Hello Ronald,
the RIPE NCC Legal team explained the changes necessary to Whois in order to
comply with the GDPR in a RIPE Labs article in May 2018:
https://labs.ripe.net/Members/maria_stafyla/how-were-implementing-the-gdpr-amendments-to-the-ripe-database
The two changes we recently implemented were:
(1) Do not include personal data in historical queries (notify, e-mail, address
attributes).
Refer to the section titled "Contact Details of Resource Holders/Natural
Persons" in the Labs article:
"Holders of Internet number resources may be either natural or legal
persons. Currently, the RIPE Database returns all contact details of resource
holders, including historical resource holders.
As in the above examples, returning the historical contact details of
resource holders that are natural persons cannot be considered as in line with
the purpose of the RIPE Database and therefore, not in line with the data
protection restrictions.
While aiming to strike a balance between the interests of the RIPE
community in having access to historical information about resource holders
(e.g. to help investigate how past network outages were resolved, spamming,
DDoS attacks, etc.) and the legal obligation to comply with the data protection
regime, we believe it is necessary to filter out the contact details of
historical resource holders.
Following internal discussions as to how this could be implemented
efficiently from an operational perspective, we believe that the results to
historical queries can be brought into alignment with the rules applied when
the RIPE Database is provided via FTP files. By this, attributes that may
contain personal data will be filtered out, such as “address”, “notify”,
“e-mail”.
We believe that this solution will serve to adequately provide
historical information of Internet number resource registrations, while taking
into account the restrictions placed on us with regards to personal data
processing."
(2) Do not include person/role references in historical queries (admin-c,
tech-c, ping-hdl, zone-c).
Refer to the section titled "NIC Handles" in the Labs article:
"Historical queries still return references to NIC handles of
historical role and person objects.
Every person and role object is identified by a NIC handle.
Historically, NIC handles were available to be reused as soon as an object was
deleted. Many NIC handles have been used and reused by several different
people. In 2009, a new rule was introduced to the RIPE Database which meant
that if a person object was deleted, it was not possible to create another
person object with the same NIC handle.
With regards to historical queries, if a historical person and/or role
object exists in the RIPE Database, a user will be able to identify the
relevant individual that was previously the contact person responsible for the
administration or technical maintenance of specific Internet number resources
and networks. Since it was possible to reuse NIC handles up until 2009, it is
also not certain that the NIC handle refers to the person or contact that was
using that NIC handle in the historical reference.
This is not in line with the data protection legislation, nor is it
justified by the purposes for making personal data publicly available in the
RIPE Database that were previously identified (i.e. “facilitating coordination
between network operators (for network problem resolution, outage notification
etc.”))"
I hope the Labs article clarifies why we made these changes.
Regards
Ed
> On 7 Oct 2019, at 21:27, Ronald F. Guilmette via db-wg <[email protected]> wrote:
>
> In message <[email protected]>,
> Edward Shryane <[email protected]> wrote:
>
>> We implemented and deployed the changes below for GDPR compliance as
>> part of Whois 1.95.1, on the 18th September:
>>
>> https://www.ripe.net/manage-ips-and-asns/db/release-notes/ripe-database-release-1.95
>
> Could you please provide some additional and detailed clarity on exactly
> what will and what won't henceforth be hidden?
>
> Neither the page you referenced nor the RIPE 76 presentation slides
> perovide any real clarity about what has changed, exactly, much less
> how, or whether the needs of legitimate historical research were taken
> into account when deciding on the implementation specifics.
>
> There is obviously a great desire, in some quarters, at least, to hide
> everyhing as much as possible. This applies to both governments and to
> quasi-governmental organizations such as the five RIRs. To the extent
> that this is motivated by legitimate privacy concerns, as promoted by
> GDPR, this is reasonable and desirable. To the extent that this is
> motivated by a desire to mask malfeasance it is not. The devil is in
> the details.
>
> Is access to historical person and role informtaion being totally wiped
> out entirely, or are the fine details that some would consider private
> and personal information merely being elided? The latter is justifiable,
> under GDPR, and based upon a reasoanble concern for the privacy of the
> individual. The wholesale "disappearing" of history is however not
> justifiable.
>
> If the name of a person, the final four digits of the person's phone number
> and the <<userID>> part of a person's exact email address are elided,
> then this is both eminently reasonable and arguably required under GDPR.
> Anything beyond that becomes reminicent of Winston Smith, cutting and
> pasting old newspaper stories in order to adjust history in accordance
> with the preferences of The Party.
>
>
> Regards,
> rfg
>
