[db-wg] 2022-01 New Version Policy Proposal (Personal Data in the RIPE Database)

In message <CAKvLzuEroujO_bor2DNwCA44cLPP_NVda3uQU1tYTQk69a3zfA at mail.gmail.com>
 denis walker <ripedenis at gmail.com> wrote:

>Nice to read that you vigorously support parts of my policy proposal at
>least.

I am only too happy to do so, provided that

    (a)  at least some responses to the "who", "when", and "how" questions
         I have raised with respect to the VERIFICATION half of the proposal
         are provided _and_ edited into a subsequent draft of the proposal,
         and provided that

    (b)  the VERIFICATION half of the proposal is split off into a separate
         and independent proposal from the REDACTION half of the proposal,
         which is altogether appropriate since these two halves aim to
         accomplish two very different goals.

Are you willing to undertake either of these adjustments?  If not I will
have to say that the apparently artificial conjoining of VERIFICATION
and REDACTION into a single proposal is being done in bad faith and with
an understanding that the REDACTION half of the proposal could only
achieve consensus by being spliced together with an otherwise admirable,
but totally unrelated proposal to perform reasonable and necessary
VERIFICATION things.

Note that I am not asking you to _remove_ any part of either proposal.  I am
simply requesting that that the separate issues of VERIFICATION and REDACTION
should receive separate consideration by the membership and the WG, which
is an altogether reasonable and minimal request.

>The policy proposal is about processing personal data. That easily covers
>verifying that entered data is correct. It does not cover verification of
>'all' data. Only the clearly specified data.

Forgive me, but that first sentence, to my ears, sounds a little bit like
saying "This proposal only covers the consumption of meat on planet earth."
That is quite obviously an _extremely_ broad area of multiple/numerous
different concerns, each of which may have varing levels of importance to
various different parties and constituencies.

Law enforcement and private security researchers will, in general, be extremely
happy to have WHOIS data verified.  Law enforcement and private security
researchers will, in general, be extrement UNhappy to have WHOIS data
needlessly removed.  For this reason, a single proposal covering the
extremely broad subject of "processing personal data" is inappropriate,
and would artifically force people who might be on the fence to accept
Bad Stuff they don't want in order to get the Good Stuff that they do want.

>> Who exactly is going to be tasked with verifying 100% of the names, email
>> addresses, phone numbers, and street addresses already present in the data
>> base and what procedures and criteria will be used for this process?  Will
>> NCC be tasked to do this huge amount of work?  Is there a a target
>> completion date?  2029 perhaps?
>
>Not all these data elements are covered and not 100% of others either. As
>you pointed out, some of the data elements you mention above cannot be
>verified and that's why they are not covered.

So what fields, exactly, actually _will_ be verified under the VERIFICATION
half of this proposal?  And who will do it?  And when?  And how?

>How data can or should be verified is an implementation issue. This policy
>proposal is concerned with establishing principles.

I cannot help but be reminded of an old joke in the industry where a manager,
upon being asked how some complex goal is to be achieved, simply waves his
arms and declares "Oh, that's simply a matter of software!"

Principals are Good.  Principals are Admirable.  But why didn't you just
elect to draft a more all-encompasing principal-based proposal to the 
effect that "All parties should behave honorably."

That also is an unambiguously noble principal, but the devil is in the
details, and it would be altogether Helpful if you didn't simply dismiss
such important considerations as mere "implementation issues".  I mean
_somebody_ is going to have to do all of this verification and/or redaction,
right?  I don't believe it is inappropriate to ask who that will be, how
much it will cost, and how long it will take.

>This policy proposal, quite correctly, makes no mention of cancelling
>membership or de-registering any resources. Just as the abuse-c policy
>doesn't. It is about establishing the principles that will govern the way
>data is processed. Most RIPE policies don't define enforcement procedures.

Actually, as far as I know, none of them do.  And some of us out here,
at least, think that is a problem, and that it makes a lot of official RIPE
policies nothing more than paper tiger jokes.

Now, it would appear, you want to add yet another feckless paper tiger on
top of the mountain of feckless paper tigers that already comprise most of
what passes for official policy in the RIPE region.

(I'm sorry, this is nothing personal, but it is somewhat difficult for me
to take any RIPE official policies too awfully seriously since RIPE has
no policy on the books that would require the expulsion from the membership
of even proven crooks, con men, and murders.. a fact that was explained to
me multiple times when I caught people outright stealing IP space. that
provably didn't belong to them.)

>That is clearly outside the scope of defining principles.
>
>All members and contracted resources are already bound by agreements that
>require them to enter correct data into the database.

Fine.  What is the remedy in case they don't?

May either law enforcement or a private security researcher email NCC, inform
them of a reasonble belief that some specific WHOIS record contains inaccurate
and perhaps even deliberately fradulent data, and then ask NCC to put the
correct data into the WHOIS record instead?  And if such a request is made,
will it be honored?



Regards,
rfg