ACSP Suggestion 2011.8: Suggested Changes to ARIN's Fraud Report
Suggestion
Author: Owen DeLong
Submitted On: 16 February 2011
Description:
When it comes to fraud reports, reporters want to know what happened with their reports. Personally, I think that is probably a good idea, at least to the level of emailing them the results that will get posted in the publicly visible summary and perhaps to the extent of periodically updating them to the level of “We are beginning the audit.” “We are analyzing the data provided”, “We have determined <conclusion>”. Again, nothing that wouldn’t be publicly in the summary report.
I think the summary report should be a little bit less vague about the actions taken. I know this is a bit of a tight-rope and has legal concerns, but, “Section 12 audit conducted” vs. “Section 12 audit conducted, compliance verified” or “Section 12 audit conducted, voluntary return of a /x restored compliance” or “Section 12 audit conducted, reclaimed a /y” is perfectly valid.
I would also suggest renaming the “Fraud” reporting process to the “Possible Policy Violation” reporting process.
Timeframe: Immediate
Status: Closed Updated: 01 March 2011
Tracking Information
ARIN Comment
01 March 2011
We understand and agree that the people submitting fraud reports to ARIN would like to have more detailed information regarding the outcome of their fraud reports, and the actions taken by staff. We have been closely monitoring the public discussion of the fraud reporting on ppml and have taken note of the suggestions made there. As the result of those discussions and your suggestions, staff will be making immediate changes to our fraud report follow up processes to include responding to fraud reporters with the actions taken by staff to remedy the fraud, and including more detailed information in the fraud report findings that we publish quarterly on our website.
ARIN will not be changing the title of the fraud reporting process to “Possible Policy Violations” reporting process. The fraud reporting process is targeted not at policy violations in general, but at deliberate actions taken to obtain resources or gain control of resources. Sometimes these actions are a direct violation of policy, and sometimes they aren’t. We don’t want people reporting every time a minor policy violation occurs without malicious intent - it just wouldn’t scale nor would it align with the intent of the fraud reporting process.