Slashdot Mirror
Will GDPR Kill WHOIS? (theregister.co.uk)
Slashdot reader monkeyzoo shares the Register's report on a disturbing letter sent to ICANN:
Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force... ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number. ICANN has already acknowledged it has no chance of doing so... The company warns that without being granted a special temporary exemption from the law, the system will fracture. ["Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law," ICANN warns.]
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."
Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."
Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."
But it may make it change into the need to access the registrar to get further information whenever needed.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
i wonder if icann was getting kickbacks from godaddy and the like from 'private' registration fees.. and that was the reason for them dragging their feet here.. eu's new requirements all but kills that 'little' side business and profit center.
Swedens domain .se does not show who owns a domain. If more info is needed you have to ask the register.
Another good example is the UK registry of limited companies. Here are the names of the directors of Tesco (a large supermarket) for all to see. How does that differ from whois ?
The summary does not mention that ICANN has had years to prepare and has done nothing. This is an ICANN screwup, plain and simple.
We may not need all the fields in the WHOIS record but there are many that are currently needed for the internet to function. I find it bizarre that the EU's data protection advisory group doesn't understand this and wouldn't create some sort of temporary provision to allow ICANN time to adjust. Their response seemed very arrogant.
their weight around and they couldn't.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Well, this is one in a long line of people applying for exemptions to laws because they are special. The usual answer is, no, you are not special. It isn't for the administrative apparatus to get rid of the law it administers, it is for the political body responsible for the measure to pass a corrective measure.
Presumably one would have to contact domain name holders through their registrars without knowing who the registrant is. The system is not transparent, but it is private.
I don't see major privacy implications. You can easily put a throwaway email address and a fake mailing address in your contact info, especially if you pay for the domain with a prepaid debit card. No one really cares.
WHOIS is mainly good for the domain owner because:
(1) Someone can contact them if they get hacked and the domain is being used for unsavory purposes like spam or phishing.
(2) People offering to buy the domain can contact them. If you don't want the offer, don't reply.
What's the big deal?
The General Data Protection Regulation is a new set of rules governing the use of personal data in the EU. Among other things, it doesn't allow personal data to be shared without good reason, and ICANN makes names, addresses and other contact details available in the WhoIs database.
These rules have been on the horizon for years. It's not like they were suddenly announced yesterday. ICANN has had a long, long time to find a solution.
In any case, the system has been broken for decades anyway, because a lot of domains are registered behind privacy shield services, where a company registers the domain on behalf of their customer without revealing that person's information.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I don't understand what is wrong with whois. I used to use it all of the time like 30 years ago when I was heavily into internet stuff.
You already have a right to not be listed in the phone book.
What probably will change is that phone companies no longer can charge extra for this, and other 3rd party phone book providers (most of which are scammers) will have a much harder time operating.
No explanation of what the law is, or what provision that ICANN is in violation of... WTF kind of summary is this?
If you don't know how to use google then you probably shouldn't be reading this story.
https://www.cennydd.com/writin...
No sig today...
We have been working on getting our software GDPR compliant for past 6 months, with a huge effort in both analysis and development. And these guys think they will just shrug it of by waiting until the deadline and then writing a letter to the point of "we can just ignore this, right?" I literally LOLed.
That said, GDPR is complete nonsense, nobody will be fully compliant, and EU will not be able to punish everyone who is not compliant and will either have to ignore its own rules or amend them very soon.
It needs to go and has needed to go for over 10 years
Why should we have to pay for "Privacy Guard" as a work around.
I say kill whois and disband ICANN. Surely we can do better than that! Do they actually do anything other than collect money from people registering domains? They have had ages of time and resources to fix things and have done nothing
Maybe it's an individual person who'd prefer not to have their full name, home address and telephone number published for the world to see.
No sig today...
They've been on the horizon, but exactly what form they would take has been unclear. So it's reasonable that ICANN can't.
OTOH, the general tenor of the forthcoming regulation has been clear for a long time, and they should have been aware of the *kind* of change that was being requested. That they didn't stop promiscuously sharing personal information is clear sign that they didn't *want* to comply.
My general feeling is that if ICANN only needed to make detail corrections to a policy that was attempting to comply with what they knew were the desired goals, then the enforcers would probably be more lenient. But since ICANN was stonewalling, they saw not reason to be flexible. Enforcement of laws is almost always discretionary. This is often necessary, and is often used for political suppression, but it's still almost always there. That the EU is saying it's not going to give time to adapt is probably a clear sign that they feel ICANN has been ignoring more gentle requests.
