This was/is a big issue at every conference, where of course the focus is always placed on 'policing' agencies wanting to know who operates an IP Address, however the concept is a lot greater than that. And of course, there is a perception that even at the highest levels (the Board) there is a lot of pressure by hosting companies who want to accomodate the customers who wish anonymity. The fact is that an IP Address or domain is/are Public lookup , and if you want to have an IP address/domain that is available to the public, you should post some public identity. This is used for a lot more than simply policing. Eg, various reputation services, auditing systems, and legitimate network operators who need to be able to identify the operator.
Already, there are policies in place in theory to require this information; we already have tools and policies to do this, the problem that we hear is enforcement, and a mandate to take action during enforcement. There is a lot of finger pointing on this issue even amongst ARIN/ICANN officials and board members.
And far too many times we see abusive behavior from 'Privacy Protected' holders of Public information. Now, it can be that the line on how much information about the holder should be publicized, but the operator/organization information at least MUST be provided, and the upstream providers should have a way to validate this information.
And this has to be bigger than just ICANN/ARIN. We talk to operators who blatantly state that they do not collect information, and do NOT monitor activity on their networks, because they are concerned that if they 'know' about what is going on, they can be held responsible. Some protection must be given upstream providers, registrars etc, but on the basis they are diligent on getting information of the holders of public resources they assign.