Icann, the owner of the WHOIS website, revealed today that it was denied an extension to comply to GDPR, arguing that this will hamper law enforcement, journalism and cybersecurity services worldwide, since the site is used to check the legitimacy of websites link. Please see below for expert comments in response from Andy Kays, CTO at threat detection and response specialist, Redscan, a UK-based cybersecurity services company. Andy argues that while this move will have a severe negative impact on cybersecurity firms, but also that Icann was far too slow to recognise the impact GDPR would have on its service.
Andy Kays, CTO at Redscan:
“The public removal of personal information from WHOIS, the system used to store the registered users of website domains, undoubtedly makes life for security and law enforcement agencies much harder. Whether fake or not, the information stated on WHOIS, can be invaluable for helping to trace and track the individuals behind attacks such as phishing and spamming.”
“An accreditation scheme, that would vet access to personal data in WHOIS records for special interest groups such as the police, security researchers and journalists, would certainly be very welcome and help to address concerns. Planning to implement such a vetting system should have started years ago but by only recently attempting to outline its proposals, ICANN shows that it has been too slow to react to the global impact of the GDPR.”