ICANN’s WHOIS Website Refused GDPR Extension

The US body that supervises the administration of domain names and the owner of the WHOIS website, has been denied an extension to comply to the GDPR.

Internet Corporation for Assigned Names and Numbers (ICANN) said the move will hamper law enforcement, journalism and cybersecurity services worldwide, since the WHOIS website is used by these three industries to check the legitimacy of websites links.

Earlier this month the body acknowledged that it would not be possible to obtain a one-year exemption from fines under the EU’s General Data Protection Regulation (GDPR).

GDPR conflict

WHOIS displays contact information for people and organisations that have registered domain names, but the way it operates is illegal under the GDPR, and could expose registrars and registries to crippling fines.

ICANN’s board met in Vancouver, Canada, earlier this month, and soon after the organisation published a revised version of its temporary specification for allowing registrars and registries to operate without conflicting with EU data protection regulations.

But the plan has not been approved by EU regulators, and the US government, which wants information such as email addresses to continue being displayed, has not given it the nod either.

And then last week ICANN filed a lawsuit against a domain name registrar in Germany, in an effort to clarify how the new GDPR should be interpreted.

ICANN filed the legal action against EPAG on 25 May, the same day as GDPR came into force.

Too slow

But at least one security expert believes that ICANN was far too slow to recognise the impact GDPR would have on its service.

“The public removal of personal information from WHOIS, the system used to store the registered users of website domains, undoubtedly makes life for security and law enforcement agencies much harder,” explained Andy Kays, CTO at Redscan, a UK-based cybersecurity services company.

“Whether fake or not, the information stated on WHOIS, can be invaluable for helping to trace and track the individuals behind attacks such as phishing and spamming,” Kays added.

“An accreditation scheme, that would vet access to personal data in WHOIS records for special interest groups such as the police, security researchers and journalists, would certainly be very welcome and help to address concerns,” he said, before lamenting ICANN’s poor preparation for GDPR.

“Planning to implement such a vetting system should have started years ago but by only recently attempting to outline its proposals, ICANN shows that it has been too slow to react to the global impact of the GDPR,” Kays said.

Can you protect your privacy online? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

15 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

17 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

19 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

1 day ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago