[sig-db]Database SIG proposal: Privacy of Customer Assignment Records

To: <sig-db-chair@apnic.net>, <sig-db@apnic.net>
Subject: [sig-db]Database SIG proposal: Privacy of Customer Assignment Records
From: "Paul Wilson" <pwilson@apnic.net>
Date: Tue, 22 Jul 2003 17:40:33 +1000
Cc: <sig@apnic.net>
Importance: Normal
List-archive: <http://www.apnic.net/mailing-lists/sig-db/>
List-help: <mailto:sig-db-request@lists.apnic.net?subject=help>
List-id: APNIC SIG on whois database issues <sig-db.lists.apnic.net>
List-post: <mailto:sig-db@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=unsubscribe>
Organization: APNIC
Sender: sig-db-admin@lists.apnic.net

Dear all,

Attached is a policy paper for the Database SIG at APNIC 16.

Please feel free to send comments or questions to this list, or to me by
email.

Hope to see you in Seoul,


________________________________________________________________________
Paul Wilson, Director-General, APNIC                      <dg@apnic.net>
http://www.apnic.net                            ph/fx +61 7 3858 3100/99
------------------------------------------------------------------------
See you at APNIC 16
Seoul, Korea, 19-22 August 2003            http://www.apnic.net/meetings
------------------------------------------------------------------------

Privacy of Customer Assignment Records

Proposed by: Paul Wilson, APNIC Secretariat
Version: 1.0
Date: 18 July 2003

1    Summary

In this document it is proposed that customer assignment
records of APNIC Member ISPs need no longer be publicly
accessible in the APNIC database.  These registrations are
essential to the verification of resource utilisation during
the address request process, however for a number of reasons
it is no longer desirable that they must necessarily be
publicly available. ISPs wishing to register and maintain
customer assignments publicly should be able to do so;
however a new database attribute will allow the records to
be hidden from public view if desired.


2    Background and Rationale

2.1  Privacy Concerns

In recent years, increasing concern about protection of
private information on the Internet has been expressed by
many parts of the community, and through conventions and
legislation, in most parts of the world.  Within the APNIC
member community, concern has been expressed specifically
about the requirement to publicly register customer
assignments, which are often regarded by ISPs and customers
as private information.

Furthermore, in certain jurisdictions an organisation which
publishes data on behalf of other parties may be held to be
jointly responsible for the accuracy of this information.
This may place APNIC itself at risk, in case of damages
caused by inaccurate customer assignment information.

2.2  Registration Goal

Accurate resource registration is a fundamental goal of
Internet resource management, however it is important to
recognise which types of registration are essential to this
goal, and which registration records can be feasibly
maintained and controlled under APNIC policies.

APNIC members are obliged under current policies to maintain
accurate customer assignment records in the database.
Realistically, this is an onerous and expensive task which
can often not be performed in a complete or timely manner,
and as a consequence many assignment records are inaccurate.
Because the APNIC Secretariat can have no direct control
over these registrations, it is inevitable that incorrect
records will continue to exist, compromising the overall
registration goal.

On the other hand, records pertaining to allocations and
assignments which are made by the APNIC registry to its
members and customers are essential to the resource
registration goal.  In case of technical problems related to
the address space concerned, these records identify the
party which is responsible for the resources concerned.
These records are far fewer in number and can be maintained
in an accurate state.


3    Proposal

It is proposed that customer assignments (and sub-allocation
records) need no longer be publicly accessible in the APNIC
database via normal "whois" queries.

Customer registration records must still be registered
within the APNIC database, in order to document address
utilisation, however a new "hidden:" database attribute will
be provided to allow the records to be excluded from public
whois query results.

ISPs may wish to register and maintain public registrations,
in order that customer contact information be available
publicly, however should be their choice. By doing so, ISPs
must also commit to maintenance of accurate records, and
APNIC should explicitly disclaim responsibility for accuracy
of these records.

A management interface for customer assignments will be
provided within the "MyAPNIC" service, in order that address
space utilisation may be tracked.


4    Implementation

The following steps are involved in implementation of this
proposal:

  a.   Provision of a "hidden:" attribute within the APNIC
     database, for use with "inetnum", "inet6num" and "autnum"
     objects (if this attribute is included with value "yes", the
     record will not be visible in public whois queries, and it
     will not be exported to any database mirrors);
  
  b.   modification of the "MyAPNIC" service to allow
     maintenance of "hidden" records;

  c.   modification of APNIC policy documentation to reflect
     the above changes.


If is proposed to implement this policy within six months of
approval by the APNIC community.

Prev by Date: [sig-db]Re: Database SIG Proposal
Next by Date: [sig-db]Proposal: Protecting Resource Records in APNIC Whois Database
Previous by thread: [sig-db]Database SIG Proposal
Next by thread: [sig-db]Proposal: Protecting Resource Records in APNIC Whois Database
Index(es):
- Date
- Thread