Dot Gone! The end of the road for Whois

It’s the end of the road – and the end of an era – for the Whois service as its US-based parent ICANN fails to find a solution to continue the service that isn’t a breach of the General Data Protection Regulation (GDPR).

According to its Wikipedia entry, Whois is a ‘query and response protocol that’s widely used for querying databases that store the registered users or assignees of anInternet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.’

The Whois system publishes the name, address and telephone number of everyone that registers an internet address without any data privacy notice or prior consent of the data subject when sharing their personal information with the rest of the world.

Some companies made money by offering to mask this personal data for a fee. All of this is now in breach of the GDPR and although several attempts were made by ICANN to ameliorate the European Commission to show that Whois can work under the GDPR, it didn’t work.

Matters came to a head recently when registries under contract with ICANN started rejecting the organisation’s authority with respect to domain names. Predictably, the ICANN legal department whirred into action sending out warning letters alleging breach of contract.

In response, the registries claimed that those contractual provisions were void because they infringed European data protection and privacy law and therefore were unenforceable within the EU.

In February this year, ICANN was struggling to come up with a GDPR compliance modelbut nothing to date has been acceptable to the European Commission. In March, there was a further attempt to rescue Whois from oblivion but this didn’t appear to have worked either according to these minutes.

“Given the level of abstraction of the models, it is difficult to assess the scope and impacts of the proposed approaches,” observed Roberto Viola, director general of technology and communications at the European Commission.

The result is a question mark over how the massively expensive internet addressing system will work in the post-GDPR landscape across the European Union in 23 days’ time?

According to many commentators, there’s no alternative but the service being closed in order to avoid fines and possible lawsuits under the GDPR. That could leave law enforcement and intellectual property lawyers, among others, unable to access registrant details and potentially open the door for cybercriminals to carry out scamming offences, pretending to be Whois to unsuspecting registrants.

According to the Register, ICANN’s failure to come up with a plan despite the adoption of the GDPR back in April 2016 and despite more than a decade’s worth of correspondence with Article 29 Data Protection Working Party warning it about how Whois wasn’t compatible with European law is an indication of just how US-centric ICANN is and how it’s floundering to come up with an acceptable solution for the European Commission.

And it’s also a sign of how the ICANN’s bureaucratic culture has made it dangerously ineffective at developing new internet policies – leading to the failure of Whois as a service with a future.

To pre-order your copy of the GDPR Handbook, published globally on 3 June by Kogan Page, click here

Leave a reply