[anti-abuse-wg] whois access

Thanks for all the replies.

As for passing through the IP of the requesters of the whois records I 
have asked about this several times.  ARIN told me they don't support it 
and RIPE won't answer my inquiries.  Are there standards for that or any 
other information about setting up some sort of ip address pass-through 
or proxy for whois queries for the RIR's?

As I understand it the fact that the abuse contact is not associated 
with the object record is a design flaw.  It seems to me this matter 
should have been dealt with before the RIPE blocking initiatives.

The definition of "personal data" in Directive 95/46/EC is not really 
useful when you talk about protection of the data.  This definition 
groups information that is mandated by law to be public with truly 
private or sensitive data.  For instance, company "Example.com" has an 
e-mail address "president at example.com."  The company is legally required 
to file documents declaring who their president is and make that 
publicly available so the address "president at example.com" falls under 
this definition.  Now if you have his private cell phone number that is 
also "personal data" but it is not mandated to be public information.  
The cell phone number deserves a high level of protection while but the 
e-mail address does not so treating them the same is not useful.  In any 
case I have no desire to access persoanl contacts or other data other 
than contact information meant for public consumption.

If I understand things correctly the so-called "bulk access" option is 
using a "-r" which would not display the abuse contact.  Since getting 
the abuse contacts is often the main purpose of the query this does not 
seem to be viable option.  In actuality I am not requesting "bulk 
access" and I don't save any of the data myself.  My system is a 
pass-though where the users get the data and I package the data with 
other functions.  It may appear as if it is bulk access because it all 
comes from a single IP but it is not.  The same thing happened with ARIN 
several years ago.  Once I showed them the web site they agreed that is 
was a pass-through system and removed the block.  Now we have a 
situation where different RIR's have different policies for the same 
type of whois requests.  In my case I use a commercial whois component 
from hexillion.com and i cannot go in and change the queries just to 
RIPE without going back to the software vendor or completely 
reprogramming my site.   I have plans to do that anyway but I cannot do 
it overnight or during the Christmas season because someone at RIPE woke 
up one day after 13 years and decided to block my site.

One purpose of the database is to provide access to the public for IP 
address allocations.  While it is true people can visit the RIPE 
database themselves it is not practical (the person suggesting this has 
ads in his signature for a business that combines several services 
people could get on their own).

As I see it the problem lies with ICANN/IANA.    They are contractually 
obligated with the US Department of Commerce to "ensure the 
authentication, integrity, and reliability of the data in performing the 
IANA requirements, including the data relevant to DNS, root zone file, 
and IP address allocation."  Obviously there should a single WHOIS 
interface with standard policies and procedures for accessing it and not 
this hodgepodge system where users of the data have to deal with each 
RIR separately.

The funny part about this whole thing is that I contacted a busines that 
provides whois services (they are not a spammer or harvester).  One of 
the first things they told me was that they use a distributed IP address 
system for requests to avoid the blocking.   the current policy forces 
legitimate business to use hacking techniques to access data that is 
supposed to publicly variable.  The current IP address blocking scheme 
has no practical purpose other than preventing DOS attacks.  Harvesters 
continue collected data using distributed IP's while small sites like 
mine suffer and possibly get run out of business.  The impression I have 
is that the people doing the blocking have no concern whatsoever about 
the collateral damage they are casing or the fact that their actions 
have little or no purpose.   Then if someone complains they are often 
ignored or ridiculed.

Thank You