Hello Ronald, the RIPE NCC Legal team explained the changes necessary to Whois in order to comply with the GDPR in a RIPE Labs article in May 2018: https://labs.ripe.net/Members/maria_stafyla/how-were-implementing-the-gdpr-a... The two changes we recently implemented were: (1) Do not include personal data in historical queries (notify, e-mail, address attributes). Refer to the section titled "Contact Details of Resource Holders/Natural Persons" in the Labs article: "Holders of Internet number resources may be either natural or legal persons. Currently, the RIPE Database returns all contact details of resource holders, including historical resource holders. As in the above examples, returning the historical contact details of resource holders that are natural persons cannot be considered as in line with the purpose of the RIPE Database and therefore, not in line with the data protection restrictions. While aiming to strike a balance between the interests of the RIPE community in having access to historical information about resource holders (e.g. to help investigate how past network outages were resolved, spamming, DDoS attacks, etc.) and the legal obligation to comply with the data protection regime, we believe it is necessary to filter out the contact details of historical resource holders. Following internal discussions as to how this could be implemented efficiently from an operational perspective, we believe that the results to historical queries can be brought into alignment with the rules applied when the RIPE Database is provided via FTP files. By this, attributes that may contain personal data will be filtered out, such as “address”, “notify”, “e-mail”. We believe that this solution will serve to adequately provide historical information of Internet number resource registrations, while taking into account the restrictions placed on us with regards to personal data processing." (2) Do not include person/role references in historical queries (admin-c, tech-c, ping-hdl, zone-c). Refer to the section titled "NIC Handles" in the Labs article: "Historical queries still return references to NIC handles of historical role and person objects. Every person and role object is identified by a NIC handle. Historically, NIC handles were available to be reused as soon as an object was deleted. Many NIC handles have been used and reused by several different people. In 2009, a new rule was introduced to the RIPE Database which meant that if a person object was deleted, it was not possible to create another person object with the same NIC handle. With regards to historical queries, if a historical person and/or role object exists in the RIPE Database, a user will be able to identify the relevant individual that was previously the contact person responsible for the administration or technical maintenance of specific Internet number resources and networks. Since it was possible to reuse NIC handles up until 2009, it is also not certain that the NIC handle refers to the person or contact that was using that NIC handle in the historical reference. This is not in line with the data protection legislation, nor is it justified by the purposes for making personal data publicly available in the RIPE Database that were previously identified (i.e. “facilitating coordination between network operators (for network problem resolution, outage notification etc.”))" I hope the Labs article clarifies why we made these changes. Regards Ed
On 7 Oct 2019, at 21:27, Ronald F. Guilmette via db-wg <db-wg@ripe.net> wrote:
In message <FAF10ECC-9DCE-4CCE-8289-A8BB416152DA@ripe.net>, Edward Shryane <eshryane@ripe.net> wrote:
We implemented and deployed the changes below for GDPR compliance as part of Whois 1.95.1, on the 18th September:
https://www.ripe.net/manage-ips-and-asns/db/release-notes/ripe-database-rele...
Could you please provide some additional and detailed clarity on exactly what will and what won't henceforth be hidden?
Neither the page you referenced nor the RIPE 76 presentation slides perovide any real clarity about what has changed, exactly, much less how, or whether the needs of legitimate historical research were taken into account when deciding on the implementation specifics.
There is obviously a great desire, in some quarters, at least, to hide everyhing as much as possible. This applies to both governments and to quasi-governmental organizations such as the five RIRs. To the extent that this is motivated by legitimate privacy concerns, as promoted by GDPR, this is reasonable and desirable. To the extent that this is motivated by a desire to mask malfeasance it is not. The devil is in the details.
Is access to historical person and role informtaion being totally wiped out entirely, or are the fine details that some would consider private and personal information merely being elided? The latter is justifiable, under GDPR, and based upon a reasoanble concern for the privacy of the individual. The wholesale "disappearing" of history is however not justifiable.
If the name of a person, the final four digits of the person's phone number and the <<userID>> part of a person's exact email address are elided, then this is both eminently reasonable and arguably required under GDPR. Anything beyond that becomes reminicent of Winston Smith, cutting and pasting old newspaper stories in order to adjust history in accordance with the preferences of The Party.
Regards, rfg