Opposing parties continue to debate whether WHOIS should stay after the General Data Protection Regulation (GDPR) took effect across the EU in May 2018. While the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees WHOIS, is looking for ways to be GDPR compliant, experts from various fields are contemplating the problems pointed out by officials.
In this article let's take a closer look at the stakeholders involved in the discussion regarding the future of WHOIS and the issues that get them busy these days.
Officials and GDPR Specialists
The GDPR authorities presented different arguments against WHOIS. One is ICANN's proposed accreditation model that suggests tiered access to data should be granted only to specific user types and purposes. Officials were concerned that such access would be biased towards certain groups such as intellectual property holders while other relevant parties might be ignored.
Detractors also mention that, at the moment, the processing and protection of sensitive details are ambiguous and require more concrete solutions to comply with GDPR.
Meanwhile, on the opposite side of the barricade, advocates are asserting how turning down WHOIS might backfire to compromise people's security. For example, domain registrars could have incentives to make the records inaccessible, which subsequently might impede investigative activities and security initiatives.
On top of that, promoters point out how even inaccurate WHOIS data are considered relevant to investigations, as experts can trace and connect them to other sources of information.
Critics say registrants' data utilized by businesses is not a good indicator of security, as details extracted by companies might be exploited for the wrong reasons. That is why they call for ICANN to manage priorities well to improve cybersecurity in the next years.
Furthermore, there are already proposals on WHOIS' replacement, for instance, by the Registration Data Access Protocol. Experts say RDAP, which is a more standardized version of WHOIS, might address WHOIS-related concerns more smoothly, including security cases. However, RDAP is not yet complete to answer issues around legal enforcement or comprehensiveness to name a few.
Many cybersecurity specialists defend WHOIS as an essential protocol to track perpetrators across registrars and networks and insist that abolishing it is a short-sighted decision. The fact is that cybercriminals often reuse registration details for multiple domains to save costs, so tracing contacts' similarities is an efficient way to reveal malicious activities.
On top of that, restricting access to WHOIS records could also significantly hurt those professionals who fight against domain squatting and infringement.
Business stakeholders discuss the other side of anonymity, as many consider privacy as one valuable criterion during registration. Detractors stress that, if all domain owners are obliged to display their details, harassment would be more likely. Therefore one determinant of WHOIS fate in terms of legal approval is ICANN's capability to realize proper due processes when acquiring companies' sensitive information.
Meanwhile, registrars are not keen on the idea of total transparency either, but for their own reasons. They advise users that publishing ownership data can attract spammers and scammers and want to offer privacy options to registrants for added fees.
Businessmen in favor of the protocol claim how it caters to the legitimate interests of stakeholders. For instance, certain marketing and security research efforts often rely upon the interconnectedness of data that WHOIS databases provide. They also highlight the value of domain records in decision-making processes notably to verify entities and protect brands.
As months go, it seems that the business sector will be carefully eyeing how much WHOIS will be preserved to aid diverse industries.
WHOIS is not perfect, and opponents refer to many relevant issues. However, it's important to keep in mind the protocol's comprehensiveness and decentralized nature for parties to come up with the best solution regarding its future.