Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

Lu Heng h.lu at anytimechinese.com
Tue Jun 27 03:37:32 UTC 2017 

Dear  Colleagues:

I remain firmly oppose this policy. And for the future of AFRINIC, I hope
this policy can be modified and further discussed. And here are my reasons:
First of all, this policy is in direct conflict with transfer policy, if
someone wants to sell their address space, they surely not commit to use it
with the original purpose, should AFRINIC instead of allowing them to
transfer the space, but reclaim them and redistribute them for "better
use"? If that is the case, the transfer policy will have no use because of
that.

RIPE NCC does review their members as well, they call it assisted registry
check, basically they check the contact details and so on and ask you to
confirm if all OK, they also verify that assignments are registered, if
anything is wrong, LIR is asked to fix it, there are no threats of
de-registration, as far as I know, no RIR has ever de-register allocation
from their active member ever in history. I would agree to the policy if
the review was carry out on the assignment base (just imagine if you have
to review entire MTN or liquid telecom), and if member does not comply, the
punishment should be no more future additional allocation, therefore we do
not let anyone lose their connection, so we can avoid the legal issue by
doing that.

I would oppose review on the allocation base, image review an entire /12
allocation for example, it will cost both member and AFRINIC millions of
dollars, and if you are nitpicking, you always find policy valuation in any
large telcos, it's just impossible in business to follow the policy rule
exactly if you are running a company like MTN, if you deregister MTN's
range because of that....I only can image it become end of AFRINIC as we
know it.

And as we can see from the data here,
http://bgp.potaroo.net/ipv4-stats/allocated-afrinic.html , 7.23 /8s
Assigned, 6.27 /8s Allocated, 0.96 /8s in RIR Pool, 5.49 /8s Advertised, in
which means,* at this moment there is 1.76 /8 have been assigned to members
in Afrinic region, but not even advertised in the internet*, that is equal
to 29527900 IP addresses, If, there is a review being conducted to this 29
million IP addresses, *I am sure by current policy, they can have "better
use" than sitting idle or being used internally.* Since transfer policy
have been passed, those address has market value of 300 million dollars,
reclaim those amount of address space, without any additional business
damage, *would very likely results AFRINIC paying over 300 millions dollar
worth of damage, in which is more than half a century income for AFRINIC.*




And below I will add my email on the topic a year ago, in which all the
point still stands:

I'd like to contribute my own 2 cents.

Let's assume, this policy really putting into action and found a policy
breach, stay with me with the example(so let's say the policy in fact works
on its purpose of finding policy breach):

National telecom A from country B has a lot of its practice that not
following the policy,Afrinic therefore by RSA trying to reclaim the address
from the national telecom A from the requested audit.

Because of the reclamation, a lot of people lost their connection in
country B.

National telecom taking Afrinic to court and country B government talking
to UN and ITU to dismiss Afrinic.

Does Afrinic, being an 30 people organization with only 4 million dollar in
budget, even stay a chance to fight them at all?

So this reclamation will risk the very existence of Afrinic, for a maybe a
/15 misused address, seriously is it worth it for the community as a whole?

Maybe some would claim that not every company has 4 million in budget, not
every member that Afrinic are not able to fight in court, the simple truth
is, the one are smaller than Afrinic in size and budget, their space will
be small enough that will not make difference for the community(audit an
/22 and get it back will really worth nothing to the community, and you can
hardly call /22 stock piling as well).

And any company go though RIR process and justified their need in which is
greater than, let's say, /16, will surely have multiple times size of
Afrinic with much stronger financial power, Afrinic can not afford fighting
them in court under today's condition. Let's face it, Afrinic has no real
enforcement power like some might think it does, Afrinic is an registration
service, it already does everything it can during the process issuing the
IP address to make sure fair distribution according to the policy, and keep
the whois database accurate, that is all what community ask them to do, and
that is all what Afrinic capable of doing.

There is no single RIR, RIPE NCC being 5 times bigger budget than Afrinic
included, are able to reclaim address from member who do not need them
anymore, and that is the exact reason why we have a transfer policy in most
of the region now. People transferring are clearly not needing address
anymore, why none of RIR today reclaim them from the holder? There might be
quite few argument to that, but the one I understand is, none of them able
to, most large block holder, if not all, are multiple size of the RIR both
in number of staff and financial power, sometime even in political
influence, and it is really not worth to risk all the member fees to fight
an single member(or multiple members, consider the amount of transfer
happening every month). *Market works better than central planning*,
communist country learned this in hard way.

