Home / Blogs

WHOIS Detractors and Advocates: Today's Viewpoints Post-GDPR

Jonathan Zhang

Opposing parties continue to debate whether WHOIS should stay after the General Data Protection Regulation (GDPR) took effect across the EU in May 2018. While the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees WHOIS, is looking for ways to be GDPR compliant, experts from various fields are contemplating the problems pointed out by officials.

In this article let's take a closer look at the stakeholders involved in the discussion regarding the future of WHOIS and the issues that get them busy these days.

Officials and GDPR Specialists

Detractors

The GDPR authorities presented different arguments against WHOIS. One is ICANN's proposed accreditation model that suggests tiered access to data should be granted only to specific user types and purposes. Officials were concerned that such access would be biased towards certain groups such as intellectual property holders while other relevant parties might be ignored.

Detractors also mention that, at the moment, the processing and protection of sensitive details are ambiguous and require more concrete solutions to comply with GDPR.

Promoters

Meanwhile, on the opposite side of the barricade, advocates are asserting how turning down WHOIS might backfire to compromise people's security. For example, domain registrars could have incentives to make the records inaccessible, which subsequently might impede investigative activities and security initiatives.

On top of that, promoters point out how even inaccurate WHOIS data are considered relevant to investigations, as experts can trace and connect them to other sources of information.

Cybersecurity Community

Detractors

Critics say registrants' data utilized by businesses is not a good indicator of security, as details extracted by companies might be exploited for the wrong reasons. That is why they call for ICANN to manage priorities well to improve cybersecurity in the next years.

Furthermore, there are already proposals on WHOIS' replacement, for instance, by the Registration Data Access Protocol. Experts say RDAP, which is a more standardized version of WHOIS, might address WHOIS-related concerns more smoothly, including security cases. However, RDAP is not yet complete to answer issues around legal enforcement or comprehensiveness to name a few.

Promoters

Many cybersecurity specialists defend WHOIS as an essential protocol to track perpetrators across registrars and networks and insist that abolishing it is a short-sighted decision. The fact is that cybercriminals often reuse registration details for multiple domains to save costs, so tracing contacts' similarities is an efficient way to reveal malicious activities.

On top of that, restricting access to WHOIS records could also significantly hurt those professionals who fight against domain squatting and infringement.

Businesses' Opinion

Detractors

Business stakeholders discuss the other side of anonymity, as many consider privacy as one valuable criterion during registration. Detractors stress that, if all domain owners are obliged to display their details, harassment would be more likely. Therefore one determinant of WHOIS fate in terms of legal approval is ICANN's capability to realize proper due processes when acquiring companies' sensitive information.

Meanwhile, registrars are not keen on the idea of total transparency either, but for their own reasons. They advise users that publishing ownership data can attract spammers and scammers and want to offer privacy options to registrants for added fees.

Promoters

Businessmen in favor of the protocol claim how it caters to the legitimate interests of stakeholders. For instance, certain marketing and security research efforts often rely upon the interconnectedness of data that WHOIS databases provide. They also highlight the value of domain records in decision-making processes notably to verify entities and protect brands.

As months go, it seems that the business sector will be carefully eyeing how much WHOIS will be preserved to aid diverse industries.

* * *

WHOIS is not perfect, and opponents refer to many relevant issues. However, it's important to keep in mind the protocol's comprehensiveness and decentralized nature for parties to come up with the best solution regarding its future.

By Jonathan Zhang, Founder and CEO of Threat Intelligence Platform
Follow CircleID on
Related topics: Domain Names, Whois
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias