Home / Blogs

Consistency, Urgency, and Transparency Needed for Registrant Data Requests

As we reported in our Post-GDPR Compliance Rate retrospective in January 2020, registrar compliance rates in response to verified requests for redacted registrant information using the Appdetex WHOIS Requestor System was 25 percent. Our most recent report shows the compliance rate has increased to 27 percent, based upon a total of 243 requests for redacted WHOIS information sent to 68 registrars over the period starting January 1, 2020, through February 24, 2020.

This rate is an improvement over the initial single-digit results seen immediately after the implementation of GDPR and the Temporary Specifications for gTLD Registration Data (Temporary Specifications)which, to some extent, is understandable given that registrars were still trying to interpret the complicated GDPR rules and the potential repercussions attendant to this law. However, it is also abundantly clear that there is still room for improvement.

While seventy percent of the registrars we contacted in this reporting period acknowledged our requests, only 11 actually provided registrant data. Furthermore, 20 registrars have not responded in any manner. We want to recognize the efforts of those registrars who have complied with these requests in working for a safer and more secure internet.
As readers of this blog know, the advent of GDPR and the Temporary Specification resulted in the redaction of WHOIS information that had been publicly available previously. This overly conservative approach continues to cause difficulties in abating domain name abuse for professionals such as law enforcement, brand holders, and investigators with a legitimate need for information about malicious behavior, consumer protection, and security-related issues. Resolving these issues often requires swift and decisive action in order to protect consumers and brands.

In anticipation of these difficulties, prior to the introduction of GDPR and the Temporary Specification, Appdetex developed our Whois Requestor System (AWRS), an efficient workflow process that allows us to submit customer-verified, legitimate WHOIS requests directly to the associated registrars. This system was designed to be used by our customers to obtain non-public WHOIS data for cybersecurity, consumer protection, and intellectual property enforcement activities.

While the data demonstrates that some registrars are able and willing to work within the Temporary Specifications in complying with requests, in the absence of industry protocols for the request process, each registrar has created their own separate and often detailed list of requirements that must be met before they will comply with a request. Navigating these requirements can be complicated, and responses can be slow, which is of concern in security cases requiring urgency. Adding to this concern, there are registrars who have neither published their process for requesting registrant data nor responded to any requests, creating virtual safe-havens for nefarious activity.
These factors make it difficult, if not impossible, in some cases, for law enforcement, investigators, and intellectual property rights holders with a legitimate need for registrant contact data to collect this vital information.

To reduce domain abuse and fraud, the community needs to agree on a transparent, consistent, and expedient system for providing access to registrant information in response to legitimate requests. Such a system can protect individual privacy while providing access to legitimate requests from brand holders, law enforcement, and investigators in order to close the loophole of anonymity that criminals continue to exploit.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Frederick Felman, Former Chief Marketing Officer at AppDetex

Filed Under

Comments

Maybe, just maybe Volker Greimann  –  Mar 9, 2020 7:59 PM

the reason for APPDETEXs’ low success rate could be the quality of your requests? Or the fact that APPDETEX rarely responds or follows up on our requests for further information on its requests? Or the fact that you usually send your requests in bulk right before an ICANN meeting?

The last requests I have seen did not clearly point out a violation but rather expected us to make the case for your complaint “one of these 5 trademarks may have been infringed upon by this domain name”, did not contain any information on international data transfers and your subsequent handling of the data you requested, or simply were nonstarters because the complaint was nonsensical or failed to include sufficient evidence to prove the violation. The mere match of a protected string does not a violation proove, after all.

When we responded, there was no response. I believe the least a requester should be able to do was to respond to requests for further information.

All in all, your requests create the distinct impression that their real intent is not to request the data, but rather to create statistics to prove a point on a slideshow in the subsequent ICANN meeting. Not saying that this is so, but the impression is there.

Other requesters that are working for the same customers that you serve have a much higher positive response rate from us, and it is all down to their request quality in demonstrating the violation, their willingness to follow up, and their genuine interest in the data, not the statistics.