*What is the normal practice in every region until now, is that, assignment
can be cancelled by RIR, however, allocation are untouchable once it is
issued, no RIR has ever in history claimed back an allocation from member
due to insufficient usage. *Not to mention Afrinic being the smallest,
least funded RIR among them all.

Let's distribute the rest v4 at fair pace, and stop asking Afrinic acting
as communist country's central government, *all Afrinic has is an database,
with 30 people maintain it under 4 million USD budget,* the only reason all
those government and large telecom leave Afrinic alone, is because Afrinic
does not claim any power but only maintain the database, once Afrinic claim
its power to manage whole continent's infrastructure(like one of the
hostmaster mistakenly claimed in one of Afrinic meeting), it will simply be
the day Afrinic ends as we know it. *For that power, we will need a much
bigger Afrinic with each country's gov setting on the board to decided
things(and enforce it with real power), just like you see in most
international governing organizations.*

So please keep Afrinic doing registration service alone, like Rob, the
first RIPE chair and much respected globe community member once said, *RIR
are bookkeepers, nothing more.* The wise man help establish the RIR system
as we know it today, and I believe its bookkeeper analogy are what protect
the RIR's very existence for past 3 decates.

Otherwise, you will need not just a policy to make the intend of this
policy work, *you will need high level enforcement power from the each
countries' government, and you will need a much bigger Afrinic, or rather,
"Africa internet government".*

*I would appreciate author to address all the above concerns.*

*With regards.*

*Lu*

On 26 June 2017 at 01:57, David Hilario <d.hilario at laruscloudservice.net>
wrote:

