Hi All, Thank you Sunny for the impact assessment. Re your questions/comments, I will address them inline:
On Fri, Feb 7, 2025, at 19:46, Sunny Chendi wrote: > > Questions/Comments: > • To date, the Secretariat has not received any reports of Whois data abuse > relating to organizations that have signed the AUP to access bulk data. > According to our records, Hurricane Electric and RecordedFuture do not have > access to APNIC bulk Whois data. In my problem statement I noted that both Hurricane Electric and RecordedFuture republish APNIC Whois data online. They are not the only organisations. Here's a set of four screenshots of APNIC Whois information republished online that includes the address, email, and telephone information that is the subject of this policy proposal: https://www.dropbox.com/scl/fi/zz24j27hna8pyppfnypco/Screenshot-2025-02-10-at-1.50.09-PM.png?rlkey=yrze4cb9guwnqbay0d5qpijnp&dl=0 https://www.dropbox.com/scl/fi/vovhkw8a0ovqkvabwpgdv/Screenshot-2025-02-10-at-1.51.05-PM.png?rlkey=k5yfug3nn0kw3u0t9glibebdy&dl=0 https://www.dropbox.com/scl/fi/dhnunuq9la8ybfw8xdkef/Screenshot-2025-02-10-at-1.51.49-PM.png?rlkey=l33gzhfhqe1lrdszx6imp6pw5&dl=0 https://www.dropbox.com/scl/fi/7in3u9jizz4q11s7ru754/Screenshot-2025-02-10-at-1.56.16-PM.png?rlkey=2morewx3adh76ooybr3a23zp6&dl=0 It could be that these sites all draw information from the APNIC WHOIS Database query service. prop-162-v002 addresses this possibility. > • Over 400 organizations now have access to bulk Whois data. Around 70 > unique logins have accessed bulk Whois data over the last 3 months. Is a list of organisations with bulk access available to APNIC members? If so I'd appreciate a link. > • The current Whois data acceptable use agreement (AUA) does not contemplate > the revocation of access by the Secretariat. However, the Secretariat can > implement stronger terms and require accession to them for continued access > to the bulk Whois data. This would not address prior issues but may help > limit the impact going forward. Noted. > • The existing AUA does not contemplate a requirement to delete prior data > without evidence of misuse. As noted above with respect to access, APNIC can > remove ongoing access until such time as the re-publisher accedes to new > terms. Noted. > Implementation: > > This proposal may require changes to APNIC systems, internal policy, > procedures, and agreements. If this proposal reaches consensus, > implementation may be completed within three (3) months. Noted. > > Regards, > Sunny > APNIC Secretariat Thank you again. Regards, Jon > > On 13/01/2025 2:02 pm, Bertrand Cherrier via SIG-policy wrote: >> Dear SIG members, >> >> A new proposal "prop-162-v001: WHOIS Privacy" has been sent to the Policy >> SIG for review. >> >> It will be presented at the Open Policy Meeting (OPM) at APNIC 59 on >> Wednesday, 26 February 2025. >> >> https://conference.apnic.net/59/programme/programme/index.html#/day/8/ >> >> We invite you to review and comment on the proposal on the mailing list >> before the OPM. >> >> The comment period on the mailing list before the OPM is an important part >> of the Policy Development Process (PDP). We encourage you to express your >> views on the proposal: >> >> - Do you support or oppose this proposal? >> - Does this proposal solve a problem you are experiencing? If so, >> tell the community about your situation. >> - Do you see any disadvantages in this proposal? >> - Is there anything in the proposal that is not clear? >> - What changes could be made to this proposal to make it more effective? >> >> Information about this proposal is appended below as well as available at: >> >> http://www.apnic.net/policy/proposals/prop-162 >> >> Regards, >> Bertrand, Shaila, and Ching-Heng >> APNIC Policy SIG Chairs >> >> ----------------------------------------------------------------------------------- >> >> prop-162-v001: WHOIS Privacy >> >> ----------------------------------------------------------------------------------- >> >> Proposer: >> Jonathan Brewer ([email protected]) >> >> >> 1. Problem statement >> ------------------------- >> Through permitted bulk access to APNIC whois, several organisations >> including Hurricane Electric and RecordedFuture republish physical >> addresses, email addresses, and telephone numbers of APNIC members. >> >> These details are freely available on the web and available for mass >> harvesting through the use of screen scraping technology. It is apparent >> that some third parties have used this data in a manner contrary to the >> APNIC whois data acceptable use agreement. >> >> In the past three years organisations including the Number Resource Society >> (Casablanca, Morocco), Unique IP Solutions (Faisalabad, Pakistan), Aileron >> IT (Wisconsin, USA), and EarnheardData (details suppressed) have contacted >> my organisation via details published exclusively in APNIC whois. None of >> these contacts have been to do with a legitimate networking issue. >> >> 2. Objective of policy change >> ---------------------------------- >> This policy will eliminate the unnecessary publication of APNIC member >> organisation contact details. People with a legitimate need for these >> contact details can use a service directly provided by APNIC to obtain them. >> >> 3. Situation in other regions >> -------------------------------- >> Unknown >> >> 4. Proposed policy solution >> -------------------------------- >> APNIC should remove all email addresses, telephone numbers, and physical >> addresses from any bulk WHOIS data, and should cause any existing >> re-publishers of APNIC WHOIS data to remove this information from the >> Internet as a condition for continued access to data. >> >> 5. Advantages / Disadvantages >> ------------------------------------ >> Advantages: >> This should reduce future marketing calls to the NOC phone and marketing >> emails to the noc email address. >> >> Disadvantages: >> None. The information will still be available via APNIC-controlled WHOIS >> services which presumably are protected against illegitimate data harvesting. >> >> 6. Impact on resource holders >> ----------------------------------- >> No impact on resource holders. >> >> 7. References >> ---------------- >> >> _______________________________________________ >> SIG-policy - https://mailman.apnic.net/[email protected]/ >> To unsubscribe send an email to [email protected] > > -- > > I am sending this email at a time that suits me and the time zone I work in. > Please feel free to read, and act on or respond, at a time that suits you. > > _______________________________________________________________________ > > Srinivas (Sunny) Chendi (he/him) > Senior Regional Advisor - Membership and Policy > > Asia Pacific Network Information Centre (APNIC) | Tel: +61 7 3858 3100 > PO Box 3646 South Brisbane, QLD 4101 Australia | Fax: +61 7 3858 3199 > 6 Cordelia Street, South Brisbane, QLD | http://www.apnic.net > _______________________________________________________________________ > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] https://jon.brewer.nz/
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