I think we've pushed this "anyone can grow up to be president" thing too far.
the GDPR content has been pretty clear for a very long time, to be precise April 2016. (then it was voted on by the European Parliament).
It has been clear that it will have impact on Companies and services, especially when you deal with personal data.
ICANN has just hoped that the Law will not apply to them - as so many companies that offer Goods and Services in Europe.
Sad for them now. 4% of your global turnover is the punishment. if you have not reacted by now you deserve that.
It was finalized two years ago.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
They've been on the horizon, but exactly what form they would take has been unclear. So it's reasonable that ICANN can't.\
If you'll bother to read the summary you'll see that ICANN has had its hands over its ears and been going "I'm not listening, I'm not listening" for the last couple of years.
The law isn't hard to understand: It simply says "no!" to anybody who thinks personal data is something to be used to make money.
Publishing a database like "whois"? Not allowed.
No sig today...
You can also google these news stories without ever having to visit Slashdot. The reason for coming here is for curated information which fosters discussion. The summary provides the minimum information to understand the nature of the discussion and links to resources containing the fuller details. I would have to agree that this summary has failed to do that. The fact it's possible to work around the summary's deficiencies with a little extra labor does not make those deficiencies non-existent.
What makes more sense -- a million readers having to look up what GDPR is, or one person defining it?
When things get complex, multiply by the complex conjugate.
What does matter is who owns it --who is responsible for content served-- and who to contact in case of technical trouble.
Why? Why is there a need any of that to be public information?
If the content is illegal, tell the police. If the website is down then it's their problem, not yours.
No sig today...
it doesn't allow personal data to be shared without good reason
Whois is a good reason, as service that has a well-defined purpose? If Whois is illegal, then so are the publicly available company and the related tax registries by the same logic.
And they haven't figured out Private Registration?
And found how much extra that costs
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I pay more to hide that information than I pay for the domains, so this sounds like a feature for Europeans to me.
If a person actually wants to post information about a domain online, they can use an "about" or "contact" page. This isn't the 1990s, where a website might be down and the company didn't notice for a week until somebody called the ICANN contact. ;)
ICANN can't "find a solution," there is no solution. They're not supposed to be a decision-making body, they're supposed to be a management body that coordinates maintenance. That makes this the EU's problem; they're the decision-makers who did a thing that contradicts the other thing they don't control.
The real point is that this isn't something ICANN even does; they only handle how the different registrars coordinate to implement and maintain the database. Each registrar is the one actually managing individual entries, not ICANN. They don't even have any sort of authority with which to do anything. That's why ICANN warns that registrars will be implementing varying policies depending on each of their interpretations of the law.
There's nothing wrong with whois,
the data that is in there, is there with a good reason,
No it isn't.
It might have been back when the only people who ran web sites were big corporations but that was 30 years ago.
No sig today...
And they haven't figured out Private Registration?
Maybe they just don't enjoy being extorted to pay extra for what should be the default setting.
This law redresses that, it's a good thing.
No sig today...
No, they made private registration free and obligatory.That messes with the business model of ICANN.
ICANN are just lackys for USA business special interests that make money off marketing data. This is why they can't fix their business. If you would read the article, you would see that they submitted a bunch of letters from business partners as their justification to the EU. The one letter from their "non-commercial" partners that they submitted basically agree with the EU that ICANN needed to fix how they operate.
As the "submitter" I have to agree. The summary published actually doesn't contain anything I submitted, nor did I submit anything that it contains. So I guess they editorialized it extensively, which is fine. But it still bears my name, which is weird.
Importantly, Slashdot's editors failed, IMO, to maintain a key point in this submission, that ICANN has been basically negligent and delusional in ignoring this pending law and failing to take any action in the TWO YEARS since the law was passed. And then at the last minute they asked for a moratorium and said otherwise they won't be able to adhere to the law. If you read the many months worth of coverage that The Register has published on this, it is a mindblowing story of incompetence and irresponsibility by ICANN. (Read the Register link in the OP, and the related articles will guide you.)
Submitted:
In a letter sent to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.
ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number.
ICANN has already acknowledged it has no chance of doing so. The company warns that without being granted a special temporary exemption from the law, the system will fracture, perhaps even resulting in the Whois service being turned off completely while a replacement was developed.
Critics point out that ICANN has largely brought these problems on itself, having ignored official warnings from the Article 29 Working Party for nearly a decade, and only taking the GDPR requirements seriously six months ago when there has been a clear two-year lead time.
