[arin-ppml] Draft Policy ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal Information

Michael Peddemors michael at linuxmagic.com
Wed Mar 27 16:15:34 EDT 2024 

+1 this is a start to codify this.. OF course, given some patterns of 
abuse, might be helpful to include some example whois listings which are 
'problematic'..

On 2024-03-26 13:13, ARIN wrote:
> On 21 March 2024, the ARIN Advisory Council (AC) accepted “ARIN-prop-329: WHOIS Data Requirements Policy for Non-Personal Information” as a Draft Policy.
> 
> Draft Policy ARIN-2024-2 is below and can be found at:
> 
> https://www.arin.net/participate/policy/drafts/2024_2
> 
> You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion to assess the conformance of this draft policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:
> 
> * Enabling Fair and Impartial Number Resource Administration
> * Technically Sound
> * Supported by the Community
> 
> The PDP can be found at:
> 
> https://www.arin.net/participate/policy/pdp/
> 
> Draft Policies and Proposals under discussion can be found at: https://www.arin.net/participate/policy/drafts/
> 
> 
> Regards,
> 
> Eddie Diego
> Policy Analyst
> American Registry for Internet Numbers (ARIN)
> 
> 
> Draft Policy ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal Information
> 
> Problem Statement:
> 
> ARIN’s mission includes maintaining and distributing registration information about who holds Internet number resources (Internet Protocol (IP) addresses and Autonomous System Numbers (ASNs)) in a public database referred to as Whois.  Whois provides network operators, technical troubleshooters, law enforcement, researchers, and other interested parties with information about which organization administers specific Internet number resources. Distributing this non-personal information is very much in the public interest of proper functioning of the Internet.
> 
> While ARIN continues to recognize the ongoing relevancy and importance for publicly available WHOIS information in its control, ARIN must also take stock of evolving regional developments pertaining to data privacy and the cross-border sharing of personally identifying information (PII) which have led to or could lead to redactions among similar WHOIS resources outside of ARIN’s purview.
> 
> In light of such developments, it is important for ARIN to codify its WHOIS data requirements and disclosure practices in a manner that is both a) respectful of privacy rights pertaining to PII and b) cognizant of the value non-PII data plays in the security of the Internet and the protection of the general public.
> 
> Currently there are no ARIN policies that clearly define what organization and associated point of contact information must be provided and registered in the public Whois. This proposal attempts only to clarify and codify ARIN’s existing practice regarding organization and contact data collection and display in Whois.
> 
> Policy Statement:
> 
> 3.8 Directory Service Records
> 
> Modify 3.8.1 to include the following sentence:
> 
> All organization registration records will be visible in the public Whois.
> 
> Add 3.8.2
> 
> 3.8.2 Required Organization Record Information
> 
> The following information must be provided to ARIN to register an organization record:
> 
> Org Name
> 
> Org Street Address, City, State and Zip code (or equivalent)
> 
> Org Country
> 
> Add 3.8.3 Point of Contact Record Creation
> 
> An organization may register designated Points of Contact to manage its organization and resource registration records to include Administrative, Technical, NOC and Abuse contacts. These Points of Contact shall be representatives of the organization and any information provided to ARIN shall be that contact’s associated organizational information and not personal data.
> 
> Point of Contact registration records will generally be visible in the public Whois. Refer to NRPM 3.3 and NRPM 4.2.3.7.3.2 for exceptions to this general rule.
> 
> Add 3.8.4 Required Point of Contact Record Information.
> 
> The following information must be provided to ARIN to register an organization or resource Point of Contact:
> 
> Contact Name (this can be an individual representative of the company or a role account)
> 
> Contact’s Organization Street Address, City, State and Zip code (or equivalent)
> 
> Contact’s Organization Phone Number
> 
> Contact’s Organization E-Mail Address
> 
> Contact’s Organization Country
> 
> 
> Timetable:  ASAP
> 
> 
> 
> 
> 
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.


-- 
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

More information about the ARIN-PPML mailing list