An update on the AfriNIC situation

Fri Aug 27 20:27:00 UTC 2021

Bryan,

Legal dispute discussions are prohibited by NANOG’s AUP. Please help us keep this stuff out of the NANOG stream

-mel via cell

> On Aug 27, 2021, at 1:10 PM, Bryan Fields <Bryan at bryanfields.net> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> 
> People, can we at least quote properly?  I can't follow this at all.
> 
> I wish ARIN would stay out of this, it's not something that affects the ARIN
> region, and nothing said in this statement seems to refute any of the
> allegations against AFRINIC.  What it does seem to do is state Lu Heng/Cloud
> Innovation is a shady guy.  While this may be true, I'd expect a RIR to treat
> everyone the same, and that's the core of the legal complaint here.  I'd
> expect that for a court to freeze assets of AFRINIC there must be a very
> strong argument.
> 
> 
>> On 8/27/21 2:23 PM, John Curran wrote:
>> On 27 Aug 2021, at 12:50 PM, Owen DeLong via NANOG
>> <nanog at nanog.org<mailto:nanog at nanog.org>> wrote:
>> 
>> There are two sides to every story…
>> 
>> On Fri, 27 Aug 2021 at 09:44, Lu Heng
>> 
> <<mailto:h.lu at anytimechinese.com>h<mailto:jcurran at arin.net>.lu at anytimechinese.com<mailto:lu at anytimechinese.com>>
>> wrote:
>> 
>> Dear John:
>> 
>> The statements you made are very misleading.
>> 
>> Here are some clarifications:
>> 
>> Cloud Innovation is disputing AFRINIC’s claim that Cloud Innovation is in
>> breach of the agreement. Cloud Innovation maintains that we are a compliant
>> member.
>> 
>> 1. While I make no comment regarding the justification of our resources. we
>> have rights just like any other registrant to keep our justification
>> material confidential. We would like to share some public data here: Cloud
>> innovation accounts for 80% of all AFRINIC whois updates in 2021 to date
>> and in AFRINIC whois,  over 10  million (roughly 10% of all AFRINIC space)
>> IP addresses whois information has not been updated in more than 10 years.
>> 40million (roughly 40%) IP addresses have not been updated in more than 5
>> years. Have all of them been required to provide re-justification while
>> they don’t bother to update whois? 313 out of 1800 members have not made a
>> single assignment in their allocations more than a year after receiving.
>> 641 member registered show less than 50% utilization, while AFRINIC’s CPM
>> 5.5.1.9 requires at least 50% utilization. All of those member are in
>> violation, including several major telecoms. However according to one press
>> we saw, AFRINIC only audited 15 member and terminated 5 of them,  Cloud
>> Innovation being the most compliant member in terms of whois update and
>> utilization data provided to AFRINIC as data shows above.
>> 
>> Mr. Lu and/or Owen  - It is so nice to hear from you elaborate on your
>> extensive righteous behavior.  Perhaps you’ll indulge us a simple yes/no
>> question?
>> 
>> AFRINIC’s RSA contains the following statement -
>> 
>> (The Applicant Acknowledges…) that it is bestowed with an exclusive right
>> of use of those number resources within the ambit of the “need” which it
>> has justified in its application and for no other purpose during the
>> currency of the present agreement;
>> 
>> Is Cloud Innovation’s use of the blocks in question within the remit and
>> purpose for which they were originally justified?
>> 
>> 2. I did go to ARIN for resource, ARIN requested customer personal
>> information down to street names, personal address, all of which we do not
>> collect in our business from end users due to data privacy concerns. I have
>> mentioned in one of ARIN’s meeting and received a consistent answer that it
>> must be provided before the resources can be allocated. While I later
>> understood it is part of ARIN policy, I still believe that it is an unwise
>> policy which puts ARIN in possession of a large collection of personally
>> identifying information (PII). So abandoning our ARIN application for
>> resources after RIPE ran out, was a legitimate business decision and IMHO,
>> a morally correct one made in order to protect the privacy of our
>> customer’s. John's statement is misleading at best. John himself has
>> repeatedly stated that ARIN does not deny requests, but that applicant’s
>> often abandon requests when they are unwilling or unable to provide the
>> requested data. That’s exactly what happened here. Contrary to John’s
>> claim, that ARIN refused the application in question, the actual facts of
>> the matter are that Outside Heaven chose to abandon its request rather than
>> compromise the confidentiality of its customers and trust ARIN with such a
>> significant amount of customer PII.
>> 
>> You made an application, provided inconsistent data, and then did not
>> respond when asked provide sufficient details to satisfy reasonable due
>> diligence.   After not hearing back after repeated requests, ARIN denied
>> the request.
>> 
>> If you prefer to characterize it as “abandoning your application” then that
>> is fine.  It is consistent with everything I stated, including that ARIN
>> ultimately denied your request – and that such abandonment was in the face
>> of queries for additional information to clarify the inconsistencies in
>> your request.  We are generally able to get past these situations with the
