Good report Vivek
I think it is always important to take any decision that may change the
way things are done with proper and real data when possible in order to
subsidize and take a more rational decision.
Regards
Fernando
On 21/01/2025 03:25, Vivek Nigam wrote:
Hi Anupam, all,
We provide access to APNIC Whois data for bulk download to
organisations that intend to use it for Internet operational or
technical research purposes. To get access, organizations need to
complete the acceptable use agreement and state how they plan to use
the data.
https://www.apnic.net/wp-content/uploads/2021/06/apnic-whois-agreement-update.pdf
Typically, we get these requests from cybersecurity companies,
research bodies, large ISP/IXPs, universities, law enforcement
agencies etc. Over 400 organizations have signed this agreement and
have access to this data.
We have not had any abuse reports that match these organisations. We
have had one case where we received multiple complains of marketing
emails from an APNIC Member organisation who were also registered
brokers. This resulted in APNIC terminating their agreement and
closing their account.
Our course of action is more limited when we receive evidence of whois
data abuse from non APNIC Member organisations, which make up vast
majority of these reports. In this case we issue an official warning
requesting the offenders to stop sending marketing emails. We have had
varying levels of success following up these reports. In some cases,
the offender acknowledged it was a mistake by their marketing team and
agreed to stop this practice. In most cases, they have argued that
they have got these email addresses from third-party database vendors,
or the emails were already registered in their platform to receive
marketing emails.
Hope this information helps.
Thanks
Vivek
*From: *Anupam Agrawal <[email protected]>
*Date: *Friday, 17 January 2025 at 8:56 PM
*To: *Mark Foster <[email protected]>
*Cc: *Philip Paeps <[email protected]>, Fernando Frediani
<[email protected]>, [email protected]
<[email protected]>
*Subject: *[sig-policy] Re: prop-162-v001: WHOIS Privacy
That's a good point Mark. Some information on the number of complaints
or the number of access requests/ agreements would be helpful.
Regards
________________________________________________________
Anupam Agrawal | India Internet Foundation - Chair | 91 905 170 3611
On Fri, Jan 17, 2025 at 9:20 AM Mark Foster <[email protected]> wrote:
Thanks Philip, I think that's an important point to remain savvy to.
I think it's important to go back to, what is the purpose for
which bulk access is provided, and whether the proposal interferes
with that purpose or not.
Noting the contents of the above and the assertion that folks
using information derived from bulk access will be prosecuted -
but no evidence of this actually occurring despite strong
indicators that whois information is being used for unsolicited
marketing (something which I can most certainly also report) ...
in the absence of seeing actual negative consequences to these
actors i'm comfortable with seeing information removed or
anonymised - and up until doing so detracts from the purpose for
which the bulk access is being provided, there's basically no
impact. (Regular whois not impacted - just bulk).
I support the proposal but the rider I would like to see on it, is
to challenge APNIC to revalidate the reasons it provides bulk
access, the assurance has that the database is being used for
legitimate purposes in compliance with the AUP, and its actions in
response to reports of abuse. Beyond that - if reducing the level
of detail in the bulk output has no negative impact, why not?
(Agree that network operators must be identifiable and reachable.
Changes only to the bulk scope won't prevent this, unless the bulk
view of the data is being used for that purpose. I suppose there
are legitimate services that might have bulk access agreements for
that purpose - I guess only APNIC can tell us if that's true.)
Regards
Mark.
On Tue, 14 Jan 2025 at 15:02, Philip Paeps <[email protected]> wrote:
On 2025-01-14 00:46:49 (+0800), Fernando Frediani wrote:
> Although I do understand the motivations to this proposal, I
normally
> don't like much this feel that may look obvious to many to
remove as
> much as contact data in order to not be bothered with
marketing and
> sales content due to the concern that make things more
difficult for
> legitimate need to get in touch for troubleshooting and
legal demands.
>
> If you are operating an Autonomous System and have
responsibilities
> over it you must be able to be easily contacted in order to
deal with
> the legitimate demands you commited when you became one, and
for that
> there will be some burden which if reasonable should be
accepted.
>
> I understand the proposal suggests removing it from the bulk
access,
> but it has not been clear how it will work and how easy it
will be for
> those with legitimate need to get these contact details, if
it will be
> with not human interaction or if someone will need to fill a
form and
> justify, etc ?
Note that "bulk access" in this policy proposal (as I read it
-- do
correct me if I'm wrong) specifically refers to this service:
https://www.apnic.net/manage-ip/using-whois/bulk-access/.
The overwhelming majority of network operators in the world do
not have
bulk data access agreements with APNIC and would therefore not be
affected in any way by this policy proposal.
Philip
_______________________________________________
SIG-policy - https://mailman.apnic.net/[email protected]/
To unsubscribe send an email to [email protected]
_______________________________________________
SIG-policy - https://mailman.apnic.net/[email protected]/
To unsubscribe send an email to [email protected]
_______________________________________________
SIG-policy - https://mailman.apnic.net/[email protected]/
To unsubscribe send an email to [email protected]
