From jochem at ripe.net Wed Jul 11 11:05:14 2007 From: jochem at ripe.net (Jochem de Ruig) Date: Wed, 11 Jul 2007 11:05:14 +0200 Subject: [dp-tf] Draft agenda DP-TF meeting 18 July 2007 Message-ID: <46949D4A.3020703@ripe.net> Dear all, Hereby the draft agenda for next week. If you have not yet replied whether you will be present please let me know as soon as possible. Regards, Jochem de Ruig RIPE NCC Draft Agenda DP-TF, Wednesday 10:30 - 16:00, Singel 258, Amsterdam A. Administrative Matters - 5 min - who is present - RIPE NCC will scribe - previous minutes - schedule for future meetings B. Update from the the RIPE NCC - 30 min - Policy proposals - Legal framework - AUPs Use Cases C. Data Protection framework - 1 hr Following from discussions on mailing list - General set up - Build a Legal Framework - DB T&C - Policy changes 13:00 - 14:00 Lunch D. Policy proposals - 1 hr - One time Personal object clean up - White pages - Recurring Personal object clean up - Mandatory mnt-by E. Bulk access (mirroring) - 1hr - Use cases - Interim process (restricted access and review of NRTM list) Z. AOB From Woeber at CC.UniVie.ac.at Tue Jul 17 13:39:46 2007 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber, UniVie/ACOnet) Date: Tue, 17 Jul 2007 11:39:46 +0000 Subject: [dp-tf] Authorization to publish personal data in the DB (was Re: [dp-tf] Quadlogy of person proposals) In-Reply-To: <467283A9.8020209@3c-hungary.hu> References: <20070615144950.W37024-100000@capral.ripn.net> <467283A9.8020209@3c-hungary.hu> Message-ID: <469CAA82.7090002@CC.UniVie.ac.at> Janos, team, after listening to some "important" consumers of data kept in the RIPE DB, I am feeling strongly that e) does apply as well. And on the item of who's data (whatever set) to register as the repsonsible contact for a unique global resource: In principle the policy and procedure machinery does already provide for *not* involving the end user at all. ISPs are allowed to do self-assignments and still allow their customers to use those (potentially dynamilcally assigned) addresses. But, for the end user, it is a matter of either/or! You cannot keep your lunch and eat it at the same time. You cannot reasonably be expect to be listed as legitimate holder of a resource and remain anonymous at the same time. this is where "e)" comes in to the picture, imho. The only thing that *might* get us into trouble is the monopoly situation that trickles down from IANA to the RIRs and the LIRs. the last thing I'd want to suggest is portable addresses like in the phone world ;-) Wilfried. PS: when we designed the irt: object we already had the vision to cater for breaking the one-to-one relationship between holding resources and providing authoritative contact information for operational and abuse situations :-) Janos Zsako wrote: > Dear Larisa, > >> Let's look if the RIPE Database rules comly with it. >> For example, Section II, "CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE" >> >> 1. Member States shall provide that personal data may be processed >> only if: >> (a) the data subject has unambiguously given his consent; or >> >> No. admin-c and tech-c are mandatory, without any personal consent > > > I am not sure this is the right way of putting it. > Yes, admin-c and tech-c _are_ mandatory, however, nobody > says you may (or even worse: you should) publish such data > without the given person's consent. In fact we never did so, > and I am sure many other people did not do so either. > The idea is that you have to find a person who consents to > this, and only publish his/her data. > >> So, WHAT MAKES PERSONAL DATA PROCESSING IN THE RIPE DB LEGITIMATE? > > > I think you are right, the only paragraph that may apply is > (a) above. What we have to make sure is that people act in > accordance with it. > > Best regards, > Janos > > From Woeber at CC.UniVie.ac.at Tue Jul 17 13:50:38 2007 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber, UniVie/ACOnet) Date: Tue, 17 Jul 2007 11:50:38 +0000 Subject: [dp-tf] Quadlogy of person proposals In-Reply-To: References: <466D35EF.6030306@ripe.net> <20070611141150.GM69658@ronin.4ever.de> <466D7640.8060105@ripe.net> <4670070C.1070606@3c-hungary.hu> <467018AE.4030900@ripe.net> Message-ID: <469CAD0E.80902@CC.UniVie.ac.at> [ apologies if this has been beaten to death in later messages. I am in catch-up and preparation mode for tomorrow :-) ] Manfredo Miserocchi wrote: [...] >>Don't forget that not everyone who enters data into the RIPE Database >>is >>a member. So this statement