Will GDPR Kill WHOIS? (theregister.co.uk)
Slashdot reader monkeyzoo shares the Register's report on a disturbing letter sent to ICANN:
Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force... ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number. ICANN has already acknowledged it has no chance of doing so... The company warns that without being granted a special temporary exemption from the law, the system will fracture. ["Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law," ICANN warns.]
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."
Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."
Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."
Please allow me to disagree. The "free mailing list for spammers" is for data that is typically already accessible by many other means, all of which are already in use by spammers.
Also note that most domains are not legitimate. Most are owned by domain squatters. In particular, they are owned by Network Solutions, which pre-registers all unused domains that are looked up from their servers, including their "whois" services and held hostage to prevent the people who sought the domain from registering it anywhere but through Network Solutions. The practice is sometimes known as "domain frontrunning", but I would certainly qualify it as cyber squatting. Network Solutions, and the domain registrars for the more than 1000 current top level domains, can do this without paying any fees for the 4-day holding period.
Other sources of fraudulent domains, eased by current policies, are fomain squatting for fraud. It's been useful to be forced to provide valid contact information, since a business owner can be contacted and served with a court order to cease operations, and a fraud can be reported for fraudulent contact information and get their domain canceled. It's also been useful to contact domain owners to notify them of network or service difficulties that are otherwise difficult to report: "send me email" or "go to the website" does not work when the site's DNS service has failed for any reason, or web servers are down. I've certainly used it that way and it's been invaluable to reach business partners in the middle of the night, when even their own alert system is disabled by a network issue.