Dear Colleagues, I am Satoru Tsurumaki from Japan Open Policy Forum Steering Team.
I would like to share key feedback in our community for prop-162, based on a meeting we organized on 25th Aug to discuss these proposals. This feedback is sent on my behalf, but please note that it is a summary of the discussions among the 7 Japanese community members who attended the meeting. Almost neutral opinions were expressed from the attendees about this proposal. (comment details) - The previous proposal sought to remove contact information from all WHOIS/RDAP records, whereas this proposal concerns only the Bulk Access dataset. I would like to understand the intent behind this change. - APNIC's WHOIS mirrors organization names and contact details from JPNIC-managed WHOIS information. As this information is registered in the "Description" field of the APNIC WHOIS, We need to consideration regarding the mirroring method or data set with the NIR, including whether adjustments are necessary if this proposal will be consensus - Without knowing who is granted Bulk Access and for what purposes it is used, the impact of this proposal cannot be assessed, making it impossible to judge its merits. Regards, Satoru Tsurumaki JPOPF Steering Team 2025年6月27日(金) 14:44 Shaila Sharmin <[email protected]>: > > Dear SIG members, > > A new version of the proposal "prop-162-v003: WHOIS Privacy" > has been sent to the Policy SIG for review. > > Information about earlier versions is available from: > > http://www.apnic.net/policy/proposals/prop-162 > > You are encouraged to express your views on the proposal: > > - Do you support or oppose the proposal? > - Is there anything in the proposal that is not clear? > - What changes could be made to this proposal to make it more effective? > > Please find the text of the proposal below. > > Regards, > Bertrand, Shaila, and Ching-Heng > APNIC Policy SIG Chairs > > > ----------------------------------------------------------------------------------- > > prop-162-v003: WHOIS Privacy > > ----------------------------------------------------------------------------------- > > Proposer: > Jonathan Brewer ([email protected]) > > > 1. Problem statement > -------------------- > More than 400 organisations around the world have bulk access to APNIC's > WHOIS data and may download the complete data set as required. > Cybersecurity companies, ISPs, universities, researchers, and law > enforcement agencies are amongst those with access. > > Although APNIC does not have evidence of abuse of the data by parties > with current bulk access agreements, it's evident to many members of the > community that APNIC WHOIS contact data is being misused. > > In the past three years organisations including the Number Resource > Society (Casablanca, Morocco), Unique IP Solutions (Faisalabad, > Pakistan), Aileron IT (Wisconsin, USA), Cogent Communications > (Washington DC, USA) and EarnheardData (details suppressed) have > contacted APNIC members via details published exclusively in APNIC > WHOIS. None of these contacts have been to do with legitimate networking > issues. > > > 2. Objective of policy change > ----------------------------- > This policy will eliminate the unnecessary distribution and retention of > APNIC member organisation contact information by third parties. APNIC > systems will become the only source of obtaining address, phone, fax-no, > e-mail, and notify data for APNIC members. > > This policy change will not prevent APNIC members or other authorised > users of APNIC WHOIS from obtaining contact information for network > resources in either ad-hoc or automated queries. > > 3. Situation in other regions > ----------------------------- > I have not found evidence that other RIRs limit access to contact > details. ICANN has sunsetted the use of WHOIS for Internet Domains as of > 28 January 2025, largely due to concerns around the lack of protection of > personal data.[1] > > 4. Proposed policy solution > --------------------------- > With the exception of abuse contact information, APNIC should remove address, > phone, fax-no, e-mail, and notify fields (the Contact Information) from Org, > IRT, and role objects in the Bulk Access dataset. > > APNIC should cause any existing bulk users of APNIC WHOIS data to remove > the Contact Information from their own systems and from the Internet. > > > 5. Advantages / Disadvantages > ----------------------------- > Advantages: > This should enhance privacy and data sovereignty, while reducing nuisance > contacts. > > Disadvantages: > > A survey of all users of Bulk WHOIS data made by APNIC in February 2025 found > that > three parties would be impacted. One of the parties was found to be using the > data > for geolocation, which is contrary to the licence agreement - so in effect two > legitimate users will be inconvenienced. > > > 6. Impact on resource holders > ----------------------------- > No impact on resource holders. > > 7. References > ------------- > [1] https://gac.icann.org/activity/whois-and-data-protection > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] -- -- Satoru Tsurumaki BBIX, Inc _______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