may be better in the Database Terms and >>Conditions. > > > > Yes, but if we'll have all object maintained it seems that only members > will do. Well, not for a looongf time, I guess, unless we take this as an "opportunity" to clean up all the relationship with all the legcy resource holders? :-O My feeling was that we would wnat to defer touching *that* can of worms till we have something in our hands that attracts them to the feeding station (i.e the resource certificates). > cheers > Manfredo Wilfried From Woeber at CC.UniVie.ac.at Tue Jul 17 14:04:30 2007 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber, UniVie/ACOnet) Date: Tue, 17 Jul 2007 12:04:30 +0000 Subject: [dp-tf] Quadlogy of person proposals In-Reply-To: References: <20070614181258.G23752-100000@capral.ripn.net> <46726D71.6080100@ripe.net> <4672A17A.5050103@ripe.net> Message-ID: <469CB04E.9070405@CC.UniVie.ac.at> Leo Vegoda wrote: > On 15 Jun 2007, at 4:26pm, Denis Walker wrote: > > [...] > >> This is why I think we should focus attention first of all on these >> questions. But I don't think this is a simple as it looks. Maybe the >> original wording of policies said we need contact information for >> troubleshooting. The world has moved on a lot since then. Now >> accountability is also important. Governments and LEAs want to know >> "who" is responsible for Internet resources. > > > I agree. > >> A faceless role object will >> not be good enough. > > > I doubt person objects would be, either. That's what organisation > objects, do. Maybe, but in many cases it would simply shift the problem from the left hand to the right hand. Take my case at home: I have been assigned 8 addresses for my ADSL connection by my Telekom Op. With your approach I could easily hide my personal contact information because that can/has to go into "my" organisation: object. In the end it is the same set of (personal) information under a different heading. If that approach gets us out from unerneath the PD rules, fine with me :-) But I am not convinced... > Regards, > >-- >Leo Vegoda >IANA Numbers Liaison Wilfried. From Woeber at CC.UniVie.ac.at Tue Jul 17 14:07:25 2007 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber, UniVie/ACOnet) Date: Tue, 17 Jul 2007 12:07:25 +0000 Subject: [dp-tf] Quadlogy of person proposals In-Reply-To: <20070615171635.F37024-100000@capral.ripn.net> References: <20070615171635.F37024-100000@capral.ripn.net> Message-ID: <469CB0FD.3030408@CC.UniVie.ac.at> Larisa A. Yurkina wrote: [...] > there also is a next point: > (c) adequate, relevant and not excessive in relation to the purposes for which they are > collected and/or further processed; > > Please note, "not excessive". > Don't you think that person object exactly falls under "excessive" category? No, I don't. Assuming that keeping track of globally unique resources and keeping the DB populated and up-to-date is a reason for operating under "e)". >>Regards, >> >>-- >>Leo Vegoda >>IANA Numbers Liaison >> >> > > > > With respect, > Larisa Yurkina > --- > RIPN Registry center > ----- > > Wilfried. From leo.vegoda at icann.org Tue Jul 17 14:38:20 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Tue, 17 Jul 2007 14:38:20 +0200 Subject: [dp-tf] Quadlogy of person proposals In-Reply-To: <469CB04E.9070405@CC.UniVie.ac.at> References: <20070614181258.G23752-100000@capral.ripn.net> <46726D71.6080100@ripe.net> <4672A17A.5050103@ripe.net> <469CB04E.9070405@CC.UniVie.ac.at> Message-ID: On 17 Jul 2007, at 14:04, Wilfried Woeber, UniVie/ACOnet wrote: [...] >> I doubt person objects would be, either. That's what organisation >> objects, do. > > Maybe, but in many cases it would simply shift the problem from the > left > hand to the right hand. Take my case at home: > > I have been assigned 8 addresses for my ADSL connection by my > Telekom Op. > > With your approach I could easily hide my personal contact information > because that can/has to go into "my" organisation: object. In the > end it > is the same set of (personal) information under a different heading. There is an inevitable tension between the needs of LEAs and the rules set down in data protection legislation. Unless there is a law requiring contact information for consumer customers to be entered into the RIPE database I would encourage us to set policies that comply with data protection laws. I think that in the vast majority of cases there is no need to list a contact from the customer end of a DSL or other consumer service. Noting that the assignment has been made is