[TSG-Access-RD] Bulk Data, Bulk Query, WhoWas and Charter scope

Jody Kolker jkolker at godaddy.com
Fri Dec 21 13:51:18 UTC 2018 

High volume access is an area of concern.  Someone that is eligible to receive data for a particular domain is not automatically eligible to receive data for another domain, and it definitely doesn't make the person eligible to receive data for every domain at a registrar.  How are requests going to be reviewed?  I am not a lawyer, but it appears that manual review of these requests is the only way to protect privacy under the current privacy laws.  

Also, I would like discuss how the registrar/registry is going to be notified who is behind the request?  Will the request for data come from ICANN or from the entity that performed the request at ICANN?  As a registrar, I will want to know whois is requesting the data.

Thanks,
Jody Kolker

-----Original Message-----
From: TSG-Access-RD <tsg-access-rd-bounces at icann.org> On Behalf Of Andrew Newton
Sent: Thursday, December 20, 2018 10:00 AM
To: Gavin Brown <gavin.brown at centralnic.com>
Cc: tsg-access-rd at icann.org
Subject: Re: [TSG-Access-RD] Bulk Data, Bulk Query, WhoWas and Charter scope

On Thu, Dec 20, 2018 at 7:52 AM Gavin Brown <gavin.brown at centralnic.com> wrote:
>
> +1 as well.
>
> I'd like to clarify what I said on Tuesday's call about "bulk" access. 
> I was referring to the common practice of obtaining registration data 
> in bulk by performing large quantities of whois/RDAP queries using a 
> list of domains (obtained from the CZDS, passive DNS or elsewhere) as 
> an index. Such activity is annoying from an operator point of view but 
> can have legitimate uses (abuse analysis and research) as as well as 
> malicious (spam, ID theft, phishing, slamming, etc) uses.
>
> Perhaps "high volume access" would be a better term to describe this 
> than "bulk access"?
>
> A third party with a legitimate need for "high volume" access would 
> need to be able to obtain pre-authorisation for a large number of 
> queries for non-public data, rather than have each query separately authorised.
>
> Or do we feel that "high volume" access is out of scope and should be 
> dealt with via some out-of-band solution?

I don't think supporting this is onerous, but one of the requirements was that "each" query by authorized.

Perhaps we can offer it as an option.

-andy

More information about the TSG-Access-RD mailing list