What does ARIN do?
ARIN is the regional Internet registry for Canada, the United States, and many Caribbean and North Atlantic islands. ARIN manages the distribution of Internet number resources, including IPv4 and IPv6 address space, and AS numbers. More specifically ARIN is tasked with the following:
- Providing services related to the technical coordination and management of Internet number resources in its service region;
- Participating in the global Internet community;
- Facilitating the development of policy decisions made by its members and any other interested Internet citizens.
Is ARIN a government agency with oversight?
No. Similar to Spamhaus, ARIN is a self-governing organization with no governmental oversight. Since ARIN’s creation in 1997 as a membership-based non-profit governed by a Board of Trustees and an Advisory Board, ARIN has not been or answered to a government agency and has had no external oversight.
How did that happen?
ARIN’s predecessor organization was the Internet Engineering Task Force (“IETF”), which was originally part of the State Department and thus under government oversight.
In 1993, the IETF moved out of the State Department and became part of the Internet Society, a non-profit that provides leadership in Internet-related standards, education, access, and policy in order “to promote the open development, evolution and use of the Internet for the benefit of all people throughout the world.” And in 1997, ARIN spun off from the IETF.
What does ARIN do if alleged fraud is reported?
I have become intensely curious about this process, since my company Micfo got tangled into a fraud investigation with ARIN. Per John Curran, ARIN’s CEO, in his March 2020 “Lightening Talk” at NANOG 78,
“I cannot emphasize enough why investigating fraud in the registry is of utmost importance – accurately and reliably maintaining registration information is core to ARIN’s mission. Number resource fraud threatens community trust in registry and reduces the value of the registry to those who rely on it for network operations.”John Curran, CEO of ARIN
Where’s the Burden of Proof?
While I wholeheartedly agree with Curran in the spirit of his talk, I have to wonder just what is ARIN’s vetting process with alleged fraud claims that come in via their automated email system? I mean… anybody with a grudge (like a former client who got into a contractual dispute ) could implicate their former vendor simply out of meanness and cause them a great deal of heartbreak and financial loss defending themselves. This is the Internet, after all. It wouldn’t be the first time somebody acted in bad faith online. Sad, but true, as we can all agree.
In these days where truth is a precious commodity online, shouldn’t the merits of the report itself be investigated thoroughly, instead of automatically taken at face value?
This brings to mind the concept of Burden of Proof that we American Citizens enjoy when it comes to our legal system. I have to wonder:
- Where’s the evidence being brought forward?
- Does ARIN correspond with the claimants reporting the alleged fraud to ask for evidence or basis to their claim?
- Is there any hard evidence necessary to trigger an investigation or merely filling up the “fraud claim” form is good enough?
- Are there any repercussions for false reports?
- What’s the procedure for conducting external research?
I’ll be covering this in much greater detail into my experiences and evidence connected with ARIN in the next months. It’s not to be missed!
Please scroll down to the comments below and share your point of view on this confusing situation. And again, thanks so much for your enthusiastic support! I don’t know how I could have made through all this without the love and support of my family and friends. This is the first step in our creating community around Helping Every Loving Parent (HELP) to spend time with their children. Every story is important.