Europeans Restrict IP Address Whois Data

The European IP address registry (RIPE) has started locking out those making whois queries to their web site under some vague claim that Eurpean privacy laws would be broken if unrestricted access is given.  After complaints were made another vaugue statement was published that claimed to be a “legal framework.”  This document does not identify and specific laws, case decisions, official rulings, or anything that would make it a “legal framework” for restricting the data to worldwide Interenet users.  It does not even address the fact that the users agreed to make the information public when they registered for IP addresses which is the central legal issue.

Their argument is that the contact data of ISP’s and hosting companies is “personal data” and needs protection.  However, since the data was placed in the database with the express purpose of making it public it is actually exempt from the data protection laws.  In addition, RIPE claims that that they will segregate the abuse contacts from the other contacts in the future so the abuse contacts will not be restricted.  However, RIPE will not explain why an abuse contact is different than other ISP contacts under EU privacy laws.  Nor will they explain how blocking access based on IP address will do anything other than prevent legitimate users from using the system (spammers/harvesters routinely use many IP’s to circumvent the restrictions).

The truth is that a few anti-spam zealots convinced RIPE to restrict the database because they thought nobody would complain.  Even though very little spam is attributed to IP address whois harvesting, the zealots were successful in disrupting a security service used by thousands of Internet users around the world.  Sites such as Network-Tools.com can no longer combine data from domain and IP address whois outputs to present users with a combined output.  The result is reduced security for Internet users because a few RIPE insiders got a few unwanted e-mails.  If anyone complains about the policy they are immediately branded as a spammer/harvester regardless of the actual use.  Actually, most of the people that want the data want it to complain about spammers.

This type of autonomous action for whois data is commonplace.  In the case of IP address the data is owned by the US government under the IANA contract.  This fact is disregarded and entities such as RIPE haphazardly place restrictions on the data because nobody stops them.  For instance the North American registry states: “You may not use, allow to use, or otherwise facilitate the use of ARIN WHOIS data for advertising, direct marketing, marketing research, or similar purposes.”  However, there is no law against these activities and the US government has not mandated these restrictions on the data so it looks like ARIN simply created the restrictions themselves without authority.  (Actually they copied the same banner from other whois servers because “that is the thing to do” which is why there is no actual documentation as to the reasons for the restrictions.