Re: E-mail from ARIN ref. Legacy Registration Services

[George Russ <george.russ () CITADEL EDU>]

> From counsel:

 Section 3 Evaluation and Service

        This is one of the incredibly one-sided sections.  ARIN has the
sole and exclusive discretion to make requirements of us, and then to
determine whether it can provide services.  I would like to see some
softer language here- ie that ARIN has the right to require "additional
documentation, as commercially reasonable" or something similar.  Also,
it would be nice to have some sort of appellate, or second review,
process.  

Section 4 Conditions of Service

        The change request section is equally one-sided.  Again, it
would be nice to have some "commercially reasonable" provisions, and/or
appellate / review provisions.

        The prohibited conduct section is incredibly vague.  I trust
they are saying that if we violate any laws concerning internet
security, or something along those lines, that they will cancel our
contract. As written,  however, they could be saying that if we violate
a zoning provision here, that such a violation is sufficient to warrant
cancellation.  Thus, I would like to see this provision tightened up
some.

Section 7 Current and Future Policies 

        This is another of the incredibly one-sided sections.  ARIN has
"the sole and absolute discretion (to) amend the Poilicies," which
amendments become binding on us immediately upon publication on the
website.  At the least, they could send us an e-mail of changes in
policies.  I get notifications regularly from 401(k) and SEP account
companies. Why can't they do the same?

Section 11 Representations and Warranties

        (1)  Richard - unless Curt or John Walker has authorized you to
do so, you do not have authority to enter this contract.  (2)  I don't
know what other contracts we have which might conflict with this one;
also, I am leery of saying this doesn't violate any applicable laws.  At
the moment, I do not know of any laws that apply to this, but that is an
incredibly broad statement, which it would be nice to change...

Section 14 - Term and Termination

        Their rights to terminate are much broader than ours.  We have
to go to arbitration, whereas they don't, in many respects.  Thus, I
would strike all of the language in 14 (c) beginning at "IF ARIN
believes any claim of breach is not correct or has been cured, it shall
respond in writing...

Section 15 - General Provisions

        I don't understand paragraph (b). Is this a change in procedure
from current practice?

        What other policies are there, as referenced in subparagraph
(d)?

        Their description of force majeure is a bit broad. I would
exclude "riots, failure of contractors or subcontractors to perform,
labor strike, lockout, boycott, or acts of governmental authorities."  I
just don't see them as "acts of God."  

        Again, I like the residual clause they have included regarding
choice of law.  That's clever.


Thank you
George
--------------------------------------------------------------
George Russ                     ITS/Network Operations and Security 
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Lundy
Sent: Friday, March 28, 2008 1:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] E-mail from ARIN ref. Legacy Registration
Services

What did legal counsel advise?

Dave

------------------------------------------------
David Lundy
Assistant IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy () pacific edu
Voice: 209-946-3951
Fax: 209-946-2898         

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of George Russ
Sent: Friday, March 28, 2008 10:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] E-mail from ARIN ref. Legacy Registration
Services

We received one and our Director sent it to counsel for legal advice
first.



George
--------------------------------------------------------------
George Russ                     ITS/Network Operations and Security 
The Citadel                       Charleston SC 29409 
--------------------------------------------
The information contained in this e-mail message is privileged and
confidential information intended for the intended recipient only. If
you are neither the intended recipient nor the employee or agent
responsible for delivering this message to the intended recipient, you
are hereby notified that any disclosure, copying, distribution or the
taking of any action in reliance on the contents of this e-mail is
strictly prohibited.   If you have received this e-mail in error, please
reply and notify the sender and delete this message. 
Unauthorized interception of this e-mail is a violation of criminal law.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Clyde Hoadley
Sent: Thursday, March 27, 2008 1:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] E-mail from ARIN ref. Legacy Registration Services

We received a rather odd e-mail from ARIN.NET this week (excerpt below).
It's not clear to me what this is about.  Did anyone else received one?
Should we send it on to our legal Council? Ignore it? Apply for it?
Does it even apply to Colleges and Universities?

This is outside my domain of knowledge which, I admit, is growing
smaller by the hour (grin).

---
Clyde Hoadley
Metropolitan State College of Denver

> -------- Original Message --------
> Subject: [ARIN-20080324.9783] ARIN offers a Legacy Registration
Services Agreement
> Date: Mon, 24 Mar 2008 06:11:08 -0400
> From: arin-registration () arin net

...
> The American Registry for Internet Numbers (ARIN) now offers you  >a
Legacy Registration Services Agreement(RSA). This agreement  >ensures
your legacy resources the same services provided to  >thousands of other
organizations who have received Internet  >number resources directly
from ARIN since December 1997. The  >Legacy RSA contractually ensures
that ARIN policies adopted  >after the contract is signed will not
reduce or restrict the  >Legacy RSA address holder's contractual rights.
...

> http://www.arin.net/registration/legacy/

------------------------------------------------------------------------
----