How Cryptography Can Solve the GDPR and WHOIS Database Crisis

The WHOIS database is an open record of the individuals or organizations that own a registered domain name. GDPR was enforced by the European Union on May 25th, 2018 with the intention of protecting the confidentiality of its citizens. This new set of regulations conflict directly with WHOIS and threatens the removal of this system. Some people suggest that cryptographic methods could be an effective solution to this crisis.

The Use and Deficiencies of WHOIS

The data contained within the WHOIS database includes contact information that is accessible to the public. This information cannot be used for commercial purposes. Instead, it is meant to be used for checking the availability of domain names, combatting spam and fraud, and addressing technical issues. WHOIS is also an invaluable source for identifying and removing malicious domains. However, third parties often use the contact information found on WHOIS to spam domain owners with marketing attempts, which can be bothersome and even risky when it comes to identity theft.

An Overview of Cryptography

Simply put, cryptography is a method of protecting information through the use of codes. It relies on mathematical algorithms called ciphers that encrypt the original plaintext by scrambling it into a cipher text. This new encrypted text can then be decrypted to retrieve the original information.

This method ensures that only the intended recipient of the information can interpret it and that both the sender and the receiver know each other’s identity. This protects the privacy of the information from unwanted third parties and makes everyone involved, including the receiver of the information, accountable for what they do with the data.

Common Crypto Solution Methods

It is apparent how useful cryptography can be when protecting the privacy of individuals or organizations online. There are several methods commonly used for this purpose:

• Secret key cryptographic methods involve both parties using the same agreed-upon key to encrypt and decrypt the message.
• Public key cryptographic methods use two different keys for the encryption and decryption processes.
• The cryptographic hash function takes the original plaintext and turns into a chain of alphabetic characters referred to as the hash value.

How Cryptography Can Benefit WHOIS

Cryptography, could allow WHOIS to exist under the new regulations in place by addressing some of the issues with the system. First, each registry would need to make a private key for themselves. Then this key would be added to the personal data such as addresses and contact information. Rather than making personal contact information openly available for all to see, WHOIS can instead take this information and the generated private key to create hash values which will be accessible to the public. This can also make identifying multiple abusive domains by the same registrant easier since they would likely be under the same private key.

A Safe Solution

While increased privacy is certainly a benefit of GDPR for domain owners, the removal of the WHOIS system will also affect research and security tasks as well as may result in a more dangerous internet for users as malicious domains are harder to identify and block. Cryptography can potentially make WHOIS a safer system for domain owners in the face of these new regulations.