Buying and selling domain names might be much harder this year.
Major changes are coming to Whois and domain name investors might end up holding the short end of the stick.
The impetus for change came not from the community, but from the European Union and its General Data Protection Regulation (GDPR).
ICANN only belatedly started to address the real challenges of this law that will fine companies for disclosing personal information (among many other possible infractions).
The law only applies to European residents’ personal data. But changes to Whois will likely be enacted across the board rather than with precision.
As of right now, it seems that the likely model will be to obscure all Whois data across the globe, not just for individuals in the EU. There will be some sort of gating in which people can request full Whois data.
You can expect law enforcement, intellectual property interests and security firms to get access. They have the deepest pockets or the most influence to push for this access.
What exactly qualifies as an IP interest or security researcher is still up in the air and might require accreditation. Do I qualify as a security researcher when I use Whois history to connect the dots between domains being used for bad activities?
Domain investors don’t have much of a seat at the table. Even though domain investors fund much of ICANN’s budget (which is currently under pressure), domain investors don’t pay the money directly. They pay it to the companies that pay ICANN.
Among the problems domain investors will face from obscured Whois data are:
- Using historical Whois to verify valid ownership of domains before buying them
- Using current Whois info to verify ownership
- Using historical Whois to help recover stolen domains
- Using reverse Whois to understand domain portfolios they are purchasing
- Viewing single Whois records to make purchase inquiries
There are some limited workarounds to these. For example, an obscured Whois record might have a forwarding email address. But any veteran domain investor will tell you that a phone call is often required to connect with someone about selling a domain.
The Whois changes could throw a massive wrinkle in the domain name aftermarket, reducing the ease with which domains are sold and transferred.
All of these details might be resolved in the long run. But the deadline for GDPR compliance is in just two months. And if Whois data looks like this, we’re in trouble.