Quan Zhou via 44Net 44net@mailman.ampr.org wrote:
Hi all, Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
Thank you for your rant.
## Background A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal. I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
- Has all previous assignment by WB6CYT been overruled? Or am I singled out?
Previous assignments by Brian (WB6CYT) have not generally been overruled. Brian took very seriously his duty to both make space available to real amateur radio operations and to deny space to opportunists trying to poach the space for commercial, personal, spam/malware or other purposes.
Many people requested assignments, and most of them received assignments. Those assignments are and were recorded in the ARDC portal, which was initially programmed by Chris (G1FEF), and operated and evolved by both Brian and Chris. The data in it was supplied by Brian, by net44 users who register to receive allocations, and by the volunteer regional coordinators who make allocations.
Any collection of detailed allocations too complicated to fit in one person's memory or on the back of an envelope needs a definitive register that provides the collective memory of all the past decisions. The portal was and remains that definitive register.
If your allocation is not in that register, then we'd need to figure out why it isn't. The ARDC Board has access to some of Brian's stored email, as well as backup dumps of the Portal databases, so we can do some searching among those if needed. So far, your rant did not mention the particular IP address allocations involved, so we have had little information to start from.
Most allocations are made via country-based and region-based volunteer coordinators, who all have portal accounts with permission to make sub-allocations in their region; Brian did not have to adjudicate most of these.
Apparently your allocation is from the China subnet, and apparently Brian was still handling those allocations. My guess is that he did not have a volunteer coordinator for China who both had sufficient experience and that Brian trusted to do the job well.
- What are the current rules on allocation now? A snapshot of the latest version of ToS is at: https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser... -- It does not requires personal information beyond ASN addresses.
The current rules on allocation have not changed. However, Brian is no longer with us to make decisions based on years of expertise. So anyone who would take over that job will make a number of mistakes as they gain similar expertise. Some of those mistakes will be in allocating addresses to requesters who don't deserve them. Some of the mistakes will be in denying addresses to requesters who do deserve them, or in demanding more scrutiny than is warranted when requests are made.
An allocation of 768 IP addresses, such as yours, which has considerable monetary value if used commercially, will naturally get more scrutiny than a typical request for a /29 that only has 8 addresses and can't be routed via BGP.
The Chinese agency that licenses amateur radio operators, the State Radio Regulation of China (http://www.srrc.org.cn) does not appear to provide an English-language portal for looking up amateur radio licenses. This currently makes it a more manual process to verify the license status of Chinese hams. See:
https://en.wikipedia.org/wiki/Amateur_radio_licensing_in_China
(I hope some 44net users from Asia will improve that Wikipedia page, which is still mostly a stub page.)
- What is G1FEF's role in the allocation, which are the rights that ARDC holds has been delegated to this guy along.
G1FEF has been informally trying to continue providing service to amateurs while the ARDC board and other volunteers scramble to pick up the work that Brian was doing during his lifetime.
ARDC and G1FEF have been negotiating a contract that would specify just what rights and powers ARDC would delegate to G1FEF, and which ARDC would retain for exercise by its board (and eventually by a hired staff, which we have been trying to hire the first person of). The first draft contract was full of legalese that one side or the other didn't like, and it also raised some more complex issues such as international privacy practices, so we are re-drafting, consulting lawyers, and continuing to negotiate.
- The holding-the-ID-in-a-photo-of-you practice is pretty common when dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
People who get legacy 44.x.y.z IP addresses from 44net don't have to get addresses from an LIR or RIR, so LIR/RIR practices don't provide any safeguard for 44net addresses.
Our previous policy, created and enforced by Brian, was not to demand such identity documents of everyone. But Brian did reserve the right to ask more questions and collect more information when he encountered a situation that he thought was questionable, and to use his own judgment in deciding whether to make an allocation. And he sometimes consulted with the board about how to resolve such situations.
- Is Chris Smith, G1FEF capable of handling sensitive personal data? He's handling data as natural person, or an legal entity that ARDC approves?
At the moment, as a natural person; he's a volunteer. One of the issues being negotiated in the draft contract, and with lawyers, is to what extent ARDC will collect sensitive personal data, how it would safeguard that data that it does collect, and to what extent ARDC will be subject to privacy controls such as the European GDPR. These issues have been handled informally up to the time that Brian died.
The current situation is that when Chris requests identification photos or documents, he examines them and then deletes them after approval.
- If there's another change, do anyone with a allocation has to go through the same process again?
Since we haven't defined any changes yet, we also haven't decided that issue.
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
It is fortunate that small, informal organizations still have room to operate in today's world, and can provide positive benefits to society. ARDC under Brian's leadership was such an organization; the board helped him around the edges, but he was our leader, and he also did most of the work. Now we have no leader experienced in exactly what Brian did. As organizations grow and become more formal, the world expects a degree of impartiality, predictability, and adherence to rules that reduces the flexibility of the informal processes.
Quan, you are simultaneously asking that you be given the benefit of an informal process that provided you with the allocation you claim, and yet also asking that we provide predictable rules and adhere to them, rather than continuing informally. There is clearly a tension between these extremes. The ARDC board (all volunteers) and the technical volunteers such as Chris and the regional coordinators are trying to chart a middle course. Thank you for your help in pointing out some of the implications of the choices we are trying to make.
It DOES seem to be your problem that the assignment wasn't added to the portal. If your assignment was in the portal, then your allocation would not be getting the scrutiny it is currently getting. As the wiki says in the "Requesting a block" page:
https://wiki.ampr.org/wiki/Requesting_a_block
"You must request an amprnet block direct from the Portal. First you must create your account at the Portal. Once you do, you must login..."
https://wiki.ampr.org/wiki/Announcing_your_allocation_directly
"Apply for your AMPRNet allocation via the Portal. Check the Direct box to indicate that your connection will be using a direct announcement of the subnet (via the BGP protocol).
"Upon verification and approval, the AMPRNet administrator will provide authorization to your ISP allowing them to announce your allocation."
If only one of your three /24 allocations is in the portal, then how did Brian, the very meticulous AMPRNet administrator end up providing you with a Letter of Authorization for the others?
Best Regards, Quan
Best regards back to you,
John Gilmore, W0GNU ARDC board member