European agencies responded and tore ICANN's plan to shreds, pointing out that it needs to be much more precise and to include both compliance and auditing functions. Critically, however, it did not address ICANN's request for a moratorium.
Even the idea of a moratorium appears to have been invented by ICANN. This is no evidence of a similar request from any other industry, and the GDPR is, after all, a globally applicable law that affects everyone.
---
ICANN gives domain souks permission to tell it the answer to Whois privacy law debacle
https://www.theregister.co.uk/...
As GDPR draws close, ICANN suggests 12 conflicting ways to cure domain privacy pains
https://www.theregister.co.uk/...
Whois is dead as Europe hands DNS overlord ICANN its arse
https://www.theregister.co.uk/...
US government weighs in on GDPR-Whois debacle, orders ICANN to go probe GoDaddy
https://www.theregister.co.uk/...
ICANN takes Whois begging bowl to Europe, comes back empty
https://www.theregister.co.uk/...
Europe fires back at ICANN's delusional plan to overhaul Whois for GDPR by next, er, year
https://www.theregister.co.uk/...
https://www.icann.org/en/syste...
https://www.icann.org/news/ann...
You already have a right to not be listed in the phone book.
What probably will change is that phone companies no longer can charge extra for this
Here in Germany, the option of not being listed in the phone book is free. And (and least for some phone companies) the default.
I've had private registration, by default, all the time with GANDI.net for all my domains. Yes, they're a European registrar. No, it cost me nothing. If I wanted the details public, I'd have to go into the admin and specifically turn off the privacy setting.
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
It seems obivous that ICANN was willfully ignoring reality. Various passages from The Register's coverage of the years' long unfolding:
ICANN has done its best to ignore [GDPR] for a number of years, relying on the fact it is a US corporation and that the American government is strongly supportive of the Whois system.
But then the companies that fund the organization started explaining that it was a real problem. Many have their headquarters or subsidiaries in Europe and GDPR imposes fines of up to €20 million or 4 per cent of turnover, whichever is larger, if companies are not in compliance.
So in response ICANN decided to commission a third-party to put everyone's minds at rest. But that expert came back and told ICANN the same thing: you have to sort this out now.
The problem really hit home when registries under contract with ICANN started rejecting the organization's authority. ICANN's legal department sent threatening letters to two internet registries based in Europe that said they won't run a Whois service. ICANN informed them it was in their contract.
They got back: that part of the contract is "null and void" because it conflicts with European law. It's safe to say that woke the Californian organization up.
Several months later, ICANN came up with a quick fudge: it would not impose its contractual obligations if companies sent it a letter explaining what they intended to do to fulfill the new European regulations. The idea was that ICANN would then use these models to devise its own system, which it would then ask everyone to apply.
When ICANN's staff and board realized it was going to be impossible to hit the May 25 deadline, it decided – by itself – that the best solution was simply to ask the DPAs for a delay.
And somehow – despite those authorities giving no indication that such an approach was even possible – the idea of a moratorium became the central component of ICANN's efforts to become compliant with the law.
In its summary of the subsequent meeting with WP29 earlier this week, US-based ICANN makes no mention of its core request for a moratorium and when we asked the organization whether it had made the request and what response it had received, it responded that it was "provided feedback from the DPAs and agreed there remain open questions."
What we now know is that the DPAs were much more blunt in their response: "The GDPR does not allow national supervisory authorities to create an 'enforcement moratorium' for individual data controllers."
Amazingly, it isn't just this concept of a moratorium where ICANN has deluded itself into believing a different version of reality.
Despite the clear guidance of the DPAs and even of its own external legal counsel that it specifically hired to advise it on how to become GDPR compliant, ICANN has also persuaded itself that it was going to be able to publish people's email addresses.
One person linking to an explanation with a brief summary makes sense, similar to informative posts by other posters.
Try, a pretty good summary of a NANOG thread that's weeks old.
I'm not a complete idiot... Some parts are missing.
Right now, my *home* address, phone number and email are listed in the WHOIS database, put there by my ISP. And other stuff I own requires a RIPE handle with again my address, phone number and email listed. It's not corporate, it's personal/open source project-related. While I could pay some extra money to have (some of) this stuff obfuscated, the fact that it's in the open by default is a problem. 30 years ago the internet was a different place. Today, that information is going to be hoovered up by spammers, used for legal retribution if something thinks I downloaded something I shouldn't have, and used by assholes for SWATing. And so on. As far as I'm concerned, GDPR is going to be a massive improvement, and if WHOIS is forced to update their outdated and ridiculous practices as a result, then that's a massive bonus.
