Search RPD Archives
[rpd] Internet Number Resources review
Kris Seeburn
seeburn.k at gmail.com
Sun Dec 11 08:31:01 UTC 2016
Dear all,
I’ve been watching closely this policy. I wanted to state some ideas and thoughts to revisit the approach. I just put a note here is that , whether you take these suggestions as a board member from me or community member, but i felt we needed to clear things better and give ourselves a further thought on how best to rethink the policy or enabling a different way to achieve same results.
First hand the policy is intentionally good, however the issues afrinic faces is litigation in a court of law if it is applied as it stands. Having said that the idea of the policy can be realistically changed and applied differently.
If members look at the current RSA which afrinic and its resource members are legally attached to, gives some level of auditing within the premises of afrinic staff or hostmaster. Which i would actually suggest the authors to try and enforce. The reality is that the biggest issue we want to address is obviously allocation of the resources and its usage. Right now the RSA builds in the audit at the request time and any time afrinic thinks it wants to revisit the utilization usage.
Let me bring to attention of the community this part from the current RSA:
4. Conditions of service
4. CONDITIONS OF SERVICE
(a) Where a member, receiving service under an existing agreement applies for a change or a variation of the type of such service which AFRINIC has been supplying to it, evaluation of such a "change request" will be effected in terms of the provisions of clause (2) of the present agreement. (lets look at clause 2)
2. Membership application
2. MEMBERSHIP APPLICATION
Applicants shall:
(a) comply with the application process as defined and time by time updated on AFRINIC's website (www.afrinic.net);
(b) provide accurate and complete information when applying for services. Incomplete application will not be accepted and applicant will be notified;
(c) clearly indicate the service(s) for which the application is being made;
(d) where the original information submitted has been the subject of any change, same has to be notified promptly, accurately and fully to AFRINIC by an authoritative and valid contact;
(e) promptly, accurately and completely reply to any enquiry made by AFRINIC during the application or within the currency of the agreement;
(f) provide the relevant information regarding the membership type as indicated online on AFRINIC website and reflected in the membership form;
(g) provide and ensure accurate contact information are stored in AFRINIC databases (Whois and MyAFRINIC).
(b) Cooperation:
(i) An applicant receiving service under an agreement is at all times bound to provide to AFRINIC such information, assistance and cooperation as may be reasonably required by the latter in the provision of the service.
(ii) Such request for information may also be made where AFRINIC is investigating (reviewing) the applicant's utilisation of the numbering resources already assigned to it.
(iii) Failure by the applicant, to comply with a request made at above may:
entail revocation or withholding of the service supplied by AFRINIC;
be taken into account by AFRINIC in its evaluation for further and future assignment or allocation of numbering resources;
lead to the closure of an LIR and termination of the agreement by AFRINIC.
(c) Applicant's use of the service The Applicant hereby irrevocably:
(i) Commits itself to using the services solely for the purpose for which it was requested.
(ii) Commits itself to using the services in full and unreserved compliance with AFRINIC's policies and mandate:
without knowingly infringing the rights and/or interests of other users of such services,
within the limits of applicable laws and/or regulations of the jurisdiction in which it operates.
(iii) Further acknowledges that AFRINIC may at its own discretion and for good cause and common Interest of the stability of the Internet, investigate or cause to be investigated, the Applicant's use of the services by the appropriate and competent authority(ies).
(iv) Hereby binds itself to:
notify AFRINIC whenever its circumstances so change that it is no longer in need of the Internet number resources supplied or being supplied to it under a Registration Service Agreement;
surrender to AFRINIC within 15 days of the service of the notice at (iv)(1) above the Internet number resources supplied or being supplied to it under a Registration Service Agreement; update any data submitted to AFRINIC in the context of:
a. an application for a Registration Service Agreement or
b. the renewal of any Registration Service Agreement whenever such data have been the subject of amendment, change or have become outdated
(d) AFRINIC will comply with all applicable data protection and privacy laws of the Republic of Mauritius in its handling of data and information submitted to it by the Applicant in furtherance of an application for services and use thereof.
Further reading :
11. TERM
Termination by AFRINIC
(iii) AFRINIC shall have the right to terminate this Agreement upon giving The Applicant written notice of its intention and inviting the latter to show cause why such action shall not be taken against it or to take remedial measures to cure any breach particularised in the said notice.
(iv) The Applicant will have a period of 30 days during which it shall communicate the grounds on which it relies to prevent the termination of this agreement by AFRINIC.
(v) Where AFRINIC's notice of termination is based on a breach of the present agreement committed by The Applicant, the latter shall provide evidence of the remedial action(s) taken to cure the breach.
(vi) Where AFRINIC considers in its own discretion that the grounds put forward by The Applicant or the remedial actions taken are satisfactory the termination process will be stopped forthwith.
(e) Effect of termination If this agreement is terminated or expires:
(i) AFRINIC will immediately revoke the numbering resources and otherwise cease providing the services without incurring any liability whatsoever.
(ii) The Applicant shall pay forthwith any outstanding fees it owes AFRINIC.
(iii) Any membership right and benefits accruing to The Applicant in its capacity as member shall lapse immediately.
So i would like to urge us all to please look at the different issues closely.
