Hey John, Thanks for taking the time for the detailed response. I always enjoy reading your posts. On 6/17/2012 7:16 PM, John Curran wrote:
On Jun 17, 2012, at 4:01 PM, Vinny Abello wrote:
If anything, I feel like this is a ploy by the FBI feeding the media to get criminals to adopt IPv6 thinking they're harder to track and drop their guard so they'll be easier to catch.
No, it's a real concern that law enforcement has with the current incentives for keeping the Whois up to date, and what happens with IPv6. Feel free to come to an ARIN meeting and chat with the folks from US, Canada, and various Caribbean governments about their issue.
It would seem to me if the if law enforcement is concerned about incentives to make networks do this, then it should be made a law within their operating jurisdiction to enforce this compliance. Failure to comply would have legal and possibly financial consequences in the form of fines or other penalties. We have many more obtuse laws about us (at least in the US that I'm familiar with) that this doesn't seem infeasible or impractical of a goal that will benefit the majority of people via law enforcement's ability to protect and serve. Hoping for a technical solution or self governing "document IPv6 allocations just because we're supposed to, even though there is no consequence either way" won't result in any action. Incentives are also not equally received among 100% of the population. Not everyone likes cookies. :)
By the way, it is not that there is _no_ incentive... Any _large_ ISP ends up having to provide lawful response duties (often the same team that handles spam/abuse/copyright issues) and that means staff. For networks that put subdelegations into Whois reliably, there are less requests for routine information (ergo less staff & less co$t needed to respond.) Not many ISPs are the size where such inquires are routine enough for having a dedicated team, but those who do generally realize the pleasant side effect of keeping Whois up-to-date. This isn't really seen by ISPs who only get the occasional LEA request, so it's not a meaningful incentive on its own for many service providers.
That right there is the problem. The Internet isn't just large ISP's (thank God). You're never going to get an incentive that appeals equally across all types of businesses to comply. Some just don't have the resources like you stated, to even document the allocations despite being required to. If a company were to downsize and looked at someone's job who SWIP'ed allocations or maintained WHOIS, the question would be asked of what would happen if they stopped. In IPv6 land for the small to medium ISP, the answer would be nothing as is illustrated by this article. They would be let go by upper management that didn't know any better, and the company would stop documenting even if they initially did the right thing. Even if ARIN refunded 100% of the fees to networks who properly documented everything and only charged those who were not in compliance, you'd still find people not documenting because it costs less to pay the fee than pay someone to manage that. Incentives are not the solution. Congress should consider passing a law in the US if this of that much concern. I'm unfamiliar with other jurisdiction's law processes covered within the ARIN region, but from the US standpoint, that's the only way I see something actually happening. Technical problems are frequently solved best by technical solutions; legal problems by legal solutions. This is a law enforcement problem and I feel it should be properly solved by a legal solution, but I'm sure someone will be glad to oppose my stated opinion with their own. :) I'm also sure a die hard technical advocate of some technology who is much smarter than myself will illustrate just how technology can solve the problem, so please prove me wrong so we don't need to rely on more government "solutions". I beg of you! :) -Vinny