Question of privacy with reassigned resources
As an SP in the MDU (multi dwelling unit) market we dutifully SWIP netblocks for each apartment complex/condo/etc. Doing such we publically publish the physical address an IP lives (sans Apt/Unit #). Would anyone feel this is too much information for people to know? Should our SWIPs be more generic, local POP address or local corporate office, just enough for rough geolocation accuracy? I realize what ARIN prefers, this is more of an opinion gathering. -ML
If it is a business, then accurate address does not seem to me an issue, if it is a private address, I think a bit of fuzziness is helpful ----- Original Message ----- From: "ML" <ml@kenweb.org> To: nanog@nanog.org Sent: Wednesday, 4 August, 2010 11:07:47 AM Subject: Question of privacy with reassigned resources As an SP in the MDU (multi dwelling unit) market we dutifully SWIP netblocks for each apartment complex/condo/etc. Doing such we publically publish the physical address an IP lives (sans Apt/Unit #). Would anyone feel this is too much information for people to know? Should our SWIPs be more generic, local POP address or local corporate office, just enough for rough geolocation accuracy? I realize what ARIN prefers, this is more of an opinion gathering. -ML
On Tue, Aug 3, 2010 at 7:14 PM, Franck Martin <franck@genius.com> wrote:
If it is a business, then accurate address does not seem to me an issue, if it is a private address, I think a bit of fuzziness is helpful
An apartment complex/condo/etc is a business which contains private addresses. Do you sell to the residents directly or do you sell to the apartment complex which then resells to individual residents? If the former then you're basically off the hook for anybody who doesn't get a /29 or larger. For the latter, you're providing significant amounts of a public resource (IP addresses) to a business whose contact information you're contractually and ethically obligated to reveal. If a particular complex is worried about publishing their location, they can always rent a P.O. box. If you're the only one doing the worrying, don't. IMO. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Aug 4, 2010, at 1:35 17AM, William Herrin wrote:
On Tue, Aug 3, 2010 at 7:14 PM, Franck Martin <franck@genius.com> wrote:
If it is a business, then accurate address does not seem to me an issue, if it is a private address, I think a bit of fuzziness is helpful
An apartment complex/condo/etc is a business which contains private addresses.
Do you sell to the residents directly or do you sell to the apartment complex which then resells to individual residents?
If the former then you're basically off the hook for anybody who doesn't get a /29 or larger.
For the latter, you're providing significant amounts of a public resource (IP addresses) to a business whose contact information you're contractually and ethically obligated to reveal. If a particular complex is worried about publishing their location, they can always rent a P.O. box. If you're the only one doing the worrying, don't.
I strongly disagree -- you're revealing the precise address of any tenant in those buildings. Don't do that... --Steve Bellovin, http://www.cs.columbia.edu/~smb
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Aug 4, 2010 at 12:42 PM, Steven Bellovin <smb@cs.columbia.edu> wrote:
On Aug 4, 2010, at 1:35 17AM, William Herrin wrote:
On Tue, Aug 3, 2010 at 7:14 PM, Franck Martin <franck@genius.com> wrote:
If it is a business, then accurate address does not seem to me an issue, if it is a private address, I think a bit of fuzziness is helpful
An apartment complex/condo/etc is a business which contains private addresses.
Do you sell to the residents directly or do you sell to the apartment complex which then resells to individual residents?
If the former then you're basically off the hook for anybody who doesn't get a /29 or larger.
For the latter, you're providing significant amounts of a public resource (IP addresses) to a business whose contact information you're contractually and ethically obligated to reveal. If a particular complex is worried about publishing their location, they can always rent a P.O. box. If you're the only one doing the worrying, don't.
I strongly disagree -- you're revealing the precise address of any tenant in those buildings. Don't do that...
Chiming in: I would tend to agree with smb on this particular issue -- that's a bit *too* precise. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFMWcNoq1pz9mNUZTMRArbvAJ9ymAZzgf/hlOVPWQtTj3GcGCFKaACff7Hy bMw7Gg6uZObU4cPmoDU9TK4= =mrQI -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
+1 During the P3P too-and-fro on what constituted PII I lost the argument that masking off the last bits constituted acceptable non-disclosure of PII. Additionally, viewing the long/lat of a property where b/w and addresses are provisioned as the legal entity which owns the building seems odd. Eric On 8/4/10 3:46 PM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Aug 4, 2010 at 12:42 PM, Steven Bellovin<smb@cs.columbia.edu> wrote:
On Aug 4, 2010, at 1:35 17AM, William Herrin wrote:
On Tue, Aug 3, 2010 at 7:14 PM, Franck Martin<franck@genius.com> wrote:
If it is a business, then accurate address does not seem to me an issue, if it is a private address, I think a bit of fuzziness is helpful
An apartment complex/condo/etc is a business which contains private addresses.
