Network World writes that IPv4 depletion is happening faster than expected and that a black market might form to allow companies who need IPv4 addresses to get them. ARIN's CIO Richard Jimmerson notes that the ARIN community has been proactive in addressing this, “providing at least limited address transfer opportunities to mitigate that problem.” (other RIRs have similar policies)
For me, the emergence of transfer markets always seemed inevitable. The most important, and least talked about, aspect of the policies creating those markets is highlighted by Jimmerson in the article:
“There may still be black market activity, but with this policy, it's more likely that people will transfer numbers out in the open,” says Jimmerson. “The important thing is that IPv4 registration records accurately identify the registrant who has authority over each allocation.”
If the RIR transfer policies result in registration records being cleaned up and maintained, to what use it will be put is going to be the major policy debate going forward. Obviously, the RIRs see it as necessary data for maintaining their inventory of critical internet identifiers. But LEAs, cybersecurity, IP, and national security interests are also chomping at the bit to leverage this data to fight cybercrime, copyright violations, and protect national interests.
Some of the RIR's leadership seem to be rightly worried about this. Just today, RIPE members Rob Blokzijl and Daniel Karrenberg have floated a discussion document to the RIPE community, “Principles for Number Resource Registration Policies.” It sets out the principles for IPv4 address registration after the unallocated pool of addresses has run out.
Specifically, they suggest what the registry operated by RIPE should not be. The registry “[does] not constitute a directory of ISPs, neither does it license ISPs.” Furthermore, “the registry is not the instrument to implement policies concerning access to, and routing over the Internet.”