Redl says U.S. government continues to fight for access to Whois information.
This morning at the Internet Governance Forum in Washington, D.C., NTIA Assistant Secretary David Redl spoke about the impact of the EU’s GDPR on Whois.
He said the lack of public Whois is an “unmitigated victory for the spammers and scammers that plague consumers and businesses” and that the U.S. government is working with the European Data Protection Board and other groups to address it.
Here are his full comments about GDPR and Whois:
The most pressing issue facing ICANN right now is updating the WHOIS service in light of the European General Data Protection Regulation, or “GDPR.” The WHOIS is a service that, prior the GDPR’s effective date in May, provided public access to domain name registration information, including contact information for the entity or person registering the domain name.
This WHOIS information is a critical tool that helps keep people accountable for what they put online. Law enforcement uses WHOIS to shut down criminal enterprises and malicious websites. Cybersecurity researchers use it to track bad actors. And it is a first line in the defense of intellectual property.
Unfortunately, European authorities have indicated that the collection and public provision of domain name registration data violates the GDPR. Because of this, as of late May, domain name registries and registrars have stopped providing important domain name registration information contained in the WHOIS. This is an unmitigated victory for the spammers and scammers that plague consumers and businesses.
NTIA and the highest levels of the U.S. government are engaging with the European Data Protection Board, the European Commission, and European Member States to provide clarity and guidance to the community as it works to facilitate access and accreditation to WHOIS information, which is now private. This access mechanism is critical to meeting the needs of law enforcement, cybersecurity, and rights protection. NTIA will take a lead role in the process to develop this access mechanism and will fight hard for the important governmental and commercial equities in the WHOIS service.
Typical totalcontroller’s scaremongering. As if “spammers and scammers” were unable to purchase whois privacy before. (IF they used their own info anyway)
While they could use Whois privacy or fake info before, in practice Whois could still be used to connect the dots between domains used by bad actors. There’s a lot of great info about this in this article:
https://krebsonsecurity.com/2018/04/security-trade-offs-in-the-new-eu-privacy-law/
Maybe. What is 100% true is this eliminates spam, robocalls, phishing attempts, fake renewals and fake seo scams based upon existing whois. it also eliminates spammers and scammers ability to use whois services for deep dive data.
I did a whole presentation on this in Panama. This is the untold story.
I’ll take a look at the transcript and presentation
LOL. I’m getting less spam now on the new addresses I’ve used for some registrations.
It will certainly reduce it for domain registrants…but everyone else, not so much
How’s that oversight “transition” looking now, Martha…
you should have included what NTIA stands for and saved us all a google. not everyone is familiar with american government departments.