----------------------------------------------------------------------------------- prop-162-v001: WHOIS Privacy ----------------------------------------------------------------------------------- Proposer: Jonathan Brewer (jon@xn--t-0la.nz) 1. Problem statement ------------------------- Through permitted bulk access to APNIC whois, several organisations including Hurricane Electric and RecordedFuture republish physical addresses, email addresses, and telephone numbers of APNIC members. These details are freely available on the web and available for mass harvesting through the use of screen scraping technology. It is apparent that some third parties have used this data in a manner contrary to the APNIC whois data acceptable use agreement. In the past three years organisations including the Number Resource Society (Casablanca, Morocco), Unique IP Solutions (Faisalabad, Pakistan), Aileron IT (Wisconsin, USA), and EarnheardData (details suppressed) have contacted my organisation via details published exclusively in APNIC whois. None of these contacts have been to do with a legitimate networking issue. 2. Objective of policy change ---------------------------------- This policy will eliminate the unnecessary publication of APNIC member organisation contact details. People with a legitimate need for these contact details can use a service directly provided by APNIC to obtain them. 3. Situation in other regions -------------------------------- Unknown 4. Proposed policy solution -------------------------------- APNIC should remove all email addresses, telephone numbers, and physical addresses from any bulk WHOIS data, and should cause any existing re-publishers of APNIC WHOIS data to remove this information from the Internet as a condition for continued access to data. 5. Advantages / Disadvantages ------------------------------------ Advantages: This should reduce future marketing calls to the NOC phone and marketing emails to the noc email address. Disadvantages: None. The information will still be available via APNIC-controlled WHOIS services which presumably are protected against illegitimate data harvesting. 6. Impact on resource holders ----------------------------------- No impact on resource holders. 7. References ----------------