Do you sell to the residents directly or do you sell to the apartment complex which then resells to individual residents?
If the former then you're basically off the hook for anybody who doesn't get a /29 or larger.
For the latter, you're providing significant amounts of a public resource (IP addresses) to a business whose contact information you're contractually and ethically obligated to reveal. If a particular complex is worried about publishing their location, they can always rent a P.O. box. If you're the only one doing the worrying, don't.
I strongly disagree -- you're revealing the precise address of any tenant in those buildings. Don't do that...
Chiming in: I would tend to agree with smb on this particular issue -- that's a bit *too* precise.
- - ferg
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFMWcNoq1pz9mNUZTMRArbvAJ9ymAZzgf/hlOVPWQtTj3GcGCFKaACff7Hy bMw7Gg6uZObU4cPmoDU9TK4= =mrQI -----END PGP SIGNATURE-----
On Wed, Aug 4, 2010 at 3:42 PM, Steven Bellovin <smb@cs.columbia.edu> wrote:
On Aug 4, 2010, at 1:35 17AM, William Herrin wrote:
For the latter, you're providing significant amounts of a public resource (IP addresses) to a business whose contact information you're contractually and ethically obligated to reveal. If a particular complex is worried about publishing their location, they can always rent a P.O. box. If you're the only one doing the worrying, don't.
I strongly disagree -- you're revealing the precise address of any tenant in those buildings. Don't do that...
Then discuss it with the apartment complex, Steven, and encourage them to get a PO box to use in place of their physical address. Or just buy a box from mail boxes etc. yourself and set up mail forwarding each time you set up a new apartment complex. The main point of the exercise is that the address consumer (the apartment management company, a for-profit business) be identifiable and directly reachable by phone, email and postal mail, not that they provide accurate coordinates for targeting the nukes. Plenty of reasonable ways to meet the spirit of the rules. The letter too. On Wed, Aug 4, 2010 at 4:08 PM, Eric Brunner-Williams <brunner@nic-naa.net> wrote:
During the P3P too-and-fro on what constituted PII I lost the argument that masking off the last bits constituted acceptable non-disclosure of PII.
Whole other ball game, Eric. In the platform for privacy preferences (P3P) one participant in a data flow asserts that he will keep the other participant's behavior confidential. P3P examines what knowledge the asserter may glean and publish from that data flow without violating that confidentiality. You rightly lost the argument because the subnet, plus other information that doesn't by itself identify a user, can often be combined to identify a specific user and his behavior with a relatively high level of confidence. So can algorithmic one-way hashes of the address and most other variants on the meme that could reasonably facilitate reconstructing a particular user's data flow. No such agreement exists with respect to the public permitting for-profit businesses the exclusive use of a portion of the public's IP addresses. Quite the contrary, that public (as it expressed itself to ARIN repeatedly for a decade and a half and as recently as ARIN's public meeting earlier this year) insists that for-profit businesses granted the exclusive use of 8 or more of the public's IP addresses publicly reveal who they are and how to directly contact them. Public. Get it? Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Aug 4, 2010, at 11:49 42PM, William Herrin wrote:
On Wed, Aug 4, 2010 at 3:42 PM, Steven Bellovin <smb@cs.columbia.edu> wrote:
On Aug 4, 2010, at 1:35 17AM, William Herrin wrote:
For the latter, you're providing significant amounts of a public resource (IP addresses) to a business whose contact information you're contractually and ethically obligated to reveal. If a particular complex is worried about publishing their location, they can always rent a P.O. box. If you're the only one doing the worrying, don't.
I strongly disagree -- you're revealing the precise address of any tenant in those buildings. Don't do that...
Then discuss it with the apartment complex, Steven, and encourage them to get a PO box to use in place of their physical address. Or just buy a box from mail boxes etc. yourself and set up mail forwarding each time you set up a new apartment complex. The main point of the exercise is that the address consumer (the apartment management company, a for-profit business) be identifiable and directly reachable by phone, email and postal mail, not that they provide accurate coordinates for targeting the nukes. Plenty of reasonable ways to meet the spirit of the rules. The letter too.
