Re: Important New Requirement for IPv4 Requests [re "impacting revenue"]

[Shane Ronan <sronan () fattoc com>]

On Apr 21, 2009, at 3:19 PM, Owen DeLong wrote:

> Well... ARIN is structured with a bottom-up community driven policy  
> process. That has
> served us well for many years, and, I think that changing it would  
> be a mistake.  However,
> in this case, that means that the following people are specifically  
> excluded from proposing
> policy:
>
>         The BoT (other than via the emergency process)
>         ARIN Staff
>
> Policy proposals must come from the community. Either at large, or,  
> from the ARIN AC
> which is an elected subgroup of the community tasked with developing  
> good policy for
> ARIN. The AC itself depends largely on community input for what kind  
> of policy the
> community wants us to develop, and, at the end of the day, community  
> consensus is
> required in order for a proposal to become policy.

It's served us so well that we are running out of IP space and no  
effective way to migrate to the already existing replacement solution.  
The argument that it's always been that way, just doesn't cut it. It's  
the same with all these issues. If ARIN were to hire someone whose job  
it was to avangelize a workable solution, I am sure you would see  
individuals willing to come forth and support it and create a  
consensus. And FYI, there is nothing saying that consensus is required  
for a proposal to become policy, look at the US government, they make  
policy every day without consensus. If the situation is as bad as it's  
being made out to be, then ARIN MUST act in the best interest of the  
community as a whole.
> > B) Again, while it might be the IETF's "job", shouldn't the group  
> > trusted with the management of the IP space at least have a public  
> > opinion about these solutions are designed. Ensuring that they are  
> > designed is such a way to guarantee maximum adoption of v6 and thus  
> > reducing the potential for depletion of v4 space.
> The IETF specifically does not accept organizational input and  
> requires instead that
> individuals participate. This is one of the great strengths, and,  
> also one of the great
> weaknesses of the IETF. However, it means that even if ARIN could  
> develop a public
> opinion (which would have to come from the ARIN community by some  
> process which
> we don't really have as yet), this opinion wouldn't mean much in the  
> IETF's eyes.

Again, if ARIN were to put out a "best practices" guide, and promote  
it as a way to push forward IPv6. Instead they are saying "not my  
problem" and "the guys who are working on it, won't let us play with  
them"
> > C) Are ARIN's books open for public inspection? If so, it might be  
> > interesting for the group to see where all our money is going,  
> > since it's obviously not going to outreach and solution planning.  
> > Perhaps it is being spent in a reasonable manner, and the fees are  
> > where they need to be to sustain the organizations reasonable  
> > operations, but perhaps not.
> I will leave this to the BoT to answer, but, I know that the  
> treasurer presents a report
> at every members meeting which provides at least some high level  
> details. I believe
> that as a non-profit corporation, a great deal of openness is  
> required for accountability
> to ARIN members.

Why is travel such a large percentage of their expenses? If people  
want to be on the board, they should pay for their own travel to the  
meetings. This is a Not For Profit, not a corporation, big difference.
> > Mr Curran, given the response you've seen from the group, and in  
> > particular the argument that most CEO's or Officers of firms will  
> > simply sign off on what they IT staff tells them (as they have  
> > little to no understanding of the situation), can you explain what  
> > exactly you are hoping to achieve by heaping on yet an additional  
> > requirement to the already over burdensome process of receiving an  
> > IPv4 allocation?
> I can't say what Mr. Curran expects, but, here's how I see it:
>
> 1.	If an officer of the organization signs off, then, that means  
> that both the
> 	organization and the officer personally can be held accountable for  
> any
> 	fraud that is later uncovered. If the officer is an idiot, perhaps  
> he'll just
> 	sign, but, most officers I have experience with don't do that. They  
> usually
>         engage in some level of verification before signing such a statement.

How do you figure, under what law is this enforceable? Most Officers  
will simply say to the person asking them to sign it "Is this true"  
and when they say yes, he'll sign it. The CEO of most corporation does  
not have the time, experience or expertise to determine if his firm  
truly needs additional IP Space.
>

> 2.      Organizations which are submitting fraudulent requests may be less
> 	willing to do that when someone has to make a signed attestation  
> under
> 	penalty of perjury. Especially when that person has fiduciary  
> liability to
>         the organization as an officer.

Again, what law are they violating? How is this considered perjury?

> 3.	There are lots of things people will do if they don't think there  
> are potential
> 	consequences. A signed attestation by a corporate officer  
> dramatically
> 	reduces the apparent lack of consequences to a fraudulent  
> application.
>
> Sure, there will always be criminals and criminals may not be bothered
> by this signed attestation process. However, having it does give the  
> ARIN
> legal team a better shot at them as well.

Again how does signing an attestation = criminal liability? Maybe  
civil liability, but certainly not criminal liability.

> I am not a lawyer and these are just my own opinions.
>
> Owen