ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

Mon Jun 18 02:30:34 UTC 2012

Hey John,

Thanks for taking the time for the detailed response. I always enjoy
reading your posts.

On 6/17/2012 7:16 PM, John Curran wrote:
> On Jun 17, 2012, at 4:01 PM, Vinny Abello wrote:
>> If anything, I feel like this is a ploy by the FBI feeding the media to
>> get criminals to adopt IPv6 thinking they're harder to track and drop
>> their guard so they'll be easier to catch.
>
> No, it's a real concern that law enforcement has with the current
> incentives for keeping the Whois up to date, and what happens with
> IPv6. Feel free to come to an ARIN meeting and chat with the folks
> from US, Canada, and various Caribbean governments about their issue.

It would seem to me if the if law enforcement is concerned about
incentives to make networks do this, then it should be made a law within
their operating jurisdiction to enforce this compliance. Failure to
comply would have legal and possibly financial consequences in the form
of fines or other penalties. We have many more obtuse laws about us (at
least in the US that I'm familiar with) that this doesn't seem
infeasible or impractical of a goal that will benefit the majority of
people via law enforcement's ability to protect and serve. Hoping for a
technical solution or self governing "document IPv6 allocations just
because we're supposed to, even though there is no consequence either
way" won't result in any action. Incentives are also not equally
received among 100% of the population. Not everyone likes cookies. :)

> By the way, it is not that there is _no_ incentive... Any _large_ ISP
> ends up having to provide lawful response duties (often the same team
> that handles spam/abuse/copyright issues) and that means staff. For
> networks that put subdelegations into Whois reliably, there are less
> requests for routine information (ergo less staff & less co$t needed
> to respond.) Not many ISPs are the size where such inquires are routine
> enough for having a dedicated team, but those who do generally realize
> the pleasant side effect of keeping Whois up-to-date. This isn't really
> seen by ISPs who only get the occasional LEA request, so it's not a
> meaningful incentive on its own for many service providers.

That right there is the problem. The Internet isn't just large ISP's
(thank God). You're never going to get an incentive that appeals equally
across all types of businesses to comply. Some just don't have the
resources like you stated, to even document the allocations despite
being required to. If a company were to downsize and looked at someone's
job who SWIP'ed allocations or maintained WHOIS, the question would be
asked of what would happen if they stopped. In IPv6 land for the small
to medium ISP, the answer would be nothing as is illustrated by this
article. They would be let go by upper management that didn't know any
better, and the company would stop documenting even if they initially
did the right thing. Even if ARIN refunded 100% of the fees to networks
who properly documented everything and only charged those who were not
in compliance, you'd still find people not documenting because it costs
less to pay the fee than pay someone to manage that. Incentives are not
the solution. Congress should consider passing a law in the US if this
of that much concern. I'm unfamiliar with other jurisdiction's law
processes covered within the ARIN region, but from the US standpoint,
that's the only way I see something actually happening.

Technical problems are frequently solved best by technical solutions;
legal problems by legal solutions. This is a law enforcement problem and
I feel it should be properly solved by a legal solution, but I'm sure
someone will  be glad to oppose my stated opinion with their own. :) I'm
also sure a die hard technical advocate of some technology who is much
smarter than myself will illustrate just how technology can solve the
problem, so please prove me wrong so we don't need to rely on more
government "solutions". I beg of you! :)

-Vinny