Clearly, the apartment complex owners could do that if they so choose. I'm not sure who you suggest should "buy a box from mail boxes etc. yourself and set up mail forwarding each time you set up a new apartment complex" -- the ISP? How does that help? This is, as you say, a way to contact the apartment complex owners, right? The issues have to do with knowledge and expenditure. For the most part, consumers and apartment complex owners have no knowledge of IP geolocation or SWIP. It is consumer privacy at risk here, but consumers have no opportunity to opt out of this scheme even if they knew about it. "Discuss it with the apartment complex" is generally null advice; apart from the fact that consumers have exactly zero leverage in many markets, the apartment managers (a) don't know about it, either, and (b) can't be bothered to get a PO box and collect the (rare) mail from it. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On Thu, Aug 5, 2010 at 4:25 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
Clearly, the apartment complex owners could do that if they so choose. I'm not sure who you suggest should "buy a box from mail boxes etc. yourself and set up mail forwarding each time you set up a new apartment complex" -- the ISP? How does that help? This is, as you say, a way to contact the apartment complex owners, right?
Steven, Getting a post office box is a standard and widely accepted way to receive mail when for any reason you don't want the mail addressed to your physical location. Companies like Mail Boxes Etc. take the service one step further - they'll repackage the received mail and send it to your physical address so you don't have to stop by and check the box. Essentially, they provide a second postal address for the recipient unbound from the recipient's physical address. That's what you wanted, right? To avoid revealing the resource consumer's physical address?
The issues have to do with knowledge and expenditure. For the most part, consumers and apartment complex owners have no knowledge of IP geolocation or SWIP. It is consumer privacy at risk here, but consumers have no opportunity to opt out of this scheme even if they knew about it. "Discuss it with the apartment complex" is generally null advice; apart from the fact that consumers have exactly zero leverage in many markets, the apartment managers (a) don't know about it, either, and (b) can't be bothered to get a PO box and collect the (rare) mail from it.
If you feel that way, I suggest you take the issue up on the ARIN public policy mailing list. Solicit public consensus for a change in handling for SWIPs for "apartment complexes as ISP resellers." Absent such a change, redacting identity and contact info for the apartment management company remains simple fraud. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Thu, 05 Aug 2010 08:04:47 EDT, William Herrin said:
If you feel that way, I suggest you take the issue up on the ARIN public policy mailing list. Solicit public consensus for a change in handling for SWIPs for "apartment complexes as ISP resellers." Absent such a change, redacting identity and contact info for the apartment management company remains simple fraud.
I'm not at all convinced that mere redaction qualifies as fraud. It certainly qualifies as *deceptive* - but does it rise to "fraudulent"? Is the fact that I use a Mail Boxes Etc-type service and don't accept mail at my home address because it's a very physically insecure mailbox fraudulent? Yes, it's somewhat deceptive, because it's not my actual home address. But unless you stretch "deception for personal gain" to the point where "gain" is "I don't want mail stolen from my mailbox", I don't think it's actual fraud.
On Thu, Aug 5, 2010 at 8:49 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Aug 2010 08:04:47 EDT, William Herrin said:
If you feel that way, I suggest you take the issue up on the ARIN public policy mailing list. Solicit public consensus for a change in handling for SWIPs for "apartment complexes as ISP resellers." Absent such a change, redacting identity and contact info for the apartment management company remains simple fraud.
I'm not at all convinced that mere redaction qualifies as fraud. It certainly qualifies as *deceptive* - but does it rise to "fraudulent"? Is the fact that I use a Mail Boxes Etc-type service and don't accept mail at my home address because it's a very physically insecure mailbox fraudulent? Yes, it's somewhat deceptive, because it's not my actual home address. But unless you stretch "deception for personal gain" to the point where "gain" is "I don't want mail stolen from my mailbox", I don't think it's actual fraud.
Valdis, It takes some creative reading to think I claimed using an alternate but still correct address (e.g. supplied by mailboxes etc.) constituted fraud. Alternate != redacted. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Thu, 05 Aug 2010 08:58:48 EDT, William Herrin said:
It takes some creative reading to think I claimed using an alternate but still correct address (e.g. supplied by mailboxes etc.) constituted fraud. Alternate != redacted.
Right. The point is that by the same "what is the personal gain" standard, it isn't obvious that redacted == fraud by definition. If I have an alternate physical mailbox and a redacted electronic address for the exact same reason (privacy and security), how is one fraudulent and the other not?
