Will GDPR Kill WHOIS?

Slashdot reader monkeyzoo shares the Register's report on a disturbing letter sent to ICANN: Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force... ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number. ICANN has already acknowledged it has no chance of doing so... The company warns that without being granted a special temporary exemption from the law, the system will fracture. ["Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law," ICANN warns.]
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."

Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."

registrars' license to print money has expired.

i wonder if icann was getting kickbacks from godaddy and the like from 'private' registration fees.. and that was the reason for them dragging their feet here.. eu's new requirements all but kills that 'little' side business and profit center.

Re:And phone books?

[arth1]

You already have a right to not be listed in the phone book.
What probably will change is that phone companies no longer can charge extra for this, and other 3rd party phone book providers (most of which are scammers) will have a much harder time operating.

LOL

[matushorvath]

We have been working on getting our software GDPR compliant for past 6 months, with a huge effort in both analysis and development. And these guys think they will just shrug it of by waiting until the deadline and then writing a letter to the point of "we can just ignore this, right?" I literally LOLed.

That said, GDPR is complete nonsense, nobody will be fully compliant, and EU will not be able to punish everyone who is not compliant and will either have to ignore its own rules or amend them very soon.

Re:and GDPR is?

[Khyber]

"The summary published actually doesn't contain anything I submitted, nor did I submit anything that it contains."

I think it's about time a lawyer got involved because the editorialization has gone beyond anything reasonable. This literally amounts to them using your idea, your story, but literally everything stated is put into your mouth as if you had actually said it when you did not, ever.

Especially when the comments and such are supposed to be owned by the poster, which means they could've said some actionable and libelous shit, and been "That's how he submitted it." Now your ass is on the hook for their editorialization, which contains none of your original content.

No, this runs too close to being akin to identity theft in my book, and really msmash and anyone else on /. staff should probably consult with their lawyers on the legalities of what I just discussed, because this is serious. And they should probably make a full-out pinned story/apology for such bullshit.

Re:Probably not kill

[Antique+Geekmeister]

Please allow me to disagree. The "free mailing list for spammers" is for data that is typically already accessible by many other means, all of which are already in use by spammers.

Also note that most domains are not legitimate. Most are owned by domain squatters. In particular, they are owned by Network Solutions, which pre-registers all unused domains that are looked up from their servers, including their "whois" services and held hostage to prevent the people who sought the domain from registering it anywhere but through Network Solutions. The practice is sometimes known as "domain frontrunning", but I would certainly qualify it as cyber squatting. Network Solutions, and the domain registrars for the more than 1000 current top level domains, can do this without paying any fees for the 4-day holding period.

Other sources of fraudulent domains, eased by current policies, are fomain squatting for fraud. It's been useful to be forced to provide valid contact information, since a business owner can be contacted and served with a court order to cease operations, and a fraud can be reported for fraudulent contact information and get their domain canceled. It's also been useful to contact domain owners to notify them of network or service difficulties that are otherwise difficult to report: "send me email" or "go to the website" does not work when the site's DNS service has failed for any reason, or web servers are down. I've certainly used it that way and it's been invaluable to reach business partners in the middle of the night, when even their own alert system is disabled by a network issue.

Re:and GDPR is?

[SuricouRaven]

Whois is a relic of the early days of the internet, when things were small and simple, and most conflicts were resolved engineer-to-engineer with a phone call or an email. The contact information was there to allow this sort of communication - often in the form of 'logging hack attempts from your server, someone probably compromised it' or 'Fix your bloody BGP announcements!' There was no point involving anyone else - the rest of the company barely understood what a computer did.

That was before there were millions of dollars at stake and lawsuits were commonplace. These days any large company is going to want all inter-company communications to go through customer services coming in and legal going out. They certainly won't want their engineers trying to directly contact the engineers of another company. Engineers tend to be distressingly honest at times, and what they see as a harmless explanation, a lawyer might see as an admission of error that can be used in a lawsuit.