Dear SIG members,
Here is the Secretariat impact assessment for proposal “prop-162-v001: WHOIS
Privacy” and the same is also published at:
https://www.apnic.net/community/policy/proposals/prop-162/
The Secretariat notes that this proposal suggests removing member organization
contact details (email, telephone numbers, and physical addresses) from the
bulk WHOIS data, and the existing re-publishers of APNIC Whois data must remove
contact information as a condition for continued access to data.
Questions/Comments:
* To date, the Secretariat has not received any reports of Whois data abuse
relating to organizations that have signed the AUP to access bulk data.
According to our records, Hurricane Electric and RecordedFuture do not have
access to APNIC bulk Whois data.
* Over 400 organizations now have access to bulk Whois data. Around 70
unique logins have accessed bulk Whois data over the last 3 months.
* The current Whois data acceptable use agreement (AUA) does not
contemplate the revocation of access by the Secretariat. However, the
Secretariat can implement stronger terms and require accession to them for
continued access to the bulk Whois data. This would not address prior issues
but may help limit the impact going forward.
* The existing AUA does not contemplate a requirement to delete prior data
without evidence of misuse. As noted above with respect to access, APNIC can
remove ongoing access until such time as the re-publisher accedes to new terms.
Implementation:
This proposal may require changes to APNIC systems, internal policy,
procedures, and agreements. If this proposal reaches consensus, implementation
may be completed within three (3) months.
Regards,
Sunny
APNIC Secretariat
On 13/01/2025 2:02 pm, Bertrand Cherrier via SIG-policy wrote:
Dear SIG members,
A new proposal "prop-162-v001: WHOIS Privacy" has been sent to the Policy SIG
for review.
It will be presented at the Open Policy Meeting (OPM) at APNIC 59 on Wednesday,
26 February 2025.
https://conference.apnic.net/59/programme/programme/index.html#/day/8/
We invite you to review and comment on the proposal on the mailing list before
the OPM.
The comment period on the mailing list before the OPM is an important part of
the Policy Development Process (PDP). We encourage you to express your views on
the proposal:
- Do you support or oppose this proposal?
- Does this proposal solve a problem you are experiencing? If so,
tell the community about your situation.
- Do you see any disadvantages in this proposal?
- Is there anything in the proposal that is not clear?
- What changes could be made to this proposal to make it more effective?
Information about this proposal is appended below as well as available at:
http://www.apnic.net/policy/proposals/prop-162
Regards,
Bertrand, Shaila, and Ching-Heng
APNIC Policy SIG Chairs
-----------------------------------------------------------------------------------
prop-162-v001: WHOIS Privacy
-----------------------------------------------------------------------------------
Proposer:
Jonathan Brewer ([email protected]<mailto:[email protected]>)
1. Problem statement
-------------------------
Through permitted bulk access to APNIC whois, several organisations including
Hurricane Electric and RecordedFuture republish physical addresses, email
addresses, and telephone numbers of APNIC members.
These details are freely available on the web and available for mass harvesting
through the use of screen scraping technology. It is apparent that some third
parties have used this data in a manner contrary to the APNIC whois data
acceptable use agreement.
In the past three years organisations including the Number Resource Society
(Casablanca, Morocco), Unique IP Solutions (Faisalabad, Pakistan), Aileron IT
(Wisconsin, USA), and EarnheardData (details suppressed) have contacted my
organisation via details published exclusively in APNIC whois. None of these
contacts have been to do with a legitimate networking issue.
2. Objective of policy change
----------------------------------
This policy will eliminate the unnecessary publication of APNIC member
organisation contact details. People with a legitimate need for these contact
details can use a service directly provided by APNIC to obtain them.
3. Situation in other regions
--------------------------------
Unknown
4. Proposed policy solution
--------------------------------
APNIC should remove all email addresses, telephone numbers, and physical
addresses from any bulk WHOIS data, and should cause any existing re-publishers
of APNIC WHOIS data to remove this information from the Internet as a condition
for continued access to data.
5. Advantages / Disadvantages
------------------------------------
Advantages:
This should reduce future marketing calls to the NOC phone and marketing emails
to the noc email address.
Disadvantages:
None. The information will still be available via APNIC-controlled WHOIS
services which presumably are protected against illegitimate data harvesting.
6. Impact on resource holders
-----------------------------------
No impact on resource holders.
7. References
----------------
_______________________________________________
SIG-policy - https://mailman.apnic.net/[email protected]/
To unsubscribe send an email to
[email protected]<mailto:[email protected]>
--
I am sending this email at a time that suits me and the time zone I work in.
Please feel free to read, and act on or respond, at a time that suits you.
_______________________________________________________________________
Srinivas (Sunny) Chendi (he/him)
Senior Regional Advisor - Membership and Policy
Asia Pacific Network Information Centre (APNIC) | Tel: +61 7 3858 3100
PO Box 3646 South Brisbane, QLD 4101 Australia | Fax: +61 7 3858 3199
6 Cordelia Street, South Brisbane, QLD | http://www.apnic.net
_______________________________________________________________________
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
_______________________________________________
SIG-policy - https://mailman.apnic.net/[email protected]/
To unsubscribe send an email to [email protected]