On Thu, Aug 5, 2010 at 9:17 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Aug 2010 08:58:48 EDT, William Herrin said:
It takes some creative reading to think I claimed using an alternate but still correct address (e.g. supplied by mailboxes etc.) constituted fraud. Alternate != redacted.
Right. The point is that by the same "what is the personal gain" standard, it isn't obvious that redacted == fraud by definition.
What personal gain standard? I certainly didn't advocate one, and I don't find anything like that in ARIN's rules. As far as I can tell, anyone can pick an alternate postal address, a hotmail email address and a vonage phone number for their SWIP information if they so choose, quite regardless of whether any personal gain is involved. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Thu, 05 Aug 2010 09:23:12 EDT, William Herrin said:
What personal gain standard? I certainly didn't advocate one, and I don't find anything like that in ARIN's rules.
What you said:
Absent such a change, redacting identity and contact info for the apartment management company remains simple fraud.
"fraud" is usually defined as "deception with intent for personal gain". *That* standard. My point is that redation does not *in and of itself* rise to the level of fraud.
On Thu, Aug 5, 2010 at 9:37 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Aug 2010 09:23:12 EDT, William Herrin said:
Absent such a change, redacting identity and contact info for the apartment management company remains simple fraud.
"fraud" is usually defined as "deception with intent for personal gain". *That* standard. My point is that reda[c]tion does not *in and of itself* rise to the level of fraud.
Valdis, Nitpicking someone's word choice can straddle the border between debate and trolling but if you insist then I suggest you first learn the meaning of the word. "Fraud" is about loss, not gain, and there's nothing "personal" about it. http://legal-dictionary.thefreedictionary.com/fraud "A false representation of a matter of fact—whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been disclosed—that deceives and is intended to deceive another so that the individual will act upon it to her or his legal injury." Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Thu, 05 Aug 2010 10:30:45 EDT, William Herrin said:
"A false representation of a matter of fact whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been disclosed that deceives and is intended to deceive another so that the individual will act upon it to her or his legal injury."
And the mere fact that an address is redacted has the intent to decieve so that another will act on it to legal injury is where, exactly?
On Thu, Aug 5, 2010 at 11:00 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Aug 2010 10:30:45 EDT, William Herrin said:
"A false representation of a matter of fact whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been disclosed that deceives and is intended to deceive another so that the individual will act upon it to her or his legal injury."
And the mere fact that an address is redacted has the intent to decieve so that another will act on it to legal injury is where, exactly?
You've deprived everyone else of the use of that block of IP addresses in violation with your contract with ARIN which requires disclosure. Then, based on the claim that block is in use and properly registered, you've acquired additional blocks from ARIN, depriving everyone else of their use as well. You've deprived ARIN of the ability to audit your consumption of addresses without first notifying you. You've muddied the waters between clearly legitimate and clearly illegitimate use, damaging ARIN's tools and processes for detecting others' fraud. You've made it costlier for the antivirus folks to contact the infected. You've made it costlier for law enforcement to localize offenders and damaged their ability to keep investigations secret. Shall I go on? Regardless of what you may think about whether those injured folks should be entitled to the information, the fact is that they are entitled to it under ARIN policy developed based on public consensus. Which means you injure them by denying it. Which when denied deceptively (by quietly redacting information as opposed to repudiating the contract that requires its disclosure with the specific intent of depriving the entitled of that information) rises to the definition of fraud. BTW, I apologize for my prior comments about trolling. Reviewing the thread, I think I read some intent into your words that wasn't there. Nevertheless, I think we've reached the end of what can be usefully said on the subject of "is redacting business SWIP information fraud or something that's close to but not quite fraud." Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Thu, 05 Aug 2010 12:05:18 EDT, William Herrin said:
You've deprived everyone else of the use of that block of IP addresses in violation with your contract with ARIN which requires disclosure. Then, based on the claim that block is in use and properly registered, you've acquired additional blocks from ARIN, depriving everyone else of their use as well.
OK. Now I see where you're coming from - looking at the one *providing* the address block, not the end-user recipient. I may not agree, but at least I understand now, thanks.
On 8/5/2010 8:04 AM, William Herrin wrote:
On Thu, Aug 5, 2010 at 4:25 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
Clearly, the apartment complex owners could do that if they so choose. I'm not sure who you suggest should "buy a box from mail boxes etc. yourself and set up mail forwarding each time you set up a new apartment complex" -- the ISP? How does that help? This is, as you say, a way to contact the apartment complex owners, right?
