[db-wg] 2022-01 New Version Policy Proposal (Personal Data in the RIPE Database)

In message <CAKvLzuFA0y8mOzPiiy4tHBCRUNUBbQgJc-DD54E-S+0TW=StiA at mail.gmail.com>
denis walker <ripedenis at gmail.com> wrote:

>The RIPE NCC does not enter or maintain the data in question and will not
>be obscuring anything.

Alright then.  Who exactly ARE you proposing to assign the task of redacting
the snail-mail address fields to?

>As an armchair lawyer you have totally failed. GDPR does require the
>purposes of the database to justify the processing of personnel data. The
>current defined purposes do not do this for this data.

I see.  So I am a rank amateur while you however are licensed to dispense
legal opinions.

Would it be inappropriate then for me to ask to see a copy of -your- law
license?

More to the point, even if you were correct in your assesment of applicable
GDPR provisions... and I do not by any means conceed that you are... then
might it not also and likewise be successfully argued that GDPR requires
RIPE to redact all natural person phone numbers, email addresses, and
even their names?  And if that is true, then why aren't you proposing
THAT even more extensive set of (forced) redactions?

>> I am opposed to there being an -official- condoning and/or (even worse) an
>> official -enforcement- of deliberate obfsucation of any fields of the
>> WHOIS data base.
>
>So voluntary obfuscation is ok?

As a practical matter, it hadly matters whether *I* think it is OK or not.
As you yourself noted, it is being done, right now, by many parties, whether
you or I like it or not, and regardless of whether it is officially condoned
or not.  People who felt some need for such "privacy" have already implemented
their own "self serve" WHOIS privacy without any prompting or encouragement
from any of us.  I personally view this as a problem, but as long as RIPE
has zero rules and zero procedures which would prevent members from putting
whatever they like into their WHOIS records, people are going to do whatever
they like.  So really, the only question before us now is: Do we want to
"officially" encourage this sort of thing, or do we want to officially
discourage this sort of thing.  I want the latter, while you want the former.

>Some telecom companies enter hundreds of thousands of customer details into
>the RIPE Database including personal names and addresses.

Really?  Name two.

>These people, in
>reality, have probably never heard of the RIPE Database or the RIPE NCC.
>These are the very people GDPR is intended to protect.

Wait!  In the scenario you've just described... which I have yet to be
persuaded is even something that's actually going on... if the natural
persons who had their names, email addresses, phone numbers, and street
addresses exposed as a result of the (alleged) actions of these (alleged)
telecoms were to actually sue somebody for these blatant affronts to their
privacy rights, then who would they sue?  RIPE?  Or those wayward and
careless telecoms that, in the first instance, dispensed all this personal
information in clear violation of GDPR?

It seems to me that in the scenario as you've described it, it is the
telecoms alone that would be clearly and solely at fault for the eggregious
spilling of PII in clear contravention to the edicts of GDPR, and that
RIPE would bear -zero- liability or responsibility for the unnecessary
transmittal or publication of private data.

Consider an analogy:  I run a dry cleaning shop in Hamburg.  You are my
friend.  One day I let you into my back office and let you copy down
the names and addresses of many, most, or all of my customers.  You
then go back home to the U.S.A. or to Zimbabwe, or at any rate to some
jurisdiction where GDPR does not apply.  You then put all those names
and address on your public web site?  Who is liable for this "leak" of
PII, under GDPR?  Me or you?

I am really looking forward to seeing your list of EU telecoms that are doing
bulk transfers, willy nilly, of customer PII, into the RIPE data base.

>> What gives you or anyone the right to take away a member's rights to have
>> their true and actual mailing address in their own public WHOIS records?
>
>Again you simply don't understand the issue. "their true and actual". This
>address is 'defined' in the database documentation as "The postal address
>of a contact related to the organisation". That can be anyone based in any
>location in the world, as Europol have discovered.

Sounds like a definite problem to me!  So lets fix that.  Let's require
*at least* the REAL name and address of each member to be present in that
member's public WHOIS record.

Every new member has to submit some identifying documents at the time they
first become members, right?  If it is a  corporation, then a copy of the
formal and legal incorporation document(s) must be submitted as part of the
application process.  If it is person, then either a copy of that person's
passport or some other form of government-issued identification document
must be submitted as part of the new/prospective member's application for
membership, right?  So we take this "real" member name & address info,
copy it off those bona fide documents, and stick the same data into the
member's public-facing WHOIS record.  Is this just, like, too simple,
or what?

As I have said, if there are natural person journalists, or activists, or
other folks who have other issues pertaining to lifestyle or whatever, and
who can make at least a prima facia case that they need to have both (a)
number resources AND also (b) privacy of their PII, then allow NCC to
accept their requests to be exempt from publication of their PII on a
case by case basis.  For everybody else however, what you see (in the public
WHOIS) is what you get, i.e. the real names and the real addresses.

Problem solved!  And everybody's happy.

The only people who could be against this are people intent on committing
fraud or some other kind of nefarious skulduggery on the Internet WHILE
USING THEIR ASSIGNED NUMBER RESOURCES.


>> So now, why don't you re-submit this proposal and instead propose that *all*
>> mailing address information, including even the country name, be redacted
>> from the data base for *all* members?
>
>It will be optional.

Wait... WHAT???

Could you please repeat that?  I want to make sure that even the people way
in the back heard that.

So your -actual- proposal is to make *all* WHOIS information for *all* classes
of RIPE members "optional"???

Take your time.  If you misspoke, then by all means, please rephrase so as
clarify what you really meant to say.


Regards,
rfg