Hello all, In the first instance, thank you Satoru for bringing comments from 14 members of the Japanese community.
Koki is correct, v002 of the proposal has changed scope from Bulk WHOIS to public access WHOIS. This change was in response to feedback from multiple members of the community. The intent of the proposal is to limit access to Contact Information to parties with a legitimate need for access to the data, and to make automated harvesting of the Contact Information impossible for any party without a bulk access agreement. Any party with such an agreement would then be prohibited from re-publishing the Contact Information. For "Police, lawyers, and other professionals use whois for criminal investigations and other purposes", as Satoru suggests, v002 of the proposal would require them to sign up for a free APNIC login, and log into the APNIC website when they want obtain addresses, telephone numbers, or email addresses for resource holders. It's my belief that this is not a undue burden. It does not restrict the information from users who may need it, but it makes it very difficult to abuse access to the data in an automated fashion. I would appreciate understanding if opposition from the 14 members of the Japanese community is focused on the intent of the proposal, or the mechanics. If opposition is focused on the mechanics, I would appreciate suggestions on other ways we could achieve the intent. Regards, Jon On Wed, Feb 19, 2025, at 09:55, Koki Nakagawa wrote: > Hello Christopher, > > This is Koki from JPOPF attendee. > > v002 change word " Bulk WHOIS" to "public access WHOIS". > I think this mean to affect to all whois data from this policy change, > > Proposal show that you can access contact data from My APNIC or authenticated > API. > If Other RIRs memeber or NIR member and stakeholder who not contracted with > APNIC > need to use authenticated API. > > This way, Some stakeholder feel hard to say "public open access" , I think. > If not to change can not access by https://whois.apnic.net, thats good. > > If misunderstanding, please correct me. > > Sincerely Regards, > > Koki Nakagawa > > On 2025/02/19 9:53, Christopher Hawker wrote: > > Hello Satoru, > > > > [Speaking for myself and based on my own observations, and not that of the > > proposal author.] > > > > I believe there has been a fundamental misunderstanding of the proposal. > > The proposal does not discuss the complete removal of all contact > > information from the Whois system, rather *it only discusses the removal of > > contact information from bulk Whois data*. People will still be able to go > > to https://whois.apnic.net <https://whois.apnic.net> and lookup contact > > information for INRs where required, if there's a need to contact the > > network operator. Therefore, the examples you've provided will still be > > able to access the contact information that they may require, they just > > won't be able to download it in bulk. I agree with this, as the primary > > purpose for contact information is for network operators to be able to > > contact each other should there be a need. There's no technical requirement > > for bulk data to contain contact information. > > > > If there's a legitimate business case for bulk contact info I'm happy to > > hear about it. > > > > Regards, > > Christopher Hawker > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > *From:* Tsurumaki, Satoru <[email protected]> > > *Sent:* Wednesday, February 19, 2025 11:09 AM > > *To:* [email protected] <[email protected]> > > *Subject:* [sig-policy] Re: New version : prop-162: WHOIS Privacy v002 > > Dear Colleagues, > > > > I am Satoru Tsurumaki from the Japan Open Policy Forum Steering Team. > > > > On February 12, we held a meeting to discuss prop-162. Based on this > > discussion, I would like to share key feedback from our community. > > While this feedback is sent on my behalf, it summarizes the opinions > > of the 14 Japanese community members who attended the meeting. > > > > Many participants expressed serious concerns and strong opposition to > > removing contact information from public whois access. > > > > There is an opinion that the discussion of which information to > > disclose to the user with what qualification have long been done in > > ICANN for gTLD policy hence it may need a substantial community-wide > > discussion to carefully design that. > > > > (comment details) > > - There is a major concern that whois will no longer serve its > > original purpose of helping internet operations by providing contact > > information. > > > > - Police, lawyers, and other professionals use whois for criminal > > investigations and other purposes. However, it is unrealistic to > > expect all such organizations worldwide to sign individual contracts > > to access this information. > > > > - The removal of contact information from whois should be discussed > > with all potentially affected stakeholders. > > > > > > Regards, > > > > Satoru Tsurumaki > > JPOPF Steeling Team > > > > 2025年2月10日(月) 9:17 Bertrand Cherrier via SIG-policy > > <[email protected]>: > >> > >> Dear SIG members, > >> > >> A new version of the proposal "prop-162: WHOIS Privacy" has been sent to > >> the Policy SIG for review. > >> > >> It will be presented at the Open Policy Meeting (OPM) at APNIC 59 on > >> Wednesday, 26 February 2025. > >> > >> https://conference.apnic.net/59/programme/programme/index.html#/day/8/ > >> <https://conference.apnic.net/59/programme/programme/index.html#/day/8/> > >> > >> We invite you to review and comment on the proposal on the mailing list > >> before the OPM. > >> > >> The comment period on the mailing list before the OPM is an important > >> part of the Policy Development Process (PDP). We encourage you to > >> express your views on the proposal: > >> > >> - Do you support or oppose this proposal? > >> - Does this