[TSG-Access-RD] Bulk Data, Bulk Query, WhoWas and Charter scope
Jody Kolker
jkolker at godaddy.com
Fri Dec 21 13:51:18 UTC 2018
High volume access is an area of concern. Someone that is eligible to receive data for a particular domain is not automatically eligible to receive data for another domain, and it definitely doesn't make the person eligible to receive data for every domain at a registrar. How are requests going to be reviewed? I am not a lawyer, but it appears that manual review of these requests is the only way to protect privacy under the current privacy laws.
Also, I would like discuss how the registrar/registry is going to be notified who is behind the request? Will the request for data come from ICANN or from the entity that performed the request at ICANN? As a registrar, I will want to know whois is requesting the data.
Thanks,
Jody Kolker
-----Original Message-----
From: TSG-Access-RD <tsg-access-rd-bounces at icann.org> On Behalf Of Andrew Newton
Sent: Thursday, December 20, 2018 10:00 AM
To: Gavin Brown <gavin.brown at centralnic.com>
Cc: tsg-access-rd at icann.org
Subject: Re: [TSG-Access-RD] Bulk Data, Bulk Query, WhoWas and Charter scope
On Thu, Dec 20, 2018 at 7:52 AM Gavin Brown <gavin.brown at centralnic.com> wrote:
>
> +1 as well.
>
> I'd like to clarify what I said on Tuesday's call about "bulk" access.
> I was referring to the common practice of obtaining registration data
> in bulk by performing large quantities of whois/RDAP queries using a
> list of domains (obtained from the CZDS, passive DNS or elsewhere) as
> an index. Such activity is annoying from an operator point of view but
> can have legitimate uses (abuse analysis and research) as as well as
> malicious (spam, ID theft, phishing, slamming, etc) uses.
>
> Perhaps "high volume access" would be a better term to describe this
> than "bulk access"?
>
> A third party with a legitimate need for "high volume" access would
> need to be able to obtain pre-authorisation for a large number of
> queries for non-public data, rather than have each query separately authorised.
>
> Or do we feel that "high volume" access is out of scope and should be
> dealt with via some out-of-band solution?
I don't think supporting this is onerous, but one of the requirements was that "each" query by authorized.
Perhaps we can offer it as an option.
-andy
More information about the TSG-Access-RD
mailing list