Response to Volker Frederick Felman  –  Mar 10, 2020 1:33 PM

Volker - I'll investigate your specific claims about requests to Key Systems. Regarding our results, we are seeing improvement in the success of our requests. Largely through cooperation with target registrars who engage in dialogue with us to improve our requests and in the spirit of registrar cooperation to abate abuse. And, I'll reiterate my thanks to cooperative registrars who are improving SSR in the DNS. After comparing notes with other organizations making requests for redacted registrant contact data for infringing domain names, our success rate is substantially higher than others, and for this, I credit our outreach and the cooperation of registrars. Concerning the unfounded generalizations you've made in your comment: 1) We throttle our requests and those throttles are enforced by our system. Those throttles were specifically employed to avoid overwhelming the systems of those from whom we request. That change was as a result of the feedback we received from our first report and our interactions with registrars. 2) In fact, before each ICANN meeting, we stop making requests 1-2 weeks before the meeting to avoid creating a backlog for the registrars processing our requests. 3) Your impression is incorrect regarding the intent of requests. Enforcement is the intent, notices are sent to registrants of infringing domains.

Requests to Key Systems Frederick Felman  –  Mar 10, 2020 1:44 PM

Volker - To be very specific in our response to your comment: 1) We have not made a single request to key systems in 2019 or 2020 2) We stopped making requests to key systems 3) If you'd like more data from me about the specifics of our requests to your organization and would like to establish a cooperative relationship to abate the abuse that we find in domains registered by Key Systems we invite it. Thank you.

Thank you for your response Volker Greimann  –  Mar 10, 2020 4:07 PM

I appreciate your taking the time to respond.

While it may be the case that you have not sent any recent requests to KS, that is ultimately irrelevant since our abuse team handles requests for many more registrar accreditations and I was referring to the requests I had seen. Those that I saw were like that. Maybe you changed your requests since then, but if you have not sent them to us, I would not have seen them, would I?
As to why you stopped sending us requests, I hope that is not due to the fact that we responded to all of them and they ruined your statistics, is it?
The fact remains that outside the conversations I had with Ben at one of the ICANN meetings of yore, we did not receive any feedback to our responses where we requested further information. Why is that?
I appreciate you efforts to throttle requests as the is very helpful to those responding to them.
If enforcement is the target, can you share the numbers as to what percentage of successful requests results in a UDRP action or similar? Surely your clients will actively protect their rights after you obtained that data for them…

Volker Response Frederick Felman  –  Mar 10, 2020 4:27 PM

Volker -

1) We have no visibility of the requests that you handle for others under any private agreements with other registrars, therefore we have no visibility to the specific cases you are referring to nor the circumstances surrounding them. As always, if you have any specific complaints about our requests to those registrars or our response to them I invite you to contact me via email at Appdetex under another cover to the address contained in our responses and requests.

2) Concerning our statistics and any effect requests to Key Systems GMBH or Key Systems LLC would have on the results, If we were to apply key systems historic response rates to our requests it would underscore the need for consistency transparency and urgency. However, it was early days when we stopped sending requests to your registrars and I could not comment on whether it would help or hinder your current response rates and process.

3) If you had private conversations with Appdetex staff and would like to revisit that conversation with the team who carry out our enforcement activity, we can do so via the email mentioned above. It would be best if you would not jeopardize the privacy of any of our staff by mentioning their names in a public forum without their consent.  And, I request that you remove that name from your response as they are not a party to this conversation. Thank you.

I do remember you had an issue Volker Greimann  –  Mar 10, 2020 5:03 PM

I do remember you had an issue that your initial requests were recognized as spam by certain third party spam protection providers and therefore did not reach us. This may or may not provide some indication on the reports you sent back then. But after I addressed that with your team, this issue was resolved and we started to actually receive your reports.

All things said and done, this mainly underscores the need for a central portal that can certify these requests to avoid being flagged as spam, like the one we are currently exploring on the EPDP.

If you stopped sending us requests, I would be interested in learning about why that is. Hopefully it is because our customers’ registrations no longer impact the rights of your clients. Because any other reason would not make sense. Or do you only offer to protect the rights of your customers with certain registrars. That would be a silly service…

I don’t think that mentioning the first name of your general counsel was of concern as he used to be prominently featured on your website and outspoken in all ICANN forums was an issue, but I will refrain from making that mistake again.

Volker Response Frederick Felman  –  Mar 10, 2020 6:08 PM

Volker - I couldn’t agree more whole-heartedly with you concerning the need for transparency and consistency which would be provided by a central system that tracks requests. And for that matter, it’d be helpful to have all parties to any recorded transaction of this sort accountable for their actions including registrars, requestors, their agents and ICANN. As for our actions and what venues and issues our clients choose to enforce within and upon is solely within their control as we are only agents for our clients. As I mentioned, if you are truly interested in understanding our experience working with your as an agent for those you represent or for Key Systems, please contact us directly and the team coordinate with you specifically and confidentially. Best - Fred

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix