As we reported in our Post-GDPR Compliance Rate retrospective in January 2020, registrar compliance rates in response to verified requests for redacted registrant information using the Appdetex WHOIS Requestor System was 25 percent. Our most recent report shows the compliance rate has increased to 27 percent, based upon a total of 243 requests for redacted WHOIS information sent to 68 registrars over the period starting January 1, 2020, through February 24, 2020. more
The early designers of the Internet quickly realized that as the number of domain names flourished, there was a need for tracking domain name owners to resolve questions and conflicts that might arise. To that end, they created WHOIS, a public database with the names, phone numbers, email addresses, and mailing addresses of registered domain owners and operators. more
There's a well-documented crisis facing the domain name system: very few who rely on domain name registration data from the Whois database to perform vital functions can do so any longer, which is escalating consumer harm and abuse on the internet worldwide. And the problems, thanks to ICANN's overly restrictive policy post-GDPR and a failing policy process, are piling up. more
Muscle memory is a funny thing. We don't even think about it really, but when we do the same thing over and over again, it just becomes second nature to us. This is how we've come to use WHOIS over the past two decades to get contact information for registered domain names. If you wanted to see who owned a domain, you'd simply do a WHOIS search. I've probably done hundreds of thousands of them during my time in the industry. Well as of this week, a major step in the retirement of WHOIS officially took place. more
The European Data Protection Board certainly has been keeping its records straight. Its 27 May statement starts with the following: "WP29 has been offering guidance to ICANN on how to bring WHOIS in compliance with European data protection law since 2003." All internet users have dealings with the Internet Corporation for Assigned Names and Numbers, yet the vast majority have never heard of ICANN. more
Accessing Whois information and acting on a litigious domain name is becoming a nightmare for law enforcement agencies. Law enforcement agencies must have an access to the information provided by registrants in the Whois database and, in specific cases, have authority to act FAST on a domain name. The EU has a solution for this and it's coming in 2020. more
M3AAWG, the Messaging, Malware, and Mobile, Anti-Abuse Working Group and APWG, the Anti-Phishing Working Group, surveyed their members about recent WHOIS changes. With over 300 results from security researchers, it's the broadest report yet on WHOIS use. The survey results confirm our concerns that WHOIS was a vital resource for security research, and its loss is a serious and ongoing problem. more
New Zealand's Domain Name Commission today won a motion for preliminary injunction in a US lawsuit against the company DomainTools. more
Special interests who oppose privacy are circulating draft legislation to cut short ICANN's Whois policy process, warns Milton Mueller in a post published today in Internet Governance Project. more
Amazingly enough, summer is rapidly ending as kids head back to school, the temperatures in the mornings are just slightly cooler, and soon enough jeans and sweatshirts will be upon us. It also means that the important work on ICANN's temporary specification regarding WHOIS relative to GDPR has already aged a few months. The ICANN Board adopted the temporary specification in May 2018 and it became effective on the 25th of the month. more
The need for an access model for non-public Whois data has been apparent since GDPR became a major issue before the community well over a year ago. Now is the time to address it seriously, and not with half measures. We urgently need a temporary model for access to non-public Whois data for legitimate uses, while the community undertakes longer-term policy development efforts. more
As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more
On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data. more
German courts seem to be pretty fast, so instead of having to wait weeks or months to see how they'd rule, we've already got the answer. The German court in Bonn has ruled that EPAG (Tucows) is not obliged to collect extra contacts beyond the domain name registrant. The decision, naturally, is in German, but there is a translation into English that we can use to understand how the court arrived at this decision. more
As I noted over the weekend, ICANN has instigated legal action against EPAG, an ICANN accredited registrar based in Germany that is part of the Tucows group. ICANN claims that the case is to "preserve WHOIS data", but Tucows asserts in their statement that the ICANN approach is flawed. It's not a frivolous statement, but one they've backed with fairly detailed rationale - and this is just their public statement and not a formal legal filing. more