[gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean

Rob Golding rob.golding at astutium.com
Thu Dec 8 00:20:29 UTC 2016 

On 2016-12-07 14:55, Greg Aaron wrote:
> Speaking of key concepts…  people often say "registration data" when
> they really mean "contact data."

I find that what they really mean is generally "stuff I see on a whois 
lookup" which is all sorts of data
* data about registrar
* data about registration
* data about registrant
* data about registry
* data about regulator
* T&Cs
etc

> the THIN DATA.
> This data is factual

Sometimes

> accurate,

At a certain point-in-time, dependant on the source you are obtaining it 
from

> is not personally identifiable,

It could be possible to identify a person from the data, but it's not as 
straightforward as printing their name & address

> and I think is completely noncontroversial.

Several items in what you're grouping as "thin data" are definately 
controversial, and a regular cause of problems

> The second kind of registration data is CONTACT DATA

Yes

> In the coming discussions, one approach could be: There are good
> reasons to publish the thin data … is there any compelling reason
> _not_ to publish it?

Reasons not to ?
* it's unnecessary to the functioning of the domain/internet
* the EWG said not to make it all freely available
* select items shouldn't necessarily be mandated / public
* it costs time/effort/money to collect, store, display etc
* it's a security risk
and so on

There are good reasons for _some_ of what you refer to as thin data 
being available
(registrar name for example) and other elements to authorised viewers on 
a need-to-know

Perhaps anon/open data access should be to the minimum elements 
necessary, with anything else being subject to knowing
* who they are
* what data they're authorised to see
* what exactly that data is going to be used for
* agreement to be slapped if they misuse or redistribute the data


> _"The EWG unanimously recommends abandoning today's WHOIS model of
> giving every user the same entirely anonymous public access to
> (often inaccurate) gTLD registration data.

100% behind that :)

> _While basic data would remain publicly available,

So ideally we just need to identify "basic data" which I'd suggest is
* domain name
* domain registrar

> the rest would be
> accessible only to accredited requestors who identify themselves,
> state their purpose, and agree to be held accountable for appropriate
> use."_

Yes, everything else comes under "why do you need to know"

Rob

More information about the gnso-rds-pdp-wg mailing list