important but identifying the contact information is unlikely to be helpful in most situations. Listing the ISP's contact information is the right approach in the majority of cases, I think. The ISP obviously knows the end user's contact information and can supply it when appropriate. Regards, Leo From denis at ripe.net Tue Jul 17 15:59:36 2007 From: denis at ripe.net (Denis Walker) Date: Tue, 17 Jul 2007 15:59:36 +0200 Subject: [dp-tf] Quadlogy of person proposals In-Reply-To: References: <20070614181258.G23752-100000@capral.ripn.net> <46726D71.6080100@ripe.net> <4672A17A.5050103@ripe.net> <469CB04E.9070405@CC.UniVie.ac.at> Message-ID: <469CCB48.1050005@ripe.net> Leo Vegoda wrote: > On 17 Jul 2007, at 14:04, Wilfried Woeber, UniVie/ACOnet wrote: > > [...] > >>> I doubt person objects would be, either. That's what organisation >>> objects, do. >> >> Maybe, but in many cases it would simply shift the problem from the left >> hand to the right hand. Take my case at home: >> >> I have been assigned 8 addresses for my ADSL connection by my Telekom >> Op. >> >> With your approach I could easily hide my personal contact information >> because that can/has to go into "my" organisation: object. In the end it >> is the same set of (personal) information under a different heading. > > There is an inevitable tension between the needs of LEAs and the rules > set down in data protection legislation. Unless there is a law > requiring contact information for consumer customers to be entered > into the RIPE database I would encourage us to set policies that > comply with data protection laws. > > I think that in the vast majority of cases there is no need to list a > contact from the customer end of a DSL or other consumer service. > Noting that the assignment has been made is important but identifying > the contact information is unlikely to be helpful in most situations. > Listing the ISP's contact information is the right approach in the > majority of cases, I think. The ISP obviously knows the end user's > contact information and can supply it when appropriate. I see some conflict here between your right not to be identified and my right to know who is spamming me. Maybe I want to complain directly to the spammer. But if I have to go to the ISP and ask them to identify the end user they may just say "sorry we can't give out confidential customer information". Then I have to go to court of the police to even write a letter of complaint to the spammer. The RIPE DB is a registry of IP Address information. If we hide the bottom layer we change the whole concept. cheers denis > > Regards, > > Leo From leo.vegoda at icann.org Tue Jul 17 16:16:29 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Tue, 17 Jul 2007 16:16:29 +0200 Subject: [dp-tf] Quadlogy of person proposals In-Reply-To: <469CCB48.1050005@ripe.net> References: <20070614181258.G23752-100000@capral.ripn.net> <46726D71.6080100@ripe.net> <4672A17A.5050103@ripe.net> <469CB04E.9070405@CC.UniVie.ac.at> <469CCB48.1050005@ripe.net> Message-ID: <021E26C2-5194-417D-9BE3-E6B3008A0DC4@icann.org> Denis, On 17 Jul 2007, at 15:59, Denis Walker wrote: [...] > I see some conflict here between your right not to be identified > and my > right to know who is spamming me. Maybe I want to complain directly to > the spammer. But if I have to go to the ISP and ask them to > identify the > end user they may just say "sorry we can't give out confidential > customer information". Then I have to go to court of the police to > even > write a letter of complaint to the spammer. > > The RIPE DB is a registry of IP Address information. If we hide the > bottom layer we change the whole concept. That is a fine principle but probably doesn't fit well with a world where most consumer network operators are not in a position to fix the problem. If a consumer's machine is part of a 'botnet' and sending spam then calling them on the telephone and complaining is unlikely to be effective. Network operations intelligence sits in ISP and (some) enterprise networks most of the time, not consumer end sites. As such, that is the contact information that is needed in the RIPE database. If the problem with going through the police or the courts is that they take too long then the police and courts need to improve their interfaces to allow efficient handling of complaints about illegal activity. Putting the consumer's contact information in the RIPE database is very unlikely to help resolve this kind of problem and might even encourage vigilantism. Regards, Leo