Dear SIG members, Here is the Secretariat impact analysis for proposal “prop-162-v003: WHOIS Privacy” and the same is also published at: https://www.apnic.net/community/policy/proposals/prop-162/RegardsDave Phelanon Behalf of APNIC Secretariat 1. APNIC’s Understanding of the Proposed Policy This Proposed Policy refers to bulk access to WHOIS data as a "Service" rather than a "Policy", and there is no mention of this Service in the "APNIC Internet Number Resource Policies (apnic-127)”. The Proposed Policy suggests eliminating the unnecessary publication of APNIC Resource Holder organization contact details (email addresses, telephone numbers, and physical addresses) from any bulk access to WHOIS data. People with a legitimate need for these contact details can use the WHOIS search facilities (website/WHOIS/RDAP) provided by APNIC. References:Bulk access to WHOIS data Acceptable Use Policy (AUP) APNIC WHOIS data acceptable use agreement 2. Impact of Proposed Policy on Registry and Addressing System No Impact expected 3. Impact of Proposed Policy on APNIC Operation/Services The Secretariat would like to highlight a section of the text for clarification from the author:
Section 4 Mentions “APNIC should cause any existing bulk users of APNIC WHOIS data to remove the Contact Information from their own systems and from the Internet.” APNIC will have limited ability to monitor with respect to previously downloaded and/or published WHOIS data unless a clear breach of the AUA has occurred and it can be tied to a specific party. As NRTM(Near Real-Time Mirroring) data already filters this information, adding filtering to the WHOIS is a minimal task 4. Legal Impact of Policy No legal issues identified with the removal of the contact information from Org, IRT, and role objects, however, desc/remarks fields within the inetnum/inet6num fields will remain visible if they contain such contact information. Access to WHOIS data: The current WHOIS data acceptable use agreement (AUA) does not contemplate the revocation of access by APNIC. However, APNIC can implement stronger terms and require accession to them for continued access to the bulk WHOIS data. This would not address prior issues, but may help limit the impact going forward. Removal of published contact information: The existing AUA does not contemplate a requirement to delete prior data without evidence of misuse. As noted above with respect to access, APNIC can remove ongoing access until such time as the re-publisher accedes to new terms. 5. Implementation There is a Medium impact on Software teams, and High impact on The legal team Updates to WHOIS Data Acceptable use agreement (AUA) apnic-091 In accordance with the current Editorial Policy, all documents with a "document-ref" number must comply with the 4-week call for Editorial comments for any updates. Automatic removal after set time period (requires entering into AUA again, interval to be determined) Revocation of access to Bulk WHOIS data for current existing users Implementation of improved system to record acceptance of new terms for each entity and ensure contact/entity details remain current and accurate (assisted with requirement to renew periodically). Filtering the Data Set for Bulk WHOIS consumption If this proposal reaches consensus, implementation time frame would be approximately 4 months subject to the call for editorial comments period.
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
