[AusNOG] Borrowed addresses, data retention, court orders etc.

[Ross Wheeler]

Presently a hypothetical question, but I'm sure it'll come up.

A friend of mine of a couple of decades runs an ISP in another state 
thousands of km from me. His business and mine are unrelated, have no 
common directors, funding, stakeholders etc. Ie, completely "unrelated 
parties" save that he and I are friends.

Some time ago, during a relocation, he needed some addresses, I just 
happened to have a /24 that I had recently moved services from and it was 
mostly "vacant" and was fairly easy for me to peel it out and lend it to 
him.

It's still in my name, assigned and "owned" by me, not him, although it is 
being advertised via his provider and delivered over his link(s) to 
service his servers and customers.

In time to come, if one of "his" users does something that "the 
authorities" have reason to want to delve into in more detail, and they 
know that a.b.c.d (being an address in my range "on loan to" him) is the 
address they're interested in... how does "an approved" party (be that a 
minister, a policeman, a court or whoever) go about determining who they 
ask/demand information from?

If they simply look up the apnic database and issue a "demand" to me, for 
example, I will have absolutely no way to give them the data. While I 
could refer them to my friend, have I got my neck in the noose here too?

R.