Can a customer take IP's with them?

That's not a valid analogy. There are property rights conveyed properly at
every step of the way; the distributor who is contractually bound to sell
shrimp to you at $10 would be required, by your contract with him, to
acquire shrimp from an alternate source, one that didn't involve violating
contractual obligations, or else the shrimp distributor runs the risk of
being sued by you. Basically, there are other sources of shrimp. If the
distributor contracted himself into a corner where he's losing money
because he didn't have an "out" in the contract with you in the event you
leave LA, then he needs a new lawyer.

So instead, let me give you a valid analogy.

If you ran a museum, and you contracted for the use and display of an
artifact, and then somehow entered into a contract to sell somebody else
that artifact (even though you had no property rights), the original
contract supercedes the second contract. Additionally, because there is no
alternate source for the item in question (being an artifact and all), the
museum can't be forced to acquire the same item (potentially at a loss) to
complete the second contract; they would just have to return the money.

Basically, you cannot grant rights contractually that you do not have in
the first place. This is one of the easiest ways to have a contact or part
of a contract rendered void.

I'm no lawyer, but that doesn't mean I'm wrong

Andy

David Schwartz wrote:

[snip]

For instance, if what you say were true, all an ISP would have to do in
order to "sell" their IP space is to create a contract stating that they
are doing so.

  Exactly. If they did that, a court would likely enjoin them from making any
action to interfere with the customer's use of those IP addresses. A court
would likely find the contract binding upon the parties that entered into
it.

Hey, I've got a bridge I'd like to sell you.

If you ran a museum, and you contracted for the use and display of an
artifact, and then somehow entered into a contract to sell somebody else
that artifact (even though you had no property rights), the original
contract supercedes the second contract. Additionally, because there is no
alternate source for the item in question (being an artifact and all), the
museum can't be forced to acquire the same item (potentially at a loss) to
complete the second contract; they would just have to return the money.

  Your analogy is valid, it just doesn't show what you think it shows. A
court could certainly order the museum to provide the buyer the artifact to
the extent that they were able to do so. That's all the TRO is asking for.
The TRO doesn't say anything about property rights, it just asks to prevent
the ISP from interfering in their use of those IPs.

  DS

Not directed at anyone specifically, but has anyone noticed that on
these lists, people tend to focus on whether or not people's analogies
are correct, rather than trying to answer the original question?

Not that we've been arguing this point, but why should a judge feel
compelled to issue the TRO?

All NAC has to do is put forth an accepted industry solution for dealing
with emergency renumbering: 1-to-1 NAT. Offer a price to set this up, just
to demonstrate that the customer is quibbling over a very small amount of
money. Then, if possible, show how they can cause NAC irreperable harm if
they are allowed to announce part of your space.

Then, when NACs lawyers point out the ARIN policies (both regarding
property rights and regarding the customers obligations and requirements
under the contract signed when they accepted their PI space), there's
really no logical argument that can be seized upon by the judge to
demonstrate irreparable harm to the customer by being forced to give up
their IPs.

One thing that will definitely impact this particular case significantly:
the judge is going to seize upon the fact that the customer had plenty of
opportunity (1 year) to move from non-portable IP space to provider
independant IP space. That was the customer's express purpose of acquiring
the IP space from ARIN, as their request form will inherently attest to.
They were negligent to not implement a solution in that year, and since
the "irreparable harm" can be completely eliminated with an inexpensive
technical solution, there's no case (from where I sit).

Andy

Not directed at anyone specifically, but has anyone noticed that on
these lists, people tend to focus on whether or not people's analogies
are correct, rather than trying to answer the original question?

  So long as you continue to focus on the analogy as it relates to the
original question, rather than picking at aspects of the analogy that have
nothing to do with the original question, you're fine. Unfortunately, it's
very common to attack the analogy rather than show why the analogy doesn't
apply.

  In cases where we're dealing with things that have not been dealt with
before, analogy is a powerful tool of persusasion. I'm sure arguments like
"IP addresses are just like telephone numbers" has been used and will
continue to be used to argue that IP addresses must be portable to preserve
competition. In this case, it's perfectly reasonable to argue that they're
not alike because they are routed in very different ways but totally
unreasonable to argue that they are not alike because they differ in length.

