prop-162: WHOIS Privacy

The proposal suggests eliminating the unnecessary publication of APNIC member organisation contact details in the APNIC Whois database. People with a legitimate need for these contact details can use a service provided by APNIC to obtain them.

Jonathan Brewer

The Secretariat notes that this proposal suggests removing member organization contact details (email, telephone numbers, and physical addresses) from the bulk WHOIS data, and the existing re-publishers of APNIC Whois data must remove contact information as a condition for continued access to data.

Questions/Comments:

• To date, the Secretariat has not received any reports of Whois data abuse relating to organizations that have signed the AUP to access bulk data. According to our records, Hurricane Electric and RecordedFuture do not have access to APNIC bulk Whois data.
• Over 400 organizations now have access to bulk Whois data. Around 70 unique logins have accessed bulk Whois data over the last 3 months. The current Whois data acceptable use agreement (AUA) does not contemplate the revocation of access by the Secretariat. However, the Secretariat can implement stronger terms and require accession to them for continued access to the bulk Whois data. This would not address prior issues but may help limit the impact going forward.
• The existing AUA does not contemplate a requirement to delete prior data without evidence of misuse. As noted above with respect to access, APNIC can remove ongoing access until such time as the re-publisher accedes to new terms.

Implementation:

This proposal may require changes to APNIC systems, internal policy, procedures, and agreements. If this proposal reaches consensus, implementation may be completed within three (3) months.