[db-wg] 2022-01 V2 Resource Holders Address

In message <CAKvLzuHetmjyvHcZK-5EQSaT=M6s-mx-WMHYE=xp_skTa4_+Sw at mail.gmail.com>
denis walker <ripedenis at gmail.com> wrote:

>"According to the Dutch Personal Data Protection Act (prior to the GDPR),
>personal data may be collected for specific, explicitly defined and
>legitimate purposes. Once collected, this data must:
>
>-Be adequate, relevant and not excessive in relation to the purposes for
>which it is collected and further processed
>-Be accurate and, if necessary, kept up-to-date"

I invite everyone who still doesn't understand why I have gotten so exercized
over these issues to perform a simple thought experiment:

What would happen if the entire RIPE WHOIS data base was taken permamently
and entirely offline tomorrow?  Would the entire Europen Internet immediately
cease to function?  No.  Would even any significant portion of the European
Internet cease to function?  No.  As long as every RIPE member continued to
behave themselves and to use only those number resources that had been
assigned to them, the entire European Internet would continue to function
as normal, and pretty much the same tomorrow as it did today.  People and
companies would continue to use their assigned IP blocks and their assigned
AS numbers, and inter-company peering arrangements would continue in effect.

In short, although it would arguably be sub-optimal for the entire RIPE WHOIS
data base to disappear from public view tomorrow, it would not be in any
sense catastrophic, and indeed, almost no one would even notice that anything
at all was amiss.  Technical contacts already have the names, phone numbers
and email addresess of their immediate peers in their personal rolodexes,
and most glitches or problems could be ironed out by simply making use of that
(peer) contact info.

This simple thought experiment -proves- that the entire RIPE WHOIS data base
is arguably "excessive in relation to the purposes for which it is collected"
because even if the entire data base were to disappear tomorrow, mountains
would not fall, the seas would not dry up, and no other biblical-scale
catastrophies would befall the European Internet.

It is thus an obvious corollary to these obvious facts that if RIPE were to
go by the letter of the law, AND if "the letter of the law" in this case were
construed in its most expansive plausible interpretation... as some folks
apparently want it to be... then the whole data base MUST be taken offline,
and immediately, because no absolutely compelling case can be easily made
that the WHOS data base is not "excessive in relation to the purposes for
which it is collected".

What part of this is either un-obvious or difficult to comprehend?

The bottom line is that interpreting either Dutch law or GDRP expansively
can lead to only one final and inevitable outcome:  The entire elimination
of all public access to the entire RIPE WHOIS data base.

If that is where this is all going... and I have every reasone to believe
that it is, for the reasons I've just explained... and if that's actually
what the community wants, then so be it.  In my opinion, if this is where
things end up then it will be probably be the worst disaster to have ever
hit the European Internet, but the members have the right to vote in favor
of taking the whole WHOIS data base offline if that is their wish.  That
would surely result in a cascade of unfixable technical problems AND an
absolute explosion in unchecked cybercrime, but if that's what you all
want then who am I to stand in the way?  I just wish that as this process
unfolds people would be a bit less disingenuous, and that people would
stop pretending not to know where this is all inevitably going to end up.

Once you start arguing like a lawyer that "this little bit of data doesn't,
strictly speaking, need to be public" then you can just easily make the same
argument for -every- bit of data in the WHOIS data base.


Regards,
rfg