Re: Submitting Fake Geolocation for blocks to Data Brokers and RIRs

[Tom Beecher <beecher () beecher cc>]

> If the endpoint (e.g. web server) is physically located in Germany and
> you're helping a client misrepresent that it's located in Estonia in
> order to evade a legal requirement that it be located in Estonia then
> you've made yourself a party to criminal fraud.

While I agree with the overall sentiment of your message, I am curious ;
have there been any instances where an internet provider has been found
liable (criminally or civilly) for willfully misrepresenting IP geolocation
information?

On Wed, Apr 21, 2021 at 3:23 PM William Herrin <bill () herrin us> wrote:

> On Wed, Apr 21, 2021 at 11:58 AM nanoguser100 via NANOG <nanog () nanog org>
> wrote:
> > I wanted to get the communities' opinion on this.
> >
> > Increasingly I have run into 'niche needs' where a client has a few
> users in a country we don't have a POP, say Estonia.  This is 'mainly' for
> localization but also in some cases for compliance (some sites REQUIRE an
> Estonian IP).  With that being said is it common practice to 'fake'
> Geolocations?  In this case the user legitimately lives in Estonia, they
> just happen to be using our cloud service in Germany.
>
> If the endpoint (e.g. web server) is physically located in Germany and
> you're helping a client misrepresent that it's located in Estonia in
> order to evade a legal requirement that it be located in Estonia then
> you've made yourself a party to criminal fraud. Do I really need to
> explain how bad an idea that is?
>
> If the service is a VPN relay for addresses which are actually being
> used in Estonia then what's the problem? You're just a transit for
> those IPs. Report the location where the endpoints are, not the
> transits.
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin
> bill () herrin us
> https://bill.herrin.us/