[anti-abuse-wg] whois access

On 15 Dec 2011, at 16:42, russ at consumer.net wrote:

> Thanks for all the replies.
> 
> As for passing through the IP of the requesters of the whois records I have asked about this several times.  ARIN told me they don't support it and RIPE won't answer my inquiries.  Are there standards for that or any other information about setting up some sort of ip address pass-through or proxy for whois queries for the RIR's?

You want bulk access. Stop pretending that you don't

> 
> As I understand it the fact that the abuse contact is not associated with the object record is a design flaw.  It seems to me this matter should have been dealt with before the RIPE blocking initiatives.

Why? Because it puts you out?



> 
> The definition of "personal data" in Directive 95/46/EC is not really useful when you talk about protection of the data.

It's European law. Saying it's "not really useful" won't change that


>  This definition groups information that is mandated by law to be public with truly private or sensitive data.  For instance, company "Example.com" has an e-mail address "president at example.com."  The company is legally required to file documents declaring who their president is and make that publicly available so the address "president at example.com" falls under this definition.  Now if you have his private cell phone number that is also "personal data" but it is not mandated to be public information.  The cell phone number deserves a high level of protection while but the e-mail address does not so treating them the same is not useful.  In any case I have no desire to access persoanl contacts or other data other than contact information meant for public consumption.
> 
> If I understand things correctly the so-called "bulk access" option is using a "-r" which would not display the abuse contact.  Since getting the abuse contacts is often the main purpose of the query this does not seem to be viable option.  In actuality I am not requesting "bulk access" and I don't save any of the data myself.  My system is a pass-though where the users get the data and I package the data with other functions.  It may appear as if it is bulk access because it all comes from a single IP but it is not.  The same thing happened with ARIN several years ago.  Once I showed them the web site they agreed that is was a pass-through system and removed the block.  Now we have a situation where different RIR's have different policies for the same type of whois requests.  In my case I use a commercial whois component from hexillion.com and i cannot go in and change the queries just to RIPE without going back to the software vendor or completely reprogramming my site.   I have plans to do that anyway but I cannot do it overnight or during the Christmas season because someone at RIPE woke up one day after 13 years and decided to block my site.
> 
> One purpose of the database is to provide access to the public for IP address allocations.  While it is true people can visit the RIPE database themselves it is not practical

Practical according to who?



> (the person suggesting this has ads in his signature for a business that combines several services people could get on their own).

I assume that was aimed at me? If it was why don't you just say so instead of trying to be "clever" ?

> 
> As I see it the problem lies with ICANN/IANA.    They are contractually obligated with the US Department of Commerce to "ensure the authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation."  Obviously there should a single WHOIS interface with standard policies and procedures for accessing it and not this hodgepodge system where users of the data have to deal with each RIR separately.

IPs in the RIPE region are clearly delegated to RIPE by IANA. IANA has completed its function.



> 
> The funny part about this whole thing is that I contacted a busines that provides whois services (they are not a spammer or harvester).

Who?

The only companies I know of that provider "whois services" are doing so by harvesting data from other people's systems.



>  One of the first things they told me was that they use a distributed IP address system for requests to avoid the blocking.

Which tells me that what they're harvesting. If their usage was "legitimate" then they would be able to get whitelisted


>   the current policy forces legitimate business to use hacking techniques to access data that is supposed to publicly variable.  The current IP address blocking scheme has no practical purpose other than preventing DOS attacks.  Harvesters continue collected data using distributed IP's while small sites like mine suffer and possibly get run out of business.

So you want to make money out of our data? And you're upset that EU law and RIPE's policies slows you down? 


>  The impression I have is that the people doing the blocking have no concern whatsoever about the collateral damage they are casing or the fact that their actions have little or no purpose.   Then if someone complains they are often ignored or ridiculed.
> 
> Thank You
> 
> 

Mr Michele Neylon
Blacknight Solutions ♞
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://blacknight.biz
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Facebook: http://fb.me/blacknight
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845