Steven,
Getting a post office box is a standard and widely accepted way to receive mail when for any reason you don't want the mail addressed to your physical location. Companies like Mail Boxes Etc. take the service one step further - they'll repackage the received mail and send it to your physical address so you don't have to stop by and check the box. Essentially, they provide a second postal address for the recipient unbound from the recipient's physical address.
That's what you wanted, right? To avoid revealing the resource consumer's physical address?
The issues have to do with knowledge and expenditure. For the most part, consumers and apartment complex owners have no knowledge of IP geolocation or SWIP. It is consumer privacy at risk here, but consumers have no opportunity to opt out of this scheme even if they knew about it. "Discuss it with the apartment complex" is generally null advice; apart from the fact that consumers have exactly zero leverage in many markets, the apartment managers (a) don't know about it, either, and (b) can't be bothered to get a PO box and collect the (rare) mail from it.
If you feel that way, I suggest you take the issue up on the ARIN public policy mailing list. Solicit public consensus for a change in handling for SWIPs for "apartment complexes as ISP resellers." Absent such a change, redacting identity and contact info for the apartment management company remains simple fraud.
Regards, Bill Herrin
There's usually a 50/50 split between the HOA (Home Owners Association) and the individual that are our customers. In the case of a HOA it's not that the HOA is reselling it's that we are contracted to service every member of the HOA and the HOA gives us one check for everyone.
On Thu, Aug 5, 2010 at 8:54 AM, ML <ml@kenweb.org> wrote:
There's usually a 50/50 split between the HOA (Home Owners Association) and the individual that are our customers. In the case of a HOA it's not that the HOA is reselling it's that we are contracted to service every member of the HOA and the HOA gives us one check for everyone.
Hi ML, For individuals, you get significant privacy: https://www.arin.net/policy/nrpm.html#six551 Home owners' associations seem like a gray area to me. You're talking about a non-profit organization whose sole purpose is to represent a group of residences collectively. I think I'd err on the side of listing the HOA's legal name along with the postal address at which the HOA prefers to be contacted but I also think it would be worth bringing up the question on the ARIN PPML. ARIN public policy is a dynamic thing -- it changes and clarifies when good reasons are presented and frankly I think you've hit on a good reason. Apartment management companies, where the entity is unambiguously for-profit, are really past the gray area. Their customers are residential, but they themselves are a commercial entity vending services. Their customers may be entitled to privacy but they aren't. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On 8/3/2010 4:07 PM, ML wrote:
As an SP in the MDU (multi dwelling unit) market we dutifully SWIP netblocks for each apartment complex/condo/etc. Doing such we publically publish the physical address an IP lives (sans Apt/Unit #).
Would anyone feel this is too much information for people to know? Should our SWIPs be more generic, local POP address or local corporate office, just enough for rough geolocation accuracy?
I realize what ARIN prefers, this is more of an opinion gathering. -ML
CALEA may come into play there meaning that there is no privacy per se. Todd
On Tue, Aug 3, 2010 at 7:40 PM, todd glassey <tglassey@earthlink.net> wrote:
On 8/3/2010 4:07 PM, ML wrote:
As an SP in the MDU (multi dwelling unit) market we dutifully SWIP netblocks for each apartment complex/condo/etc. Doing such we publically publish the physical address an IP lives (sans Apt/Unit #).
Would anyone feel this is too much information for people to know? Should our SWIPs be more generic, local POP address or local corporate office, just enough for rough geolocation accuracy?
I realize what ARIN prefers, this is more of an opinion gathering. -ML
CALEA may come into play there meaning that there is no privacy per se.
calea != ARIN policies... the above comment is a red-herring/fud. reading the policies (roughly paraphrased) I'd say you need to (depending where you line up with william's questions) A swip the block the building uses (postal address probably fine) - presumes +/29 to a building, of course B swip as 'residential' anything larger than a /29 that lands at a single dwelling being used for residential things C swip as a normal record anything larger than a /29 that lands at a single dwelling but considered a 'business' as examples of these: A - 1515 Connecticut Ave, Washington DC - The Regency Towers Apartments (fictitious apartment building) B - Private customer - Verizon Internet Services Inc. FTTP (Joe Plumber Apartment #5 inside The Regency Towers Apartments) C - Joes Plumbing and Handyman services - Apt #5 1515 Connecticut Ave (the business address at that apartment location) -chris
participants (9)
-
Christopher Morrow -
Eric Brunner-Williams -
Franck Martin -
ML -
Paul Ferguson -
Steven Bellovin -
todd glassey -
Valdis.Kletnieks@vt.edu -
William Herrin