Could the WHOIS Database Be Used To Find Intruders After GDPR

WHOIS and What It Does

WHOIS is a database of registrars maintained by ICANN for the purpose of identifying applicants for gTLD’d (generic Top Level Domains). WHOIS can be used by professionals as well as members of the public who want to search for individuals or enterprises that have intruded on personal data, infringed copyright, or performed any other illegal activity.

The latest implementation was made effective on April 17, 2017. With that implementation there were several updates to the policy to facilitate finding intruders through WHOIS.

With the implementation of the European GDPR, ICANN has had to conduct massive research into being able to comply with their standards and still assure that legitimate enforcement agencies will be able to find intruders through the WHOIS database.

The GDPR – What Is It and How Does It Effect WHOIS?

Europe’s GDPR vs. WHOIS

This is a European privacy policy that was approved on April 14, 2016. It essentially states that all personal data should be protected from everyone.

This, of course, is in direct conflict with the policy of ICANN and the WHOIS database function. As of May 2018, it came into effect, creating one set of rules for all businesses wherever they may be based.

That would include businesses in countries that like the United States where a European business would have to abide by the US law.

In response to it coming into effect, on May 17, 2018 the ICANN Board of Directors adopted the Temporary Specifications for gTLD Registration Data that ensures a common framework for handling registration data for WHOIS.

The aim of the resolution is to ensure availability to WHOIS while maintaining the security and stability of the internet’s systems of identifiers.

What Comes Next For WHOIS?

The Future of Finding Intruders Through WHOIS

As of now, under the Temporary Specifications for gTLD Registration Data resolution, full information will still be collected by the registrar when a domain name is purchased. However, the WHOIS database information that is available to the public will show the registrant’s name only to organizations and not individuals.

Instead of the physical address, the public database will only show the State, or Province and Country. Also, instead of the registrant’s actual email address, an anonymous email address will be displayed for the registrant to be contacted if need be.

With these changes, it will make it more difficult to fight intruders. Without a physical address, it will be much more difficult to locate the intruder and the intruder may just simply ignore any emails sent to the provided email address, knowing the IP owner will have a very hard time finding them.

ICANN is continuing its work and research, liaising with their European counterparts to find the best route forward for all parties involved. Privacy in today’s world is a valuable commodity, one worth fighting for.