Home / Industry

The High Cost Of Privacy In A Post-GDPR World

It has officially been over a year since the European Union's General Data Protection Regulation (GDPR) took effect and in that time, we've come to see both the benefits, and the very serious drawbacks of this program. While the implementation of GDPR has been heralded by privacy advocates as a major step forward in keeping the personal information of individuals safe, it has also had the unintended consequence of making it easier for individuals and/or entities with less than honorable intentions to effectively disappear online.

The WHOIS database, the formerly public registry of web domains that contained information about every registered domain including the registrant's name and basic contact information, has been effectively rendered useless, with the information now largely redacted by domain name registrars. Methods for requesting obtaining that information is now unique to each registrar and even then, registrars are free to decide whether or not they want to comply with that request.

And within this void of unaccountability cybercriminals are exploiting this privacy loophole, as they now may launch malicious domains with anonymity. As a result, security researchers and law enforcement are finding that it's now exponentially harder to do their jobs keeping the web safe. See EU Laws May be Hampering Pursuit of Terrorists.

Other groups facing similar problems with criminals utilizing this privacy loophole include consumer protection agencies, child advocacy groups, anti-human trafficking organizations, intellectual property rights holders and brand protection agencies, to name just a few.

IBM X-Force Threat Intelligence Research recently released a report which shows just how much of an impact GDPR is having when it comes to utilizing traditional WHOIS information for the tracking and blocking of malicious domains and other nefarious web based activities.

Comparing recent enforcement data to pre-ICANN policy changes enforcement data reveals stark statistics about the risks faced by consumers in a post-GDPR world. Prior to the implementation of GDPR, security researchers were able to identify and block 1.8 million newly registered malicious domains in October of 2017 alone. Fast forward to February of 2019 and that number drops to less than 160,000. That means that effective enforcement efforts utilizing WHOIS information is now just 9%, leaving a staggering 91% of potentially malicious domains and the sites to which they link up and running, and the criminals who run them, unhindered.

While there is no question there is a need to keep the private information of the public safe, it is clear that the GDPR as it applies to public safety should be re-evaluated. Cybercrime is a $600 billion a year business, and with GDPR making it easier for criminals to thrive with relative impunity, that number is only going to increase.

Completely eliminating GDPR and returning the WHOIS database originally public status is not the answer, which is why the need to establish regulated access for individuals involved in cybersecurity, law enforcement and web safety and security should be thoroughly explored.

For those who need to access the WHOIS database, AppDetex offers their WHOIS Requestor System (AWRS). Developed for and used by customers to obtain non-public WHOIS data, AppDetex sends customer verified, non-public WHOIS data requests for cybersecurity, consumer protection and IP enforcement activities to ICANN-accredited registrars.

Until a satisfactory compromise can be achieved, online crime will continue to thrive, making it obvious that the price of online privacy is apparently safety and security.

By Appdetex, Global Brand Protection Leader – Appdetex solves business problems related to digital risks. With deep roots in intellectual property law and applying technical innovation to securing brands, Appdetex is dedicated to the success of brand protection and security professionals and serves the world's most-trusted financial institutions, media platforms and top-of-the-charts gaming and software companies. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byIPv4.Global

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex