On Wed, Aug 4, 2010 at 3:42 PM, Steven Bellovin <smb@cs.columbia.edu> wrote:
On Aug 4, 2010, at 1:35 17AM, William Herrin wrote:
For the latter, you're providing significant amounts of a public resource (IP addresses) to a business whose contact information you're contractually and ethically obligated to reveal. If a particular complex is worried about publishing their location, they can always rent a P.O. box. If you're the only one doing the worrying, don't.
I strongly disagree -- you're revealing the precise address of any tenant in those buildings. Don't do that...
Then discuss it with the apartment complex, Steven, and encourage them to get a PO box to use in place of their physical address. Or just buy a box from mail boxes etc. yourself and set up mail forwarding each time you set up a new apartment complex. The main point of the exercise is that the address consumer (the apartment management company, a for-profit business) be identifiable and directly reachable by phone, email and postal mail, not that they provide accurate coordinates for targeting the nukes. Plenty of reasonable ways to meet the spirit of the rules. The letter too. On Wed, Aug 4, 2010 at 4:08 PM, Eric Brunner-Williams <brunner@nic-naa.net> wrote:
During the P3P too-and-fro on what constituted PII I lost the argument that masking off the last bits constituted acceptable non-disclosure of PII.
Whole other ball game, Eric. In the platform for privacy preferences (P3P) one participant in a data flow asserts that he will keep the other participant's behavior confidential. P3P examines what knowledge the asserter may glean and publish from that data flow without violating that confidentiality. You rightly lost the argument because the subnet, plus other information that doesn't by itself identify a user, can often be combined to identify a specific user and his behavior with a relatively high level of confidence. So can algorithmic one-way hashes of the address and most other variants on the meme that could reasonably facilitate reconstructing a particular user's data flow. No such agreement exists with respect to the public permitting for-profit businesses the exclusive use of a portion of the public's IP addresses. Quite the contrary, that public (as it expressed itself to ARIN repeatedly for a decade and a half and as recently as ARIN's public meeting earlier this year) insists that for-profit businesses granted the exclusive use of 8 or more of the public's IP addresses publicly reveal who they are and how to directly contact them. Public. Get it? Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004