  Analogy is formalized in law in the form of precedent. Lawyers will argue
that their case is exactly like some other case that was ruled in favor of
the litigant they analogize their client to. It's critical to be able to
distinguish your case from apparently similar cases when the ruling in the
apparently similar case isn't the one you want.

  This particular case isn't about ownership at all. It's about whether or
not the ISP can or cannot continue to allow the customer to use those IP
addresses. It's about what hardship will be placed on the customer if they
are not allowed to continue to use them against what hardship will be placed
on the ISP if they do.

  To get a TRO, you need to show two things. One is that the balance of the
hardships favors you. That is, that you will be more seriously hurt if you
don't get the TRO than the other side will be if you do. Unfortunately, it
will be hard to argue that in this case. It really doesn't hurt the ISP too
much if they allow their customer to continue using the IPs for, say, 6
months. At least, unless there's something very unusual about this case that
we don't know.

  Courts are not impressed usually with theoretical harm. The ARIN arguments
are just that. Theoretically, if everyone ported their IP space, we'd all be
harmed. However, there is no real harm in compelling the ISP to continue to
allow their customer to advertise the IP space for a few months. The
customer will argue that forcing them to renumber in less time will cause
them real harm. (This may or may not be true and a court may or may not find
the argument impressive. I'm just saying that trying to argue theoretical
harm due to principles will likely not work.) The court will likely look at
the harm imposed on the ISP for this one block.

  However, you also must always show that it is more likely that you will
prevail in your main claim than that you will not. No matter how much the
balance of hardships tips in your favor, you will not get a TRO if you
cannot show the court that you are quite likely to be found entitled to the
relief the TRO asks for if there were a full trial to determine such. We
don't know anything about the actual issues in dispute in this case, so we
can only speculate on this.

  I think courts will in general follow the contract between the ISP and the
customer. If the contract doesn't say, industry practice is (at least IMO
and experience) to allow the customer a reasonable period to renumber (3
months? 6 months?) unless the customer terminated the contract for no reason
at all. (If the ISP raised the price, then the renumbering period would
likely apply. If the customer just decided to end the contract when the ISP
would extend it at the same price, then no renumbering period applies since
the customer can continue to buy service through the renumbering period at
terms they already found reasonable.)

  Harder cases include when the ISP terminates the customer for cause or when
external situations change the ability of the customer to continue to use
the ISP's services.

  IANAL. It certainly wouldn't hurt to clearly state your expectations in
this regard in your contracts though. Don't rely on your contracts and
policies with ARIN to be enforceable against third parties.

  DS

Only one customer? There are a couple "consulting" firms in
particular around here that use arbitrary space on internal
networks. Sometimes a currently-dark IP block is configured, so
"it works for us". It gets annoying after a while.

The worst one I've seen so far is Ticketmaster... last month. If you want to
sell tickets through them and connect via the network, they require you to
have a private, backend connection to them and then require you to route
29.2.0.0/15, 29.4.0.0/15, and 29.6.0.0/16 via that connection. I could be
wrong, but somehow, I don't think that they are also known as or have received
addresses from:

  OrgName: DoD Network Information Center
  OrgID: DNIC
  Address: 7990 Science Applications Ct
  Address: M/S CV 50
  City: Vienna
  StateProv: VA
  PostalCode: 22183-7000
  Country: US
  NetRange: 29.0.0.0 - 29.255.255.255
  CIDR: 29.0.0.0/8
  NetName: MILX25-TEMP
  NetHandle: NET-29-0-0-0-1
  Parent:
  NetType: Direct Allocation
  Comment: Defense Information Systems Agency
  Comment: Washington, DC 20305-2000 US
  RegDate:
  Updated: 2002-10-07

The argument of "what if one of the DoD research groups on campus is trying to
connect to this space for classified work?" didn't work... especially given
that the blocks aren't in our BGP tables. Alas, my protests failed against
the might of our self-funding sports program.

Eric

Several third-party health payors, as well as a few HMOs and the like, do exactly this sort of thing with medical service providers. It makes hospital addressing, at times, rather interesting.

