Dear Vivek, Thank you for the clarification.
I am quite hesitant about this proposal from what I have read so far. While there may be a few bad actors who may use the information and reach out to organisations, but we seem to be forgetting that most of the time it is used for legitimate purposes by law enforcement authorities from the region (and especially developing countries) or even end users/ customers as a way to contact the organisations for legitimate reasons and at times at critical situations. Regards, Amrita Regards Amrita On Tue, Jan 21, 2025 at 11:55 AM Vivek Nigam <[email protected]> wrote: > Hi Anupam, all, > > > > We provide access to APNIC Whois data for bulk download to organisations > that intend to use it for Internet operational or technical research > purposes. To get access, organizations need to complete the acceptable use > agreement and state how they plan to use the data. > > > > > https://www.apnic.net/wp-content/uploads/2021/06/apnic-whois-agreement-update.pdf > > > > Typically, we get these requests from cybersecurity companies, research > bodies, large ISP/IXPs, universities, law enforcement agencies etc. Over > 400 organizations have signed this agreement and have access to this data. > > > > We have not had any abuse reports that match these organisations. We have > had one case where we received multiple complains of marketing emails from > an APNIC Member organisation who were also registered brokers. This > resulted in APNIC terminating their agreement and closing their account. > > > > Our course of action is more limited when we receive evidence of whois > data abuse from non APNIC Member organisations, which make up vast majority > of these reports. In this case we issue an official warning requesting the > offenders to stop sending marketing emails. We have had varying levels of > success following up these reports. In some cases, the offender > acknowledged it was a mistake by their marketing team and agreed to stop > this practice. In most cases, they have argued that they have got these > email addresses from third-party database vendors, or the emails were > already registered in their platform to receive marketing emails. > > > > Hope this information helps. > > > > Thanks > > Vivek > > > > *From: *Anupam Agrawal <[email protected]> > *Date: *Friday, 17 January 2025 at 8:56 PM > *To: *Mark Foster <[email protected]> > *Cc: *Philip Paeps <[email protected]>, Fernando Frediani < > [email protected]>, [email protected] < > [email protected]> > *Subject: *[sig-policy] Re: prop-162-v001: WHOIS Privacy > > That's a good point Mark. Some information on the number of complaints or > the number of access requests/ agreements would be helpful. > > > > Regards > > ________________________________________________________ > > Anupam Agrawal | India Internet Foundation - Chair | 91 905 170 3611 > > > > > > On Fri, Jan 17, 2025 at 9:20 AM Mark Foster <[email protected]> wrote: > > Thanks Philip, I think that's an important point to remain savvy to. > > I think it's important to go back to, what is the purpose for which bulk > access is provided, and whether the proposal interferes with that purpose > or not. > > Noting the contents of the above and the assertion that folks using > information derived from bulk access will be prosecuted - but no evidence > of this actually occurring despite strong indicators that whois information > is being used for unsolicited marketing (something which I can most > certainly also report) ... in the absence of seeing actual negative > consequences to these actors i'm comfortable with seeing information > removed or anonymised - and up until doing so detracts from the purpose for > which the bulk access is being provided, there's basically no impact. > (Regular whois not impacted - just bulk). > > > > I support the proposal but the rider I would like to see on it, is to > challenge APNIC to revalidate the reasons it provides bulk access, the > assurance has that the database is being used for legitimate purposes in > compliance with the AUP, and its actions in response to reports of abuse. > Beyond that - if reducing the level of detail in the bulk output has no > negative impact, why not? (Agree that network operators must be > identifiable and reachable. Changes only to the bulk scope won't prevent > this, unless the bulk view of the data is being used for that purpose. I > suppose there are legitimate services that might have bulk access > agreements for that purpose - I guess only APNIC can tell us if that's > true.) > > > > Regards > Mark. > > > > On Tue, 14 Jan 2025 at 15:02, Philip Paeps <[email protected]> wrote: > > On 2025-01-14 00:46:49 (+0800), Fernando Frediani wrote: > > Although I do understand the motivations to this proposal, I normally > > don't like much this feel that may look obvious to many to remove as > > much as contact data in order to not be bothered with marketing and > > sales content due to the concern that make things more difficult for > > legitimate need to get in touch for troubleshooting and legal demands. > > > > If you are operating an Autonomous System and have responsibilities > > over it you must be able to be easily contacted in order to deal with > > the legitimate demands you commited when you became one, and for that > > there will be some burden which if reasonable should be accepted. > > > > I understand the proposal suggests removing it from the bulk access, > > but it has not been clear how it will work and how easy it will be for > > those with legitimate need to get these contact details, if it will be > > with not human interaction or if someone will need to fill a form and > > justify, etc ? > > Note that "bulk access" in this policy proposal (as I read it -- do > correct me if I'm wrong) specifically refers to this service: > https://www.apnic.net/manage-ip/using-whois/bulk-access/. > > The overwhelming majority of network operators in the world do not have > bulk data access agreements with APNIC and would therefore not be > affected in any way by this policy proposal. > > Philip > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] > > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] > > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] >
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
