Preventing Abuse of Postal&Email Address Info

Dear colleagues,

below you find a short discussion paper with concrete proposals
to address some abuse of the RIPE DB which we start seeing.
It is input for that point at the meeting next week.
Comments welcome.

Daniel


      Short Term Measures to Protect Postal and E-Mail
      Address Information in the RIPE Database Against
                           Abuse


Scope

This is a discussion paper about immediate measures to pro-
tect postal and e-mail address information stored in the
RIPE database against abuse.  Mass mailings are the kind of
abuse we are focussing on.  There is consensus that these
activities clearly constitute abuse of the RIPE database.
An general acceptable use policy is a separate issue that
needs to be addresses separately.


Current Situation

The database can currently be accessed by WHOIS, WAIS and as
FTPable files. A copyright notice appears at the top of the
FTPable files:


Copyright (c)1992/.../1997 by Daniel Karrenberg and TERENA

Restricted rights.

Except for agreed Internet operational purposes, no part of this
publication may be reproduced, stored in a retrieval system, or
transmitted, in any form or by any means, electronic, mechanical,
recording, or otherwise, without prior permission of the RIPE NCC
on behalf of the copyright holders. Any use of this material to
target advertising or similar activities are explicitly forbidden
and will be prosecuted. The RIPE NCC requests to be notified of
any such activities or suspicions thereof.



The access methods most suitable to obtain mass mailing data
are the FTP and WAIS access methods.


New Trend

During first six years of operation no significant abuses of
the database have come to our attention.  In the past few
months however there have been at least two instances where
addresses from the have been sold or otherwise re-dis-
tributed to address mailings.  The NCC has taken appropriate
action in these cases.  I believe that this is a significant
trend and we have to take measures to prevent such abuse in
the future.  In the following paragraphs I will outline pos-
sible measures to that end.


Assert Copyright More Prominently

Currently the database copyright is asserted only in the
FTPable files.  Therefore any user of data obtained via
other services may claim not to be aware of the copyright.
In past discussions I have argued against cluttering WHOIS
output with copyright notices.  In the light of developments
I now recommend to insert a one line copyright notice at the
top of each WHOIS response roughly like:

% Copyright (c)1997, see http://www.ripe.net/.... for details


I have not checked yet whether this is sufficient notice in
terms of legal procedures.  However a user can then no
longer claim ignorance.  A similar solution needs to be
implemented for the WAIS service.


Remove Person Objects from FTP Access

Person objects should be removed from public FTP access.
This means both removing the person.db file and the person
objects from the ripe.db file.  The main purpose of these
files is to allow mirroring of the database and convenient
local access for various purposes.  The mirroring function-
ality has to be maintained differently.  See below for
details.  The convenience of other uses in my opinion does
no longer justify the potential for abuse this convenient
public access has.  Of course individual access can be
granted if the user has a valid reason and agrees not to
further distribute.


Restrict Access if Abuse is Suspected

I would like the database WG to explicitly authorise the NCC
to restrict access to the database if abuse is suspected.
The restrictions I envisage are artificial exponential
delays if query patterns suggest abuse and blocking access
for individual users as an ultimate measure.  Of course any
such measures will be reported back to the database WG.


Consequences for Mirror Sites

All these measures have little effect if any mirror site
does not implement them.  Therefore I propose that mirror
sites will have to agree formally to implement any restric-
tions the RIPE NCC has to implement.  Further the mirror
sites will have to change the procedure to obtain the person
information to a restricted method.


Further Steps

I encourage everyone to critically read the proposals above
and give me feedback, especially on aspects not considered.
I ask the database WG to endorse the measures proposed and
to give guidance on how they should be published, i.e. does
this need to be written up as a RIPE document or is it suf-
ficient in the database WG minutes/archives.