Some of them used the rationalization that if the space wasn't in the Internet routing table, it was more secure. To make it worse, a couple further expected you to address some of your hosts with their bogus address space, and then run transport-mode IPSec to them.

If you have never had a good sized hospital decide you are their new ISP (or network manager), it's good to find someone that will write prescriptions for legal drugs. On your first site visit, when you start discovering some of their addressing oddities, you will want to go to the pharmacy and get the scripts filled, to help you get through the day.

While newer applications, if anything, go overboard for security, some earlier medical applications, especially laboratory instrumentation, just send all their data to 255.255.255.255. I asked one of the programmers why they did that, and he said they didn't know if somebody might plug in a device that needed the data, so they didn't want to be bothered putting in support for it.

You will find there are now an assortment of security and privacy laws that the hospital has to support, HIPAA being the best known, but also 21CFR11 for clinical trials, DEA electronic prescribing of controlled substances, and COPPA for pediatric data. Unfortunately, no one has ever decided to harmonize the security requirements for the different mandates. If it helps put things in perspective, the legislation enabling recent extensive modifications and additions to HIPAA was titled the HIPAA Administrative Simplification Act. George Orwell would have loved it.

* Alex Rubenstein:

> b) customer is exercising the right not to renew the business agreement,
> and is leaving NAC voluntarily.

The customer probably has a different opinion on this particular
topic, doesn't he?

No. This is a clear situation where the customer has canceled his service
with us in writing.

If there's a contract dispute, it actually makes a lot of sense to
issue the order you quoted. There's no harm to you (or the Internet
as a whole) because the customer just appears to be another
multi-homed customer of yours, provided that the prefix that is
involved reaches a certain size. OTOH, if you were allowed to
reassign the IP address space while the dispute is being resolved,
this could severely harm the customer's business.

Of course, this setup can be just temporary. If you are ordered to
permanently give up that particular prefix, then you'll have reason to
complain.

I can't address all of the points you raise, but I can say the following:

a) NAC did not terminate the customers service in any respect. The
customer chose, on his own, to terminate their service with us. This fact
is undisputed. Also, NAC was willing to continue the customers service (we
were not forcing them out the door).

b) In regards to your passage, "because the customer just appears to be
another multi-homed customer of yours", this is a key point. The customer
*WILL NOT* be a customer of NAC any longer once they physically leave. The
key point here is that the customer has gotten a TRO, which allows them to
take the IP address space that is allocated to NAC with them, and NOT HAVE
ANY SERVICE FROM NAC. NAC WILL NOT BE ONE OF THE NETWORKS THAT THEY ARE
MULTIHOMED TO.

c) In regards to the tail-end of your mail, what you propose (the
temporary reassignment of space to an ex-customer) is in (as I intepret
ARIN policy) direct contradiction and violation of ARIN policy. If this
policy were to stand, what prevents cable modem users, or dialup users, or
webhosting customers, the right to ask to take their /32 with them?

Regards,

No. This is a clear situation where the customer has canceled his service
with us in writing.

Ok, important point.

b) In regards to your passage, "because the customer just appears to be
another multi-homed customer of yours", this is a key point. The customer
*WILL NOT* be a customer of NAC any longer once they physically leave. The
key point here is that the customer has gotten a TRO, which allows them to
take the IP address space that is allocated to NAC with them, and NOT HAVE
ANY SERVICE FROM NAC. NAC WILL NOT BE ONE OF THE NETWORKS THAT THEY ARE
MULTIHOMED TO.

This is ths real issue.

The restraining order forces you to deliver services to the (ex)customer.
Why? Because both the court and apparently the customer do not understand the
issue. So things like handing the IP space back to ARIN, assuming it was the
only customer on the /24 or you could renumber you other ones, would still be
a bad idea.

You can play a lot of technical games, but in general courts really dislike
technical games. They don't understand them, and consider it close to being
in contempt of the court.

So the best option you have left is put the ignorance's cost on the people
who deserve it.
Invoice ex-customer an exorbitant amount of money to keep the
infrastructure he needs for his IP's to remain working, *within* your
facility. Being under a restraining order doesn't mean you are not
entitled to be reimbursed of the costs of the result of such a restraining
order. Also, it is not your problem that he can't use his IPs once he
moves. He will need to pull a wire, and that happens to be very *very*
expensive with NAC, and even if he doesn't want to do business with NAC,
he can't use someone elses services. Send the bill. Ensure the payment
expires as soon as possible.

