[arin-ppml] Revised - ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal Information

Thu Jul 11 23:21:22 EDT 2024

+1

On Thu, Jul 11, 2024, 8:03 PM Mattapally Technologies <
technologiesmattapally at gmail.com> wrote:

> +1
>
> On Thursday, July 11, 2024, Leif Sawyer via ARIN-PPML <arin-ppml at arin.net>
> wrote:
>
>> Hi, all –
>>
>>     Just prodding the list to see if there are any other questions or
>> concerns with the revised text on this proposal.
>>
>>
>>
>> The AC will be meeting next week, and if there are no additional concerns
>> brought up before COB JUL 16,
>>
>> the next move for this policy will be to make the motion to promote it to
>> recommended draft.
>>
>>
>>
>> Thanks,
>>
>>     Leif
>>
>>
>>
>> *Leif Sawyer*
>>
>> *GCI* | he/him | Engineer, Network & Systems Delivery Engineering
>>
>> *t:* 907-351-1535 | *w:* www.gci.com
>>
>>
>>
>> *From:* ARIN-PPML <arin-ppml-bounces at arin.net> *On Behalf Of *ARIN
>> *Sent:* Tuesday, June 25, 2024 10:33 AM
>> *To:* arin-ppml at arin.net
>> *Subject:* [arin-ppml] Revised - ARIN-2024-2: WHOIS Data Requirements
>> Policy for Non-Personal Information
>>
>>
>>
>> [*EXTERNAL EMAIL* - CAUTION: Do not open unexpected attachments or
>> links.]
>>
>> The following Draft Policy has been revised:
>>
>> * ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal Information
>>
>> Revised text is below and can be found at:
>>
>> https://www.arin.net/participate/policy/drafts/2024_2/
>>
>> You are encouraged to discuss all Draft Policies on PPML. The AC will
>> evaluate the discussion to assess the conformance of this Draft Policy with
>> ARIN's Principles of Internet number resource policy as stated in the
>> Policy Development Process (PDP). Specifically, these principles are:
>>
>> * Enabling Fair and Impartial Number Resource Administration
>> * Technically Sound
>> * Supported by the Community
>>
>>
>> The PDP can be found at:
>>
>> https://www.arin.net/participate/policy/pdp/
>>
>>
>> Draft Policies and Proposals under discussion can be found at:
>>
>> https://www.arin.net/participate/policy/drafts/
>>
>>
>> Regards,
>>
>> Eddie Diego
>> Policy Analyst
>> American Registry for Internet Numbers (ARIN)
>>
>>
>> Draft Policy ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal
>> Information
>>
>> Problem Statement:
>>
>> ARIN’s mission includes maintaining and distributing registration
>> information about who holds Internet number resources (Internet Protocol
>> (IP) addresses and Autonomous System Numbers (ASNs)) in a public database
>> referred to as Whois. Whois provides network operators, technical
>> troubleshooters, law enforcement, researchers, and other interested parties
>> with information about which organization administers specific Internet
>> number resources. Distributing this non-personal information is very much
>> in the public interest of proper functioning of the Internet.
>>
>> While ARIN continues to recognize the ongoing relevancy and importance
>> for publicly available WHOIS information in its control, ARIN must also
>> take stock of evolving regional developments pertaining to data privacy and
>> the cross-border sharing of personally identifying information (PII) which
>> have led to or could lead to redactions among similar WHOIS resources
>> outside of ARIN’s purview.
>>
>> In light of such developments, it is important for ARIN to codify its
>> WHOIS data requirements and disclosure practices in a manner that is both
>> a) respectful of privacy rights pertaining to PII and b) cognizant of the
>> value non-PII data plays in the security of the Internet and the protection
>> of the general public.
>>
>> Currently there are no ARIN policies that clearly define what
>> organization and associated point of contact information must be provided
>> and registered in the public Whois. This proposal attempts only to clarify
>> and codify ARIN’s existing practice regarding organization and contact data
>> collection and display in Whois.
>>
>> Policy Statement:
>>
>> 2.12
>>
>> Modify 2.12 to read:
>>
>> Information needed to uniquely identify an Organization. Differing uses
>> within ARIN online, L/RSA, and the NRPM could have different requirements.
>>
>> 3.8 Directory Service Records
>>
>> Modify 3.8.1 to include the following sentence:
>>
>> All organization registration records will be visible in the public Whois.
>>
>> Add 3.8.2
>>
>> 3.8.2 Required Organization Record Information
>>
>> The following information must be provided to ARIN to register an
>> organization record:
>>
>> *Org Name
>>
>> *Org Address
>>
>> - LINE 1: STREET ADDRESS OR POST OFFICE BOX NUMBER
>>
>> - LINE 2: CITY OR TOWN NAME, OTHER PRINCIPAL SUBDIVISION (i.e. PROVINCE,
>> STATE, COUNTY, ETC.) AND POSTAL CODE (IF KNOWN) (Note: in some countries,
>> the postal code may precede the city or town name)
>>
>> - LINE 3: COUNTRY NAME
>>
>> Add 3.8.3 Point of Contact Record Creation
>>
>> An organization may register designated Points of Contact to manage its
>> organization and resource registration records to include Administrative,
>> Technical, NOC and Abuse contacts. These Points of Contact shall be
>> representatives of the organization and any information provided to ARIN
>> shall be that contact’s associated organizational information and not
>> personal data.
>>
>> Point of Contact registration records will generally be visible in the
>> public Whois. Refer to NRPM 3.3 and NRPM 4.2.3.7.3.2 for exceptions to this
>> general rule.
>>
>> Add 3.8.4 Required Point of Contact Record Information.
>>
>> The following information must be provided to ARIN to register an
>> organization or resource Point of Contact:
>>
>> * Contact Name (this can be an individual representative of the company
>> or a role account)
>>
>> * Contact’s Address
>>
>> - LINE 1: STREET ADDRESS OR POST OFFICE BOX NUMBER
>>
>> - LINE 2: CITY OR TOWN NAME, OTHER PRINCIPAL SUBDIVISION (i.e. PROVINCE,
>> STATE, COUNTY, ETC.) AND POSTAL CODE (IF KNOWN) (Note: in some countries,
>> the postal code may precede the city or town name)
>>
>> - LINE 3: COUNTRY NAME
>>
>> * Contact’s Organization Phone Number
>>
>> * Contact’s Organization E-Mail Address
>>
>>
>> Timetable: Immediate
>>
>>
>>
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>

-- 
This e-mail message may contain confidential or legally privileged 
information and is intended only for the use of the intended recipient(s). 
Any unauthorized disclosure, dissemination, distribution, copying or the 
taking of any action in reliance on the information herein is prohibited. 
E-mails are not secure and cannot be guaranteed to be error free as they 
can be intercepted, amended, or contain viruses. Anyone who communicates 
with us by e-mail is deemed to have accepted these risks. This company is 
not responsible for errors or omissions in this message and denies any 
responsibility for any damage arising from the use of e-mail. Any opinion 
and other statement contained in this message and any attachment are solely 
those of the author and do not necessarily represent those of the company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20240711/947d415b/attachment-0001.htm>