Today is Holocaust Remembrance Day. Today we remember that the Nazis rounded up Jews, Roma, political dissidents, and other "undesirables" using the best data and technology of the day and sent them off to concentration camps. We don't normally deal with this type of political reality in ICANN, but now is the time to do so. In 1995, the recently formed European Union passed the EU Data Protection Directive. more
We are on the brink of the most serious threat to the open and public Internet for decades. ICANN, under pressure from domain name registrars and EU data protection authorities, has proposed an "interim" plan that will hide critical information in WHOIS. Security, threat intelligence, and anti-abuse professionals rely on WHOIS to track down bad guys and keep the Internet as safe and secure as possible. more
The ICANN Intellectual Property Constituency (IPC) and Business Constituency (BC) will be hosting a community-wide discussion regarding the proposed accreditation and access model for non-public WHOIS data, which was first circulated to the community during ICANN 61. The discussion will take place via ICANN-supported remote participation and/or audio bridge this Friday, April 6, 2018, from 1400-1600 UTC. more
In the current debate over the balance between privacy and Internet safety and security, one of the unanswered questions is: "How will those responsible for protecting the public interest gain access to the non-public data in the WHOIS databases post General Data Protection Regulation (GDPR)?" In an attempt to prevent WHOIS data from going "dark," several community members have been working for the past weeks to create a model that could be used to accredit users and enable access to the non-public WHOIS data. more
ICANN has consistently said its intention in complying with the European Union's General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database "to greatest extent possible." On February 28, ICANN published its proposed model. Strangely, while ICANN acknowledges that some of the critical purposes for WHOIS include consumer protection, investigation of cybercrimes, mitigation of DNS abuse, and intellectual property protection, the model ICANN proposes provides no meaningful pathway to use WHOIS in those ways. more
The compliance deadline for the European Union's General Data Protection Regulation (GDPR) is nearly upon us, the unveiling of a proposed model to bring WHOIS into compliance is said to come from ICANN next week, and everyone is scrambling to understand all that's involved. Implementation of a revised WHOIS model is clearly on the horizon, but what comes after may be the real story! Specifically, if WHOIS information becomes more than nominally restricted, what's the consequence to the data controllers (ICANN and the contracted parties) who implement this revised model? more
The European Commission recently released technical input on ICANN's proposed GDPR-compliant WHOIS models that underscores the GDPR's "Accuracy" principle - making clear that reasonable steps should be taken to ensure the accuracy of any personal data obtained for WHOIS databases and that ICANN should be sure to incorporate this requirement in whatever model it adopts. Contracted parties concerned with GDPR compliance should take note. more
There is an urgent need to clarify the GDPR's territorial scope. Of the many changes the GDPR will usher in this May, the expansion of EU privacy law's territorial scope is one of the most important. The GDPR provides for broad application of its provisions both within the EU and globally. But the fact that the GDPR has a broad territorial scope does not mean that every company, or all data processing activities, are subject to it. more
There is growing concern about how ICANN will comply with the EU General Data Protection Regulation (GDPR), whose enforcement sanctions come into force in May of 2018. How will ICANN comply with GDPR without unduly restricting global Internet users' access to the public WHOIS database? For nearly the past 20 years, Internet users, businesses, law enforcement and consumer protection agencies have relied on WHOIS as a necessary resource. more
A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN" citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement... more
On 11 December 2017, about 25 participants from Europe and the US attended the public consultation for the brand new GDPR Domain Industry Playbook by eco (Association of the Internet Industry, based in Germany) at the representation of the German federal state Lower Saxony to the European Union in Brussels. The General Data Protection Regulation (GDPR) poses a challenge for the Registries, Registrars, Resellers and ICANN. more
Steeped deep in discussions around the European Union's General Data Protection Regulation (GDPR) for the past several months, it has occurred to me that I've been answering the same question for over a decade: "What happens if WHOIS data is not accessible?" One of the answers has been and remains the same: People will likely sue and serve a lot of subpoenas. This may seem extreme, and some will write this off as mere hyperbole, but the truth is that the need for WHOIS data to address domain name matters will not disappear. more
There are thousands of sites and services on the 'net that offer domain name whois lookup services. As of last night, many of them may have stopped working. Why? Many of them rely on fairly rudimentary software that parses the whois from Verisign (for .com and .net) and then relays the query to the registrar whois. The site or service then displays the whois output from the registrar's whois server to you. more
The information in WHOIS database is very important to Law Enforcement Agencies, Intellectual Property Owners, and all Internet Users in general, who use this data to locate/contact domain name owners for various purposes including but not limited to enforcing laws or addressing grievances related to cybercrime and other cases of DNS abuse like Spam, Phishing, Malware etc. However, Privacy and Proxy Services are also available for many Top Level Domain Registries... more
In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more
A World-Renowned Source for Internet Developments. Serving Since 2002.