In message <CAKvLzuHetmjyvHcZK-5EQSaT=M6s-mx-WMHYE=xp_skTa4_+Sw@mail.gmail.com> denis walker <ripedenis@gmail.com> wrote:
"According to the Dutch Personal Data Protection Act (prior to the GDPR), personal data may be collected for specific, explicitly defined and legitimate purposes. Once collected, this data must:
-Be adequate, relevant and not excessive in relation to the purposes for which it is collected and further processed -Be accurate and, if necessary, kept up-to-date"
I invite everyone who still doesn't understand why I have gotten so exercized over these issues to perform a simple thought experiment: What would happen if the entire RIPE WHOIS data base was taken permamently and entirely offline tomorrow? Would the entire Europen Internet immediately cease to function? No. Would even any significant portion of the European Internet cease to function? No. As long as every RIPE member continued to behave themselves and to use only those number resources that had been assigned to them, the entire European Internet would continue to function as normal, and pretty much the same tomorrow as it did today. People and companies would continue to use their assigned IP blocks and their assigned AS numbers, and inter-company peering arrangements would continue in effect. In short, although it would arguably be sub-optimal for the entire RIPE WHOIS data base to disappear from public view tomorrow, it would not be in any sense catastrophic, and indeed, almost no one would even notice that anything at all was amiss. Technical contacts already have the names, phone numbers and email addresess of their immediate peers in their personal rolodexes, and most glitches or problems could be ironed out by simply making use of that (peer) contact info. This simple thought experiment -proves- that the entire RIPE WHOIS data base is arguably "excessive in relation to the purposes for which it is collected" because even if the entire data base were to disappear tomorrow, mountains would not fall, the seas would not dry up, and no other biblical-scale catastrophies would befall the European Internet. It is thus an obvious corollary to these obvious facts that if RIPE were to go by the letter of the law, AND if "the letter of the law" in this case were construed in its most expansive plausible interpretation... as some folks apparently want it to be... then the whole data base MUST be taken offline, and immediately, because no absolutely compelling case can be easily made that the WHOS data base is not "excessive in relation to the purposes for which it is collected". What part of this is either un-obvious or difficult to comprehend? The bottom line is that interpreting either Dutch law or GDRP expansively can lead to only one final and inevitable outcome: The entire elimination of all public access to the entire RIPE WHOIS data base. If that is where this is all going... and I have every reasone to believe that it is, for the reasons I've just explained... and if that's actually what the community wants, then so be it. In my opinion, if this is where things end up then it will be probably be the worst disaster to have ever hit the European Internet, but the members have the right to vote in favor of taking the whole WHOIS data base offline if that is their wish. That would surely result in a cascade of unfixable technical problems AND an absolute explosion in unchecked cybercrime, but if that's what you all want then who am I to stand in the way? I just wish that as this process unfolds people would be a bit less disingenuous, and that people would stop pretending not to know where this is all inevitably going to end up. Once you start arguing like a lawyer that "this little bit of data doesn't, strictly speaking, need to be public" then you can just easily make the same argument for -every- bit of data in the WHOIS data base. Regards, rfg