[gnso-rds-pdp-wg] Dangers of public whois

[James Galvin]

I have to say that my beliefs about private data have been evolving for 
as long as this working group has existed.

One thing I believe now is that asking the question, “What is 
private/personal/PII data?” is not the best way to approach the 
problem.

In my opinion, in this world of “big data”, a case could be made 
that everything is personal information.  This includes the “thin 
data” we’ve been talking about.  The reality is that doing 
“reverse lookups” with one or more bits of information can be quite 
revealing, much more so for folks like Sean Spicer than others perhaps, 
but nonetheless true.

As Greg A. pointed out later in this thread, different people have 
different risk profiles and frankly there’s a limit to how much you 
can protect people from their own ignorance.

In my opinion, our focus should be on what information we need and why, 
i.e., what is the purpose of the registration data?  We should be taking 
a minimalist approach, to start, followed by extended discussion about 
what else we might collect and why?

Although we need to keep in mind access and visibility of information, 
as Chuck so often reminds us, that’s a separate discussion to be had 
“next”, in the not too distant future I hope.

Discussions about what is personal data and what is not are distracting. 
  Let’s assume it all is and move forward from there.  Understanding 
the “why” collecting the data will quite naturally drive the 
discussion of whether or not it needs to be “public” or in some way 
be subject to “restricted access”.

Jim