>> vast majority of organizations with legitimate need for the address space
>> per ARIN policy, but I also acknowledge we cannot know how many of those
>> who did abandon were for non-qualification versus other reasons.
>> 
>> 5. Unless ARIN admits it has been given the justification submitted to
>> AFRINIC by Cloud Innovation in past years, we don't think it is within
>> ARIN’s mandate to comment whether it is being used for the same purpose or
>> not.  John, please clarify, have you  received the justification material
>> we submitted to AFRINIC? Do you have any inside knowledge about it? We
>> would be very keen to know if AFRINIC has disclosed our private data to a
>> third party in this process in violation of the very agreement they
>> (unjustly) accuse us of breaching.
>> 
>> I have no opinion regarding the justification submitted by Cloud
>> Innovation’s for number resources from AFRINIC, and have not seen it.
>> 
>> I _have_ asked a simple question of whether Cloud Innovation’s usage is
>> within the remit and purpose for which they were originally justified, and
>> I observe that this question has been asked repeated by many others in the
>> AFRINIC community.
>> 
>> This question does seem relevant to the dispute so please don’t be
>> surprised if you are asked it quite often until such is resolved...
>> 
>> Again – Is Cloud Innovation’s use of the blocks in question within the
>> remit and purpose for which they were originally justified?
>> 
>> 6. We find your discussion of the RIR stability fund most interesting…
>> Please correct us if we misunderstand, but our understanding is that the
>> fund requires the unanimous consent of all 5 RIR CEOs in order to be
>> utilized. As such, it appears you are attempting to mislead the community
>> by making a 20% promise as if it were a 100% assurance.
>> 
>> My statement reads -
>> 
>> If AFRINIC requests support in accordance with the Joint RIR Stability
>> Fund, ARIN will support such a request.  Furthermore, and without
>> reservation, ARIN stands by its unwavering commitment to support AFRINIC
>> and will take any and all measures necessary to ensure that neither the
>> African networking community, nor the global Internet number registry
>> system, is operationally impacted during this period. AFRINIC was formed
>> (and has accomplished so much) for the benefit of the African networking
>> community and ARIN stands with the community in dealing with those who seek
>> to disrupt or exploit it for their own benefit.
>> 
>> It’s fairly self-explanatory and of course pertains simply to ARIN’s
>> support for AFRINIC during this period.  If you did not take that away from
>> your reading, hopefully that is now clear.
>> 
>> For the above reasons, we think that Mr. Curran has not provided a balanced
>> or fully accurate representation of the facts to the ARIN community here
>> and we hope that the above clarification will help members of the community
>> come to a more fully informed opinion.
>> 
>> A vigorous discourse is a wonderful thing - I actually welcome your
>> clarifications as noted above (e.g. you prefer to characterize your ARIN
>> request as “abandoned” rather than it having been denied)
>> 
>> You apparently can clarify quite a bit when it suits you, but still fail to
>> respond to the most basic yes/no question - Is Cloud Innovation’s use of
>> the blocks in question within the remit and purpose for which they were
>> originally justified?
>> 
>> Finally, while we realize that this is inappropriate for PPML, as it does
>> not really touch on any ARIN policy discussion, we believe that Mr.
>> Curran’s post could not be allowed to stand without rebuttal. Since he
>> chose to make such a non-policy post to PPML, we felt that our posting of
>> the rebuttal here was justified.
>> 
>> Unless Mr. Curran or other ARIN staff member(s) choose to further engage on
>> this topic here, this will be our only post on the matter to this list. We
>> would also welcome the opportunity to take the discussion to a more
>> appropriate ARIN list if Mr. Curran prefers that alternative.
>> 
>> Excellent point.   I have taken the liberty of replying to Owen’s post here
>> on nanog for clarity, but also suggest we continue this on arin-ppml so as
>> to spare the NANOG community.
>> 
>> Best wishes, /John
>> 
>> John Curran President and CEO American Registry for Internet Numbers
>> 
>> 
>> 
>> 
> 
> 
> - -- 
> Bryan Fields
> 
> 727-409-1194 - Voice
> http://bryanfields.net
> -----BEGIN PGP SIGNATURE-----
> 
> iQIzBAEBCAAdFiEEaESdNosUjpjcN/JhYTmgYVLGkUAFAmEpRgwACgkQYTmgYVLG
> kUAhLg/7B82+gbK4YjMwENBKIoL+53vB/H5DVo4WFHmDekadrsD8NkD39MxYARfZ
> vfe4uQqKCEx5Oo1Cefh9oY9G9mAhVC0244afbIqGU7RH06WSWFOA5Xj7//dUvTgH
> Tqd+A1ehGop/LpJlKJhFBOj5hMc9AgXNXPadeXAlx0LEsgp0Q1K7PFjCu+6+q9Ed
> LMT9Yu5FNDlsvEq/+ErnHcoRRdHx/cESPpswnt5neb4Sjg8mBldglA/1VwGx4LGu
> lzAWapp0Jbn9F5G/9SuI6UowCu08Gk+zaVmu31Z2fs3PRpa3KniOTnNDF7MHgT33
> CK/awTaiNIPOJaK0ktXtBQmlwEfR4tkWHi15SdwvEBDX3y3OEfIdKc5Cm9DhoJhW
> 6JTlNFWmplL2HZpdIWiEVCu++21xsMEpJKeMPcfpVsxPkxAHdbikSQ0zK+8pBTye
> pehHaYqnhDbX2jER//+sfJ1cezrsXg+dZ0deNvB7HjrdnWvdKitpzv09Ap24iwzq
> u0wdEsuVn6bQT8LcSbXAigssaTyCOp84G2JlRpZ85/iAsQXawpEAn1ACBHi0tbXS
> RQ8ddRiINnJ1kzP3xqxVIBvlfo1PzQjXNwoOn5fE5w/qyuI78IyKHkWad6AyEuyB
> kEZdDl3VDcCRe4wdt8CQOxgiJfG0AkyPBipfJFdSy08ujZwpUIU=
> =Ohbp
> -----END PGP SIGNATURE-----