ACSP Suggestion 2011.8: Suggested Changes to ARIN's Fraud Report


Author: Owen DeLong   
Submitted On: 16 February 2011


When it comes to fraud reports, reporters want to know what happened with their reports. Personally, I think that is probably a good idea, at least to the level of emailing them the results that will get posted in the publicly visible summary and perhaps to the extent of periodically updating them to the level of “We are beginning the audit.” “We are analyzing the data provided”, “We have determined <conclusion>”. Again, nothing that wouldn’t be publicly in the summary report.

I think the summary report should be a little bit less vague about the actions taken. I know this is a bit of a tight-rope and has legal concerns, but, “Section 12 audit conducted” vs. “Section 12 audit conducted, compliance verified” or “Section 12 audit conducted, voluntary return of a /x restored compliance” or “Section 12 audit conducted, reclaimed a /y” is perfectly valid.

I would also suggest renaming the “Fraud” reporting process to the “Possible Policy Violation” reporting process.

Timeframe: Immediate

Status: Closed   Updated: 01 March 2011

Tracking Information

ARIN Comment

01 March 2011

We understand and agree that the people submitting fraud reports to ARIN would like to have more detailed information regarding the outcome of their fraud reports, and the actions taken by staff. We have been closely monitoring the public discussion of the fraud reporting on ppml and have taken note of the suggestions made there. As the result of those discussions and your suggestions, staff will be making immediate changes to our fraud report follow up processes to include responding to fraud reporters with the actions taken by staff to remedy the fraud, and including more detailed information in the fraud report findings that we publish quarterly on our website.

ARIN will not be changing the title of the fraud reporting process to “Possible Policy Violations” reporting process. The fraud reporting process is targeted not at policy violations in general, but at deliberate actions taken to obtain resources or gain control of resources. Sometimes these actions are a direct violation of policy, and sometimes they aren’t. We don’t want people reporting every time a minor policy violation occurs without malicious intent - it just wouldn’t scale nor would it align with the intent of the fraud reporting process.