+1 this is a start to codify this.. OF course, given some patterns of
abuse, might be helpful to include some example whois listings which are
'problematic'..
On 2024-03-26 13:13, ARIN wrote:
On 21 March 2024, the ARIN Advisory Council (AC) accepted “ARIN-prop-329: WHOIS
Data Requirements Policy for Non-Personal Information” as a Draft Policy.
Draft Policy ARIN-2024-2 is below and can be found at:
https://www.arin.net/participate/policy/drafts/2024_2
You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate
the discussion to assess the conformance of this draft policy with ARIN's
Principles of Internet number resource policy as stated in the Policy
Development Process (PDP). Specifically, these principles are:
* Enabling Fair and Impartial Number Resource Administration
* Technically Sound
* Supported by the Community
The PDP can be found at:
https://www.arin.net/participate/policy/pdp/
Draft Policies and Proposals under discussion can be found at:
https://www.arin.net/participate/policy/drafts/
Regards,
Eddie Diego
Policy Analyst
American Registry for Internet Numbers (ARIN)
Draft Policy ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal
Information
Problem Statement:
ARIN’s mission includes maintaining and distributing registration information
about who holds Internet number resources (Internet Protocol (IP) addresses and
Autonomous System Numbers (ASNs)) in a public database referred to as Whois.
Whois provides network operators, technical troubleshooters, law enforcement,
researchers, and other interested parties with information about which
organization administers specific Internet number resources. Distributing this
non-personal information is very much in the public interest of proper
functioning of the Internet.
While ARIN continues to recognize the ongoing relevancy and importance for
publicly available WHOIS information in its control, ARIN must also take stock
of evolving regional developments pertaining to data privacy and the
cross-border sharing of personally identifying information (PII) which have led
to or could lead to redactions among similar WHOIS resources outside of ARIN’s
purview.
In light of such developments, it is important for ARIN to codify its WHOIS
data requirements and disclosure practices in a manner that is both a)
respectful of privacy rights pertaining to PII and b) cognizant of the value
non-PII data plays in the security of the Internet and the protection of the
general public.
Currently there are no ARIN policies that clearly define what organization and
associated point of contact information must be provided and registered in the
public Whois. This proposal attempts only to clarify and codify ARIN’s existing
practice regarding organization and contact data collection and display in
Whois.
Policy Statement:
3.8 Directory Service Records
Modify 3.8.1 to include the following sentence:
All organization registration records will be visible in the public Whois.
Add 3.8.2
3.8.2 Required Organization Record Information
The following information must be provided to ARIN to register an organization
record:
Org Name
Org Street Address, City, State and Zip code (or equivalent)
Org Country
Add 3.8.3 Point of Contact Record Creation
An organization may register designated Points of Contact to manage its
organization and resource registration records to include Administrative,
Technical, NOC and Abuse contacts. These Points of Contact shall be
representatives of the organization and any information provided to ARIN shall
be that contact’s associated organizational information and not personal data.
Point of Contact registration records will generally be visible in the public
Whois. Refer to NRPM 3.3 and NRPM 4.2.3.7.3.2 for exceptions to this general
rule.
Add 3.8.4 Required Point of Contact Record Information.
The following information must be provided to ARIN to register an organization
or resource Point of Contact:
Contact Name (this can be an individual representative of the company or a role
account)
Contact’s Organization Street Address, City, State and Zip code (or equivalent)
Contact’s Organization Phone Number
Contact’s Organization E-Mail Address
Contact’s Organization Country
Timetable: ASAP
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
