Hello Satoru-San, Thank you for the feedback. I have comments in-line.
On Fri, Aug 29, 2025, at 13:35, Tsurumaki, Satoru wrote: > Dear Colleagues, > > I am Satoru Tsurumaki from Japan Open Policy Forum Steering Team. > > I would like to share key feedback in our community for prop-162, based > on a meeting we organized on 25th Aug to discuss these proposals. > This feedback is sent on my behalf, but please note that it is a > summary of the discussions among the 7 Japanese community members > who attended the meeting. > > Almost neutral opinions were expressed from the attendees about this proposal. Thank You. > (comment details) > - The previous proposal sought to remove contact information from all > WHOIS/RDAP records, > whereas this proposal concerns only the Bulk Access dataset. I > would like to understand the intent behind this change. Comments from the community during APNIC59 including during the Open Policy Meeting indicated the proposal would receive support provided it was restricted to bulk access. This does not solve the problem of direct abuse of the WHOIS and RDAP services, however I hope to address that issue once good statistics are available to describe the magnitude of the problem. > > - APNIC's WHOIS mirrors organization names and contact details from > JPNIC-managed WHOIS information. > As this information is registered in the "Description" field of the > APNIC WHOIS, We need to consideration > regarding the mirroring method or data set with the NIR, including > whether adjustments are necessary > if this proposal will be consensus I agree. I will also state my opinion that contact details do not belong in a Description field. > - Without knowing who is granted Bulk Access and for what purposes it > is used, the impact of this proposal > cannot be assessed, making it impossible to judge its merits. Version 002 of the proposal included the language "APNIC should publish a list of all authenticated API users with access to the Contact Information". This was eliminated because the community did not support the idea of restricting contact details to authenticated API users. Would it be useful to add a similar clause back in? For example: "APNIC should publish a list of all organisations and individuals with a current bulk access agreement for WHOIS data". I would appreciate your advice. > > Regards, > > Satoru Tsurumaki > JPOPF Steering Team Regards, Jon > > 2025年6月27日(金) 14:44 Shaila Sharmin <[email protected]>: > > > > > Dear SIG members, > > > > A new version of the proposal "prop-162-v003: WHOIS Privacy" > > has been sent to the Policy SIG for review. > > > > Information about earlier versions is available from: > > > > http://www.apnic.net/policy/proposals/prop-162 > > > > You are encouraged to express your views on the proposal: > > > > - Do you support or oppose the proposal? > > - Is there anything in the proposal that is not clear? > > - What changes could be made to this proposal to make it more effective? > > > > Please find the text of the proposal below. > > > > Regards, > > Bertrand, Shaila, and Ching-Heng > > APNIC Policy SIG Chairs > > > > > > ----------------------------------------------------------------------------------- > > > > prop-162-v003: WHOIS Privacy > > > > ----------------------------------------------------------------------------------- > > > > Proposer: > > Jonathan Brewer ([email protected]) > > > > > > 1. Problem statement > > -------------------- > > More than 400 organisations around the world have bulk access to APNIC's > > WHOIS data and may download the complete data set as required. > > Cybersecurity companies, ISPs, universities, researchers, and law > > enforcement agencies are amongst those with access. > > > > Although APNIC does not have evidence of abuse of the data by parties > > with current bulk access agreements, it's evident to many members of the > > community that APNIC WHOIS contact data is being misused. > > > > In the past three years organisations including the Number Resource > > Society (Casablanca, Morocco), Unique IP Solutions (Faisalabad, > > Pakistan), Aileron IT (Wisconsin, USA), Cogent Communications > > (Washington DC, USA) and EarnheardData (details suppressed) have > > contacted APNIC members via details published exclusively in APNIC > > WHOIS. None of these contacts have been to do with legitimate networking > > issues. > > > > > > 2. Objective of policy change > > ----------------------------- > > This policy will eliminate the unnecessary distribution and retention of > > APNIC member organisation contact information by third parties. APNIC > > systems will become the only source of obtaining address, phone, fax-no, > > e-mail, and notify data for APNIC members. > > > > This policy change will not prevent APNIC members or other authorised > > users of APNIC WHOIS from obtaining contact information for network > > resources in either ad-hoc or automated queries. > > > > 3. Situation in other regions > > ----------------------------- > > I have not found evidence that other RIRs limit access to contact > > details. ICANN has sunsetted the use of WHOIS for Internet Domains as of > > 28 January 2025, largely due to concerns around the lack of protection of > > personal data.[1] > > > > 4. Proposed policy solution > > --------------------------- > > With the exception of abuse contact information, APNIC should remove > > address, > > phone, fax-no, e-mail, and notify fields (the Contact Information) from Org, > > IRT, and role objects in the Bulk Access dataset. > > > > APNIC should cause any existing bulk users of APNIC WHOIS data to remove > > the Contact Information from their own systems and from the Internet. > > > > > > 5. Advantages / Disadvantages > > ----------------------------- > > Advantages: > > This should enhance privacy and data sovereignty, while reducing nuisance > > contacts. > > > > Disadvantages: > > > > A survey of all users of Bulk WHOIS data made by APNIC in February 2025 > > found that > > three parties would be impacted. One of the parties was found to be using > > the data > > for geolocation, which is contrary to the licence agreement - so in effect > > two > > legitimate users will be inconvenienced. > > > > > > 6. Impact on resource holders > > ----------------------------- > > No impact on resource holders. > > > > 7. References > > ------------- > > [1] https://gac.icann.org/activity/whois-and-data-protection > > _______________________________________________ > > SIG-policy - https://mailman.apnic.net/[email protected]/ > > To unsubscribe send an email to [email protected] > > > > -- > -- > Satoru Tsurumaki > BBIX, Inc > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] https://jon.brewer.nz/
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