> Hi Arnaud,
>
> AFRINIC Ltd being put in direct danger of legal actions and financial
> claims from its members is still a possibility regardless of how we
> look at the situation, this will continue to be the case for as long
> as the proposal threatens to de-register resources..
>
> This is the reason why an objections were raised, it is even part of
> the reasoning in staff assessment as a very real possibility, I don't
> believe we can simply close our eyes on this one and just act as if it
> isn't there.
>
> RSA is "only" a legal document between a member and AFRINIC LTD, it
> contains some resources related guidelines, but as we have seen with
> the transfer policy it is not above AFRINIC policies.
> The policies are above the RSA when it comes to resource management
> and distribution, RSA gets invalidated by any policy contradicting it,
> as such basing and defending a policy a policy proposal on the content
> of the current RSA may be unwise, the policy needs to stand on its own
> without having to refer to the RSA.
>
>
>
> David Hilario
>
> IP Manager
>
> Larus Cloud Service Limited
>
> p: +852 29888918  m: +359 89 764 1784
> f: +852 29888068
> a: Flat B5, 11/F, TML Tower, No.3 Hoi Shing Road, Tsuen Wan, HKSAR
> w: laruscloudservice.net
> e: d.hilario at laruscloudservice.net
>
>
> On 23 June 2017 at 19:33, Arnaud AMELINA <amelnaud at gmail.com> wrote:
> > Hello Ashok, please find inside lines in red color, authors response to
> your
> > concerns :
> >
> > 2017-06-19 1:34 GMT+00:00 Ashok Radhakissoon <ashok at afrinic.net>:
> >>
> >>
> >>
> >> To the Attention of the  Co -Chairs-PDWG
> >>
> >> I refer to the proposed" Internet Number Resources Review" policy and
> >> specifically to my observations thereon from a legal perspective.(
> attached
> >> here)
> >> Indeed I made two assessments. The first was for the first version of
> the
> >> said proposal
> >
> >
> > Your first assessment is very inspiring and can be seen at
> > https://afrinic.net/community/policy-development/policy-
> proposals/1947-internet-number-resources-review-by-afrinic#assessment
> > It says:
> >
> >
> > Legal:
> >
> >     The RSA is a community approved document and all members are bound by
> > each and every clause thereof once they sign the agreement. It is a
> contract
> > where both parties subscribe to clear obligations.
> >     In application of the law of contract of Mauritius as found in
> Article
> > 1134 of the Mauritius Civil Code Section 4, the RSA is already binding,
> as a
> > result on all members who sign the agreement.
> >     It is perfectly lawful , in terms of the application of the Mauritius
> > Civil Code , for AFRINIC to act under the said section and reclaim
> resources
> > from those members who/which fail an audit/review exercise.
> >     The policy can do no more than allow AFRINIC to do what it is already
> > doing in a clear and transparent manner on the basis of a community
> approved
> > document
> >
> >
> >>
> >> and  the second was for the amended  versions thereof.
> >
> >
> > It will be good if you could  point out the amendments and how they bring
> > some potential risks
> >
> >>
> >> Whilst my first observation rested on the contractual  aspect of the RSA
> >> and the contractual obligation of members to comply thereto-See clause
> 4 of
> >> the RSA. My second assessment was made from the perspective of the
> >> implementation of the proposal.
> >
> >
> > As there is no legal concerns about adopting a policy to implement
> > contractual obligations set by the RSA and allocations/assignment
> policies,
> > it sounds good to discuss implementation.
> >
> >>
> >> As these assessments were submitted by AFRINIC to the authors in good
> time
> >> before the face to face discussion thereon, I expected that they were
> to be
> >> considered as a fourth version of the proposal was presented.
> >
> >
> > Just for records: version 4 was submitted on April 11, Second staff and
> > legal assessment  was  published on April 26
> >
> >>
> >> To all intents and purposes, it is my humble opinion that the legal
> issues
> >> were not addressed by the authors nor did you draw attention to them
> during
> >> the face to face meeting.
> >
> >
> > Authors responded to this second  assessment on the mailing list. See
> > https://lists.afrinic.net/pipermail/rpd/2017/006889.html and spoke about
> > them in the presentation made during the PPM
> >
> >>
> >> I believed that since the assessments were part of the record for the
> >> purposes of discussions and consideration, I did not draw the attention
> of
> >> the working group to them.
> >> I am now doing so.
> >
> >
> > Thank you. We believe this give the working Group and yourself a single
> > opportunity to progress and close this issues.
> >
> >>
> >>  I reiterate that the proposal, as submitted and later amended, would
> >> expose AFRINIC to potential legal suits if the following issues which I
> have
> >> raised in my assessment are not addressed.
> >
> >
> > See below
> >
> >
> >>
> >> 1- The testing of data/facts/ evidence submitted( by third parties) to
> >> staff  require the latter to verify  the veracity/admissibility/
> authenticity
> >> thereof.If AFRINIC was to act on these, and they later reveal
> themselves to
> >> be forged/untrue/inadmissible/, AFRINIC may potentially face civil
> suits at
> >> the behest of members from whom resources would have been recovered and
> >> which could have been prejudicial to them(members).
> >
> >
> > You point to Third parties  with  “data/facts/evidence submitted by
> (third
> > Parties) to staff.  You are then referring to section 13.3.2(b) below
> >
> >
> > 13.3.2 Selected
> > A member is selected because of an internal report or due to a lack of
> > contact between the AFRINIC and the member.
> > 13.3.3 Reported: Here, members are reviewed either because:
> > a. They have requested the review themselves or;
> > b. There has been a community complaint made against them that warrants
> > investigation. Complaints shall be backed by evidence and AFRINIC staff
> > shall evaluate the facts as appropriate to conduct the review. However,
> this
> > review is not applicable to a member with the same resources portfolio on
> > which a full review has been completed in the preceding 24 months.
> >
> >
> > Staff shall evaluate the facts at their discretion just to know if the
> > complaint is worth establishing a review. The decision to run a review in
> > all cases fall under RSA and policies provisions.
> >
> > section 4 (iii) of RSA
> >
> > Further  acknowledges  that  AFRINIC  may  at  its  own  discretion  and
> > for  good  cause  and
> > common Interest of the stability of the Internet, investigate or cause
> to be
> > investigated, the Applicant’s
> > use of the services by the appropriate and competent authority(ies).
> >
> >
> >>
> >> I also referred to the problem of multi-jurisdictional sources of
> >> evidence/facts etc
> >
> >
> > No need for a legal document/evidence as explain above.
> >
> > But in case this would be needed, one could expect the company legal
> counsel
> > to guide the organization as how it works by default.
> >
> > AFRINIC already deals with evidences/Facts from members and potential
> > members when evaluating request for allocations and additional
> allocations.
> >
> >
> >>
> >> 2- The authors must pronounce themselves on whether members should have
> >> recourse to sworn affidavits or go through the services of a
> commissioner of
> >> oath or propose any other modus to enable the staff of AFRINIC to
> undertake
> >> the testing exercise on the basis of reliable evidence, before embarking
> >> upon a review process.
> >
> >
> > RSA does not require sworn affidavit to provide information to staff
> >
> >>
> >> 3-My remarks would apply for the two "classes" of review- complaints
> from
> >> community- AFRINIC's own decision-
> >
> >
> > this is addressed above
> >
> >>
> >> 4- I have also not seen the stand of the authors regarding the fact as
> to
> >> the "arbiration award" being unequivocal and my observation related to
> an
> >> incompatibility with the Code of Civil Procedure of Mauritius.
> >
> >
> > There seems to be some confusions and misunderstandings here. Below is
> again
> > the text of the appeal procedure:
> >
> >
> > 13.5 Appeal procedure
> >
> > The review shall be conducted in full transparency and neutrality.
> >
> > Reviewed members who are not satisfied have the right to appeal against
> the
> > result.
> >
> > Appeals shall follow an arbitration process as defined by AFRINIC, which
> > shall publish the process and the pool of arbitrators whom shall be
> > knowledgeable volunteers from the community.  The outcome of the
> arbitration
> > process is unequivocal.
> >
> >
> > It is about an appeal against the result of the audit. Nothing more.  An
> > appeal process as we do have for example in the section 3.5 of the CPM.
> >
> > The Arbitration process to be defined by AFRINIC “must” only cover
> appeals
> > against the results of review and not appeal against actions taken by
> > AFRINIC after a review.
> >
> > This must be separated from any dispute which may arise from action
> taken by
> > AFRINIC as results of a review or other mechanisms which shall follow the
> > Number Resource Dispute Resolution of AFRINIC as  shown  at this URL.
> > https://www.nro.net/about-the-nro/rir-governance-matrix/#disputes
> >
> > So question is  “ is section 13 of the RSA incompatible with the Code of
> > Civil procedure of Mauritius” ?.  But this discussion does not fall under
> > this policy proposal
> >
> >
> >
> >>
> >> 5- I also raised the issue of " hearing" the investigated party( a
> >> requirement of the rules of natural justice) and expressly stated that
> the
> >> proposal does not provide anything in this regard.
> >
> >
> > Policies and RSA provide mechanisms for staff to conduct review of
> > allocation/assignment requests and allocated resources usage. This policy
> > proposal does not need to define any other mechanisms.
> > Investigated party must collaborate and provide information required by
> > AFRINIC.
> >
> > Afrinic does not conduct hearings with requesting members, so not
> required
> >
> >
> >>
> >> 6-The question of choice of jurisdiction  wherein the arbitration  be
> >> held-Would it always be Mauritius ? This is the law that applies to the
> RSA.
> >
> >
> > As stated above, the Arbitration this policy proposal refers to does not
> > require jurisdiction.
> >
> > Choice of jurisdiction according to the RSA is Mauritius, and we expect
> this
> > to apply to Number Resource Dispute Resolution as defined in the RSA
> >
> >
> >>
> >> In the light of the above ,may I request the Co-Chairs to consider same
> >> and consequently decide, whether further discussions are required on
> this
> >> proposal.
> >
> >
> > Hope the above clarify  things and address your concerns
> >
> >
> >>
> >> I thank you for you kind consideration.
> >> Ashok.B.Radhakissoon
> >> Afrinic-Legal Adviser.
> >>
> >>
> >
> > Warm Regards
> >
> > Arnaud A. A. A.
> > Active Community member ;)
> >>
> >>
> >>
> >> _______________________________________________
> >> RPD mailing list
> >> RPD at afrinic.net
> >> https://lists.afrinic.net/mailman/listinfo/rpd
> >>
> >
> >
> > _______________________________________________
> > RPD mailing list
> > RPD at afrinic.net
> > https://lists.afrinic.net/mailman/listinfo/rpd
> >
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>



-- 
--
Kind regards.
Lu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20170627/33b956a6/attachment-0001.html>

More information about the RPD mailing list