'Unintended Consequences': Post-GDPR Whois Access ProblemsCiting Privacy Law, Registrars Cease Sharing Whois Data, Says Kroll's Alan Brill
Who is responsible for a domain name or an IP address? Answering that question is the job of internet registrars, who require anyone who registers a top-level domain name to share their name, email address and phone number, plus administrative and technical contacts.
This "whois data" is an essential tool for investigators battling cybercrime, fraud and nation-state attacks. "As you can imagine, when you're doing an investigation - whether you're a corporate investigator or a law enforcement investigator - that's kind of useful information," says Alan Brill, senior managing director in the cyber risk practice at the consultancy Kroll.
Uunfortunately, he says, access to this whois data has been complicated by the "law of unintended consequences" since the EU General Data Protection Regulation came into effect in 2017. Since then, many registrars who sell domain names now treat all whois information as being covered the EU privacy law, and no longer share it publicly.
"Now, you get virtually no information when you go into whois for a dot-com or dot-org, and that's a problem," Brill says. "In fact, the Coalition for a Secure and Transparent Internet did a survey, and they found that over 70% of the investigations that were being carried out relating to cyber were being negatively impacted by this change and … frankly, there's not a lot being done to remedy this situation."
In this video interview with Information Security Media Group, Brill also discusses:
- The history and uses of whois, and how registrars' approach has changed since GDPR came into effect;
- The need for better coordination between the registrar community, ICANN and numerous governments;
- How organizations participating in the Coalition for Secure and Transparent Internet are attempting to once again make whois data more accessible.
Brill is a senior managing director with Kroll's cyber risk practice. As the founder of Kroll's global high-tech investigations practice, he has led engagements that range from large-scale reviews of information security and cyber incidents for multibillion-dollar corporations to criminal investigations of computer intrusions.