I would like to perhaps recommend a different way of revisiting the policy:
First, is to give afrininc a greater level of enforceability of the clause like something :- based on the size of the allocation a detailed review of application and details subject to a staff visit of premises or infrastructure for the the applicant may have to bear the cost subject to allocation of resources
Second, in case of any doubt or report from confirmed sources of reporting or cause for having established that the said member is not using the said allocated resources as per conditions of service, afrinic can use or suggest auditing such resources at its discretion to ensure proper and agreed terms of use. (This part is the challenging one, as any such instance would need to establish that there has been a real infraction to the usage of such resources or to have falsely given wrong information)
Third, subject to non-compliance as per existing policies can revoke or claim back such resources or deny such resources as requested by the member. (Again we need to establish that the member has wrongly provided or is really in infraction against the RSA)
The above is subject to legal views of course but members what you really want is to ensure afrinic does not fall short to a litigation issue which can have a negative impact. We really need to find better ways of enforcing auditing under clause 4 of the RSA which would have impact on allocation of resources time and so on. Which i would urge all to consider properly. The repercussions will be there. So even on this we will need to ensure what we want to be the further case where resources are denied or recovered. We need a clearer way of stating under what clear conditions these would apply.
Now the other bit which is more the case and the section 4.(d) is what applies to and the challenging part. There is perhaps a simple way to give the membership what they want is perhaps at reporting can just say X number of members has been revoked and X number of resources reclaimed. As such we respect the Data Protection act and they are anonymized at the same time. However, let me just bring the act in context:
http://dataprotection.govmu.org/English/Documents/The%20Law/DPOregul.pdf <http://dataprotection.govmu.org/English/Documents/The%20Law/DPOregul.pdf>
http://dataprotection.govmu.org/English/Legislation/Pages/Data-Protection-Act-2004.aspx <http://dataprotection.govmu.org/English/Legislation/Pages/Data-Protection-Act-2004.aspx>
http://dataprotection.govmu.org/English/Legislation/Pages/Data-Protection-Principles.aspx <http://dataprotection.govmu.org/English/Legislation/Pages/Data-Protection-Principles.aspx>
We need to note under the DPA : Note: A disclosure of any personal data to a person specified above must not be made in any manner incompatible with the purpose(s) for which those data are kept. Otherwise, the disclosure will be in contravention of section 26(b), 27 and 29(1) of the Data Protection Act.
So we need to find a correct balance in what we want to enact and how we do it. My personal take is put in a rigorous assessment policy because of the IPv4 depletion and also unweary usage of the current resource allocation and an anonymized reporting that would at least ensure we are not in contravention of the different legal process.
So perhaps to make it work give the discretionary power based on certain key rules set by the community as a policy to affect the “conditions of service” in the RSA and modifying time of allocation of service in such way that afrinic does not face more litigation in longer run and also limit the provision of details provided to membership so as not to affect afrinic as a company.
However, any detailed audit will have a cost impact and i think we also need to define the key rules to such audits as well. Cost impact as an auditor myself depends how much in depth one wants to go. So varied levels would require varied costs. These will also need to be defined by membership how we control or apply these.
Also, i noted in the policy the case for reporting issues where members think another member is in infraction with the current RSA conditions. It could be something that goes for the new governance committee to work on and propose or the community find a way of ensuring protection against litigation as this would also need a clearly defined legal process. Just t ensure afrinic operates within its legal terms.
As i read through the RSA it suggests that the member needs to be binded to the policy we also need to ensure the RSA is also amended still to protect its members as well as its own afrinic legality.
We need to be pragmatic but also find a right balance to fit what many of us want to try and control within the real boundaries. What i am saying it is not impossible to work things through but lets think with what we have as boundaries around us.
These are my food for thought. I am sure we can all commonly work on finding the balance.
Kris
> On Dec 10, 2016, at 6:39 PM, sm+afrinic at elandsys.com wrote:
>
> Hi Patrick, Wafa,
> At 07:34 30-05-2016, GH.-GNONKOTO Serges PATRICK wrote:
>> Ce policy est encourageant etant donne qu'il donne la possibilite a AFRINIC de contreler le flux et a la communaute de suivre la gestion de ses ressources.
>
> At 10:32 26-05-2016, wafa at ati.tn wrote:
>> This is part of RIR mandate so AFRINIC should receive all the support (technical, financial, cooperation,etc) from the membership and community at large to perform his duties.
>
> Le conseiller juridique d'Afrinic Ltd a explique les risques juridiques qu'encoure l'entreprise et l'article du Code civil qui regit le contract entre les deux parties. Il revient aux directeurs qui siègent au conseil dadministration de l'entreprise de s'assurer que l'entreprise se conforme a ses obligations legales et de gerer les risques de litige.
>
> Est-ce que le PDWG peut elaborer une politique qui va a l'encontre du contract de prestation de service? Ce serait une decision irreflechie si les obligations legales n'ont pas ete prises en compte.
>
> Regards,
> S. Moonesamy
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
Kris Seeburn
seeburn.k at gmail.com
www.linkedin.com/in/kseeburn/ <http://www.linkedin.com/in/kseeburn/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20161211/d56c3801/attachment-0001.html>
More information about the RPD
mailing list