Published
June 08, 2023
What’s happening: The Policy Forum for the Internet Corporation for Assigned Names and Numbers (ICANN) is scheduled to take place during the week of June 12, 2023, with the captive WHOIS database being a prominent topic on the agenda.
Who is WHOIS?
"WHOIS" is not an acronym but a shorthand for "Who is responsible for this domain name?" The WHOIS database functions as a publicly accessible directory that houses the registration details of websites. This includes information such as ownership, contact details, and registration dates. It is a valuable resource for identifying and connecting with the owners of specific domain names or websites.
Role in crime fighting: The WHOIS database has been vital in internet system administration since domain names were introduced. While practical, it’s also valuable in combating online abuses like IP infringement, phishing, impersonation, counterfeiting, and child sexual exploitation. However, since 2018, public access to information has significantly decreased.
- What’s more: WHOIS plays a crucial role in identifying online perpetrators and enables effective enforcement against fraudulent campaigns. This approach provides a scalable and efficient means to combat malicious activities aimed at US online consumers. However, access to valuable public data has been restricted, and WHOIS faces ongoing challenges.
Under threat
Access to WHOIS data has been threatened by registries and registrars associated with ICANN throughout the history of the internet. However, implementing the European Union's (EU) General Data Protection Regulation (GDPR) in 2018 provided a legal basis for these threats to have a global impact. Consequently, malicious entities know that a valuable investigative tool has been eliminated, making it more challenging for authorities to hold them responsible for abusive domain name registrations and related illegal activities.
Path forward
Fortunately, there are practical approaches to tackle and reduce the adverse effects of an inaccessible WHOIS database. Although ICANN recognized its limitations in resolving the problem, the EU adopted the Network and Information Security (NIS2) Directive. This directive mandates that registries and registrars collect detailed information, known as "thick WHOIS," and provide free access to accurate WHOIS data. Despite these advancements, ICANN must update its WHOIS policy to align with NIS2, as contracted parties argue against necessary changes. Nevertheless, all EU member states will implement NIS2 by October 2024.
What’s at stake
The negative consequences of such an outcome are clear, and it could set an unfavorable precedent both within the U.S. and globally.
- Losing an essential crime fighting tool: WHOIS has played a vital role in combating online crime since the inception of the domain name system in the 1980s. It serves as a crucial resource for law enforcement, cybersecurity investigators, and other authorities, enabling the identification and tracking of criminals. The U.S. Chamber of Commerce has long supported an open and accessible WHOIS database, recognizing its importance in maintaining a secure and trustworthy domain name system (DNS) since 1998. However, with the introduction of GDPR in 2018, concerns were raised regarding the potential negative impact on WHOIS. As predicted, the lack of WHOIS availability has contributed to increased DNS abuse. In 2022, the Anti-Phishing Working Group reported a record-breaking number of phishing attacks, surpassing 4.7 million incidents. These attacks have grown over 150% annually since 2019, highlighting a significant and urgent threat.
- .U.S. WHOIS records are also under potential risk: While registration data for widely used top-level domains like .COM or newer extensions is now harder to access, the .US country code remains a dependable source for such information—however, the availability of registration data for the .US domain is under threat due to a proposal from the National Telecommunications and Information Administration (NTIA). The proposal, which recently closed for comment, seeks to restrict access to WHOIS records in the name of privacy protection. This decision could compromise consumer privacy and U.S. cybersecurity by limiting access to essential registration data.
What about "Web 3.0" domain names?
"Web 3.0" domains are emerging as decentralized alternatives to ICANN-controlled extensions. Operating on blockchain technology, these domains operate independently from ICANN's root server system. While the potential of this technology is promising, it needs effective governance measures. These domains lack associated registration data and mechanisms to handle cybersquatting issues, such as ICANN's Uniform Dispute Resolution Procedure (UDRP).
- Further cause for concern: Extensions like .CORPORATION and .ECONOMY are susceptible to abuse, highlighting the need for better control and oversight. ICANN lacks the authority to address these concerns. Currently, these extensions are only accessible via a specialized browser. However, businesses must closely monitor this emerging online naming segment to prevent the same harms associated with conventional domain names.
What can companies do today?
For businesses with an online presence, whether a simple website or a full-fledged e-commerce platform, expressing concerns about WHOIS policy is crucial. While privacy advocates calling for an inaccessible WHOIS database may have good intentions, their actions have led to unintended consequences. This approach hampers investigations into threat actors, allowing them to engage in criminal activities while leaving consumers with limited recourse. Europe acknowledged this unintended consequence and emphasized the need for an accessible WHOIS system for law enforcement, child protection, and cybersecurity. The United States should likewise recognize this and prevent further erosion of WHOIS access.
Read More
About the authors
Patrick Kilbride
Kilbride is senior vice president of the Global Innovation Policy Center (GIPC).
