Can a Customer take their IP's with them? (Court says yes!)

Michel Py michel at arneill-py.sacramento.ca.us
Tue Jun 29 04:48:53 UTC 2004


What about asking the police to check the judge for drug abuse? There's
more than enough evidence. Or argue that someone with an IQ below zero
should not be a judge, but this might fail as most of them are former
attorneys; I have more respect for common criminals than I have for most
attorneys: they share the same goal (getting all my money) but at least
the criminals don't BS me telling they're my friend.

My $0.02:

The most important part of all is to ask ARIN a written opinion on what
to do WRT complying with the TRO. Since you do _not_ own your own
netblocks (ARIN leases them you only as long as you're a good Shepard)
and ARIN might eventually take them away from you if you don't follow
their procedures, you don't want to put your entire business in jeopardy
by committing in writing to anything that violates the agreement you
have with ARIN. This alone is a good enough reason not to comply with
the TRO.

In short: drop the monkey on ARIN's back. The issue that non-portable
blocks are indeed non-portable is ARIN's to deal with, and partly why we
are giving money to them.

Misc:

a) If not already done, do pull the plug on the customer right away (no
amount of money is worth dealing with jerks that take you to court for
no reason).
b) _do_ announce the specific block routed to null0 (ARIN has delegated
this space to you, if you want to announce unallocated parts of it to a
blackhole it's nobody's business to tell you that you can't).
c) Ask your upstream to do b) explaining why, they might understand.
d) Contact people that blacklist blocks and get it blacklisted there.
e) Counter-sue the customer for frivolous lawsuit and anything else you
can find.

It might be useful to post details such as the legal documents and what
the actual address of the block in question is so we blacklist it. If
the situation is as you describe I think that lots of operators won't
have a problem blacklisting the block. When the jerk is out of business
because a) their block is blacklisted everywhere and b) nobody wants
their business and can't pay stupid attorneys anymore your problem is
solved.

Michel.


-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Alex Rubenstein
Sent: Monday, June 28, 2004 8:24 PM
To: nanog at nanog.org
Subject: Can a Customer take their IP's with them? (Court says yes!)



Please read -- this is lengthy, and important to the industry as a
whole.
We ask for, and solicit, comments, letters of support, etc., for our
position. We are looking for people to take a position on this, and come
forward, perhaps even to provide an affidavit or certification.
Something
along the lines of a 'friend of the court' brief, or even comments as to
why we are wrong.

Read on.

There has been a Temporary Restraining Order (TRO) issued by state court
that customers may take non-portable IP space with them when they leave
their provider. Important to realize: THIS TEMPORARY RESTRAINING ORDER
HAS
BEEN GRANTED, AND IS CURRENTLY IN EFFECT. THIS IS NOT SOMETHING THAT
COULD
HAPPEN, THIS IS SOMETHING THAT HAS HAPPENED. THERE IS AN ABILITY TO
DISSOLVE IT, AND THAT IS WHAT WE ARE TRYING TO DO.

This is a matter is of great importance to the entire Internet
community.
This type of precedent is very dangerous. If this ruling is upheld it
has
the potential to disrupt routing throughout the Internet, and change
practices of business for any Internet Service Provider.

In the TRO, the specific language that is enforced is as follows:

	"NAC shall permit CUSTOMER to continue utilization through any
carrier or carriers of CUSTOMER's choice of any IP addresses that were
utilized by, through or on behalf of CUSTOMER under the April 2003
Agreement during the term thereof (the "Prior CUSTOMER Addresses") and
shall not interfere in any way with the use of the Prior CUSTOMER
Addresses, including, but not limited to:

	(i) by reassignment of IP address space to any customer;
aggregation and/or BGP announcement modifications,

	(ii) by directly or indirectly causing the occurrence of
superseding or conflicting BGP Global Routing Table entries; filters
and/or access lists, and/or

	(iii) by directly or indirectly causing reduced prioritization
or
access to and/or from the Prior CUSTOMER Addresses, (c) provide CUSTOMER
with a Letter of Authorization (LOA) within seven (7) days of CUSTOMER's
written request for same to the email address/ticket system
(network at nac.net), and (d) permit announcement of the Prior CUSTOMER
Addresses to any carrier, IP transit or IP peering network."

We believe this order to be in direct violation of ARIN policy and the
standard contract that is signed by every entity that is given an
allocation of IP space. The ARIN contract strictly states that the IP
space is NOT property of the ISP and can not be sold or transferred. The
IP blocks in question in this case are very clearly defined as
non-portable space by ARIN.