Then, even if you cannot disconenct the customer until a higher/sane court
looked at the matter, you are clearly showing good faith to the courts and
the customer, and might actually be awared those bills in a higher court.

And talk to the EFF (Cindy Cohn), they might have had similar cases or
jurispudence that matches this case closely. You might also want to talk to
Robin Gros (former EFF, now IP-Justice) since she might have had similar
cases happening when she was working at the EFF herself.

And yes, I would also put the restraining order verbatim on a website and
solicit comments on it publicly.

Paul

Alex,

I think one avenue of approach will be to see if ARIN would grant you
another contiguous block to replace not just what the customer got but the
entire block they have polluted.

If they will not, as I suspect, then you can show that the TRO while
upholding the status quo is causing you harm, since the space is not
something that can be replaced.

-vb

That's an unrealistic (exaggerated) end result if this case becomes
precedent. Among networks that filter incoming BGP routes, AFAIK, it's
common policy to ignore >/24 prefixes. Announcing /32 routes into
BGP would not give anywhere near the global reachability as doing the same
with /24 or shorter prefixes.

If the [ex-]customer is and remains multihomed (pretty likely if they got
PI space), this doesn't even change the size of the global routing table.
I assume we have their route now through NAC and some other provider. In
a few weeks, we'll still see their route through the other provider and
perhaps a new other provider.

I still don't agree with what they've done. If someone figures out the IP
block in question let me know. I suspect Alex can't post it without being
in violation of the TRO since he knows what we'll do with it.

Date: Tue, 29 Jun 2004 07:33:28 -0400
From: Vincent J. Bono

I think one avenue of approach will be to see if ARIN would
grant you another contiguous block to replace not just what
the customer got but the entire block they have polluted.

I thought of that, too. However, that would require NAC
renumbering an entire /17 because an ex-customer is too lazy to
renumber a /24.[*] If NAC's ex-customer thinks renumbering a /24
is excessive, what about something two orders of magnitude
larger?

[*] I'm assuming Sabri's lookups yielded a correct answer.

Eddy

Date: Tue, 29 Jun 2004 08:08:03 -0400 (EDT)
From: Jon Lewis

If someone figures out the IP block in question let me know.

I don't know the rogue netblock, but

  http://www.fixedorbit.com/cgi-bin/cgirange.exe?ASN=8001

may prove insightful. I believe there are people who track
announcements and withdrawals; BGP history probably would prove
insightful.

Eddy

More likely the block in question is being announced by different ASN or
announced as part of large NAC space and as such will not show up
directly on the above page.

I've suspicions this maybe Pegasus Web Technologies (AS25653), who are
probably largest NAC customer (at least based on how often their name is
seen when querying rwhois.nac.net) and who got direct ARIN ip block
69.57.160.0/19 right about year ago on 6-20-2003 (but before they already
had ip block 216.67.224.0/19 and afterwards they received 69.72.128.0/17
from ARIN in September 2003). In addition to all that they are using lots
of other blocks which are the ones directly from NAC space, since NAC is
using custom whois server, I can't quickly create exact list, but my
estimate it it maybe close to /18. They are probably just lazy to work on
moving out of that space, eventhough more then likely they promised to do
that two years ago or more when they got first direct ARIN block.

But I'm just speculating here, we'll not know for sure until we see large
chunk of NAC space announced from somewhere else without having even one
NAC transit route in any route server (and if its indeed comes 25653, then
my guess is right).

I have assigned the ARIN General Counsel, who is an experienced litigator,
the task to review and prepare the necessary filings to either intervene
formally in the New Jersey case, or as an amicus. ARIN will be striving to
educate the court to understand more accurately the legal and policy issues
involved.

Raymond A. Plzak
President & CEO

I would like to publicly applaud ARIN stepping up to the plate on this.

(Sorry for the AOL-ish post, but ARIN gets a lot of bad press here and I figure they deserve kudos when they Do The Right Thing.)