflict of Interest rules ?

[Ronald F. Guilmette]

In message <3d2a4c39-d362-49af-afc2-4f26bcf4e...@pch.net>, 
Bill Woodcock  wrote:

>> and set up shop selling addresses out the side door, to those entities
>>who were officially denied address space?
>
>Correct.

This is actually somewhat of an over-simplification of the totality of
what has gone on.

As my extensive rants on the NANOG mailing list of a couple of months
ago attempted to illustrate, a great deal of the stolen AFRINIC space,
but quite certainly not all of it, ended up, one way or another, in
the hands of a gentleman by the name of Elad Cohen, who has a business
(netstyle.co.il, netstyleservers.com) in Israel.  It apparently came to
him via an intermediary, i.e. someone between him and the original
thief.

Mr. Cohen subsequently arranged to obtain routing for most or all of that
from FDCServers in Chicago, which in turn arranged for their own upstream,
Cogent, to actually announce the routes to the space.  Mr. Cohen also had
the audacity to squat on a number of unrelated abanadoned legacy /16
blocks drawn from the the APNIC region, which were likewise then routed,
by Cogent, to various FDCServers data centers around the world.

Finally, Mr. Cohen utilized the verification-free services of the RADB
data base in order to create a multitude of route object for all of his
stolen AFRINIC space and all of his squatted APNIC space as part of his
overall scheme to induce Cogent to announce the routes and to induce
others to accept the announcements as valid.

This, as it turned out, was quite helpful, as it allowed me to download
a fresh daily copy of the entire RADB data base from which I was then,
with some minimal programming, able to extract a full list of all of the
route objects that Mr. Cohen had installed there, using his own email
address as the contact point for each of those.  If not for this, it
would have been difficult or impossible for me to have reliably
identified all of the legacy AFRINIC blocks that had been stolen.  But
as it was, the task was quite trivial, thanks to Mr. Cohen's remarkably
brazen operations and his essentially non-existant operational security.

It is important to note in all of this that I have some time ago ceased
using the term "hijack" as it is too imprecise and too subject to easy
misinterpretation.  Instead, these days I now prefer to use only the
terms "squatted" or "stolen", where the former is just a matter of routing
space to which one has no legitimate rights, whereas the later term I
reserve for references to instances in which the relevant WHOIS records,
as stored at and by the relevant RIR, have been, by hook or by crook,
altered by the party or parties who illicitly covet the space in question.
impfroper alteration of the relevant WHOIS records may be carried out
either by social engineering of RIR staff or else, as in this whole
AFRINIC mess, by some malevolent RIR insider having direct and arbitrary
read/write access to the data base.  I consider these cases of "stolen"
IP space to be far more serious and distrubing than your everyday run-of-
the-mill squatting event.

Here is one write up I did some time back regarding a case that I would
characterize as exemplifying a "stolen" block and one that was apparently
stolen via social engineering of RIR staff:

https://mailman.nanog.org/pipermail/nanog/2019-August/102791.html

Coming back now to the AFRINIC mess, whereas, as I have said, a great deal
of the relevant stolen IPv4 space ended up in the hands of Mr. Cohen, who
then used or resold it for purposes that remain a bit murky, and although
my persistant public haranguing of Cogent eventually brought all that to
an end, much of the stolen AFRINIC space remains to this day routed by a
variety of networks around the world, most notably two networks in Pakistan,
which are routing a great deal of it, and also a couple of U.S. networks
that are also continuing to do likewise even as we speak.

My hope is to that I will live to see all of the relevant non-legacy stolen
AFRINIC IPv4 blocks eventually de-registered and reclaimed by the RIR,
but I have been holding out some dim hope in that regard also with respect
to the blatantly stolen 143.95.0.0/16 block, and so far, as least, I wait
in vain for any proper or fair resolution of that matter.  Meanwhile, a
rather blatantly crooked company in Massachusetts continues to enjoy a
fee-free /16 legacy block that it has no rights to whatsoever, while all
honest ARIN members continue to duitfully pay their annual fees.  For an
explanation of why this annoys me personally, I refer you all to the
following short but enlightening video:

https://www.youtube.com/watch?v=meiU6TxysCg


Regards,
rfg
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if