Section 9 of ARIN's standard Service Agreement clearly states:

"9. NO PROPERTY RIGHTS. Applicant acknowledges and agrees that the
numbering resources are not property (real, personal or intellectual)
and
that Applicant shall not acquire any property rights in or to any
numbering resources by virtue of this Agreement or otherwise. Applicant
further agrees that it will not attempt, directly or indirectly, to
obtain
or assert any trademark, service mark, copyright or any other form of
property rights in any numbering resources in the United States or any
other country."

 [ Full ARIN agreement http://www.arin.net/library/agreements/rsa.pdf ]

Further, it is important to realize that this CUSTOMER has already
gotten
allocations from ARIN over 15 months ago, and has chosen not to renumber
out of NAC IP space. They have asserted that ARIN did not supply them
with
IP space fast enough to allow them to renumber. Since they have gotten
allocations from ARIN, we are confident they have signed ARIN's RSA as
well, and are aware of the above point (9).

If this ruling stands and a new precedent is set, any customer of any
carrier would be allowed to take their IP space with them when they
leave
just because it is not convenient for them to renumber. That could be a
single static IP address for a dial-up customer or many thousands of
addresses for a web hosting company. This could mean that if you want to
revoke the address space of a spammer customer, that the court could
allow
the customer to simply take the space with them and deny you as the
carrier (and ARIN) their rights to control the space as you (and ARIN)
see
fit.

REMEMBER, THE INTERNET USED TO BE BASED UPON PORTABLE IP SPACE, AND IS
NO
LONGER FOR SEVERAL TECHNICAL REASONS.

It is important to understand that this is not a situation where a
customer is being forced to leave on short notice. NAC has not revoked
the
IP space of the customer. This is a situation where a customer is
exercising their option not to renew their services and is leaving
voluntarily. In addition the customer in question was granted their own
IP
space OVER A YEAR AGO and simply chose not to renumber their entire
network. The key issue is that they want to take the space with them
AFTER
they leave NAC and are NO LONGER A CUSTOMER.

Why this TRO is bad for the Internet:

1. It undermines ARIN's entire contract and authority to assign IP
space.

2. It means that once IP addresses have been assigned / SWIP'ed to a
Customer that the Customer may now have the right to continued use of
those addresses even if the customer leaves the service of the Provider.
In other words the right of the Provider to maintain control and use of
the address space assigned to his network, is to now be subject to the
Customer going to a State Court and getting an Order to take such space
with them.  Instead of the Addresses being allocated by delegated
authority of the Department of Commerce and ARIN they become useable by
anyone who convinces a Judge that they have a need for the addresses.

It appears the Customer can keep the addresses for as long as it pleases
the State Court and as long as the Customer can judicially hijack the
space.

The tragic part of this is that the Court which issues the Order does
not
even have to hear expert testimony.  So the Court can issue such Order
without fully understanding the Internet Technology that is affected or
the havoc it could cause in National and International Communications.

3. Significant potential for routing havoc as pieces of non-portable
blocks of space are no longer controlled by the entity that has the
assignment from ARIN, but by the end user customer for as long as that
customer wants to use them. If the customer was causing a routing
problem
by improper routing confirmation the carrier would lose their authority
to
revoke or limit the use of the IP space to protect the stability of the
carrier's network. In other words, court-compelled LOAs are a 'bad
thing.'

4. Because the IP space is still assigned to the carrier, the carrier
would potentially be responsible to continue to respond to all SPAM and
hacking complaints, DMCA violations, and all other forms of abuse. All
of
this abuse responsibility and liability would continue with no recourse
to
revoke or limit IP space of that customer and no ability to receive
financial compensation for that task. This is not a theoretical problem,
in the case of this customer we have received numerous abuse complaints
throughout their history as a customer. While they have generally
resolved
these issues, it still is a real cost for us to handle. This is
something
that has the potential to create a massive burden for the carrier.

5. It would fundamentally change the long standing policy that the
carrier
that has the IP space assigned to them has the right to assign and
revoke
the IP space as it sees fit, and that the customer has no rights to the
IP
space other then the rights that the carrier gives them (through a
delegation from ARIN).

6. If the customer is being DDOSed, or attacked (perhaps they may
even instigate it purposely), and then stops announcing the more
specific routes, the attack when then flow to us, the innocent
bystander. Essentially, the customer could cause a DDOS for which I will
then be billed for. This type of thing has been known to happen in the
past (but not with this CUSTOMER).

As you can see, this TRO has widespread effects, and is something that
everyone in the industry could be affected by. If this precedent is set,
you will soon have everyone acting as if IP's are property, and
something
that they are entitled to. I ask for input from everyone in the
community
on this. We don't think we're crazy, but want to make sure.



More information about the NANOG mailing list