proposal solve a problem you are experiencing? If so, > >> tell the community about your situation. > >> - Do you see any disadvantages in this proposal? > >> - Is there anything in the proposal that is not clear? > >> - What changes could be made to this proposal to make it more effective? > >> > >> Information about this proposal is appended below as well as available at: > >> > >> http://www.apnic.net/policy/proposals/prop-162 > >> <http://www.apnic.net/policy/proposals/prop-162> > >> > >> Regards, > >> Bertrand, Shaila, and Ching-Heng > >> APNIC Policy SIG Chairs > >> > >> > >> ----------------------------------------------------------------------------------- > >> > >> prop-162-v002: WHOIS Privacy > >> > >> ----------------------------------------------------------------------------------- > >> > >> Proposer: > >> Jonathan Brewer ([email protected]) > >> > >> > >> 1. Problem statement > >> ------------------------- > >> More than 400 organisations around the world have bulk access to APNIC's > >> WHOIS data and may download the complete data set as required. > >> Cybersecurity companies, ISPs, universities, researchers, and law > >> enforcement agencies are amongst those with access. > >> > >> Several organisations including Hurricane Electric and RecordedFuture > >> republish this data as part of their applications and online systems, > >> including physical addresses, email addresses, and telephone numbers of > >> APNIC members. > >> > >> These contact details are freely available on the web and available for > >> mass harvesting through the use of screen scraping technology. It is > >> apparent that some third parties have used this data in a manner > >> contrary to the APNIC whois data acceptable use agreement. > >> > >> In the past three years organisations including the Number Resource > >> Society (Casablanca, Morocco), Unique IP Solutions (Faisalabad, > >> Pakistan), Aileron IT (Wisconsin, USA), Cogent Communications > >> (Washington DC, USA) and EarnheardData (details suppressed) have > >> contacted APNIC members via details published exclusively in APNIC > >> WHOIS. None of these contacts have been to do with legitimate networking > >> issues. > >> > >> > >> 2. Objective of policy change > >> ---------------------------------- > >> This policy will eliminate the unnecessary distribution and retention of > >> APNIC member organisation contact information by third parties. APNIC > >> systems will become the only source of obtaining address, phone, fax-no, > >> e-mail, and notify data for APNIC members. > >> > >> This policy change will not prevent APNIC members or other authorised > >> users of APNIC WHOIS from obtaining contact information for network > >> resources in either ad-hoc or automated queries. > >> > >> > >> 3. Situation in other regions > >> -------------------------------- > >> I have not found evidence that other RIRs limit access to contact > >> details. Multiple ccTLDs have implemented WHOIS privacy for domain > >> names, including Australia [1] and Germany [2]. > >> > >> > >> 4. Proposed policy solution > >> -------------------------------- > >> APNIC should remove address, phone, fax-no, e-mail, and notify fields > >> (the Contact Information) from Org, IRT, abuse-c and role objects from > >> public access WHOIS. > >> > >> Responses to unauthenticated API queries should no longer display the > >> Contact Information. > >> > >> The Contact Information should be removed from the dataset distributed > >> to bulk consumers. > >> > >> APNIC should cause any existing bulk users of APNIC WHOIS data to remove > >> the Contact Information from their own systems and from the Internet. > >> > >> MyAPNIC and authenticated API access should be the only way of obtaining > >> the Contact Information of APNIC users. > >> > >> APNIC should publish a list of all authenticated API users with access > >> to the Contact Information. APNIC should publish statistics on requests > >> for the Contact Information by requestor. > >> > >> > >> 5. Advantages / Disadvantages > >> ------------------------------------ > >> Advantages: > >> This should enhance privacy and data sovereignty, while reducing > >> nuisance contacts. > >> > >> Disadvantages: > >> None. The information will still be available via APNIC-controlled WHOIS > >> services which presumably are protected against illegitimate data > >> harvesting. > >> > >> 6. Impact on resource holders > >> ----------------------------------- > >> No impact on resource holders. > >> > >> 7. References > >> ---------------- > >> [1] > >> https://www.domainregistration.com.au/infocentre/info-private-registration.php > >> > >> <https://www.domainregistration.com.au/infocentre/info-private-registration.php> > >> [2] > >> https://www.denic.de/en/whats-new/press-releases/article/extensive-innovations-planned-for-denic-whois-domain-query-proactive-approach-for-data-economy-and/ > >> > >> <https://www.denic.de/en/whats-new/press-releases/article/extensive-innovations-planned-for-denic-whois-domain-query-proactive-approach-for-data-economy-and/> > >> _______________________________________________ > >> SIG-policy - https://mailman.apnic.net/[email protected]/ > >> <https://mailman.apnic.net/[email protected]/> > >> To unsubscribe send an email to [email protected] > > > > > > > > -- > > -- > > Satoru Tsurumaki > > BBIX, Inc > > _______________________________________________ > > SIG-policy - https://mailman.apnic.net/[email protected]/ > > <https://mailman.apnic.net/[email protected]/> > > To unsubscribe send an email to [email protected] > > > > _______________________________________________ > > SIG-policy - https://mailman.apnic.net/[email protected]/ > > To unsubscribe send an email to [email protected] > > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] https://jon.brewer.nz/
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