There's a quick solution to all of this. ICANN and IANA jointly run the root servers. Announce that any TLD registrar that doesn't provide WHOIS service will no longer be listed, and see how many days it takes the EU to fix their law.
If there is a conflict between the GDPR and WHOIS, then contrary to popular belief here on Slashdot, this is a flaw in the GDPR. As far as I know, even in the EU, people are not allowed to do business as a fictitious entity without registering their identity in a way that someone defrauded can look them up. The WHOIS database is the Internet equivalent of that. It serves an important role in the governance of the Internet, particularly with regards to copyright enforcement, but also with regards to libel laws, etc.
What the EU has done, with GDPR, is try to override the laws of many, many other countries whose laws require WHOIS to exist in one form or another, and to tear down one of the foundational pillars of Internet governance itself.
IMO, the nuclear response is the correct one. If, after GDPR goes into effect, registrars drop WHOIS, the Internet as a whole should drop all domains from that registrar from being visible anywhere outside of Europe. If they don't want domains to have to identify their owners, they can feel free to create their own little ultra-anonymous hell, cut off from the rest of the world. If they want the rest of the world to be able to see their websites, keeping their contact information up-to-date publicly is one of the requirements.
More to the point, everyone who owns (rents) a domain name knows this. The GDPR was intended to prevent companies from using people's personal information without their knowledge or consent. No domain owner should be surprised by the fact that WHOIS exists or by the fact that his or her information is being used in this way, because it was made abundantly clear in the ICANN domain registration agreement that he or she had to sign prior to registering a new domain name.
Further, ICANN-based registrars typically even go beyond the requirements of GDPR by regularly reminding registrants of their contractual obligation to keep their information in WHOIS up-to-date, lest their domains be confiscated.
So either the people reading the GDPR are misinterpreting it grossly or the GDPR is a train wreck of a law that attempts to force the will of a whiny group of bureaucrats over the objections of everyone involved in Internet governance. If it is the first, then the registrars will ignore the GDPR with regards to WHOIS, and nothing will change. I strongly suspect that this is the case, and that this is all much ado about nothing.
That said, if it is the latter, then the right thing to do is to segregate the EU into its own private Internet until such time as it agrees to comply with the rules of Internet governance. Their choice.
Check out my sci-fi/humor trilogy at PatriotsBooks.
What is the purpose of whois though? To allow the registrars to charge extra for the privacy option?
For example - whois includes the full name of a "contact person", even if the domain belongs to a company. There is absolutely no need for it - you can have email and an office telephone number, but there is no need to publish a name.
I haven't seen a phone book in a while (though they are still printed, probably). However, for a long time people were able to ask that their numbers be excluded from the phone book.
It's not just about illegal content. It's also about misleading content. It is about knowing where to send the subpoena if you need to sue. It is about preventing foreign meddling in American elections. And so on.
The Internet was not designed around domain owner anonymity, and forcing anonymity upon it breaks things in fairly fundamental ways.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Does icann make any money publishing WHOIS?
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Don't most people just pay for their info to be anonymised? Companies, organisations, companies, etc. should have to declare who they are and usually do on their website anyway.
Debate is a form of harassment. Do not question my truth.
"The summary published actually doesn't contain anything I submitted, nor did I submit anything that it contains."
I think it's about time a lawyer got involved because the editorialization has gone beyond anything reasonable. This literally amounts to them using your idea, your story, but literally everything stated is put into your mouth as if you had actually said it when you did not, ever.
Especially when the comments and such are supposed to be owned by the poster, which means they could've said some actionable and libelous shit, and been "That's how he submitted it." Now your ass is on the hook for their editorialization, which contains none of your original content.
No, this runs too close to being akin to identity theft in my book, and really msmash and anyone else on /. staff should probably consult with their lawyers on the legalities of what I just discussed, because this is serious. And they should probably make a full-out pinned story/apology for such bullshit.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"If the content is illegal, tell the police."
Are you too fucking stupid to know the difference between criminal and civil liabilities?
"Why is there a need any of that to be public information?"
I refer you to my first question asked in this post.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
A lot of registrars are already non-compliant with ICANN's wishes to have my name, home address, telephone number and email address listed publicly for anyone to find and send "offers" to. Those evil registrars offer a service, where they remove my data from the public record, for a fee.
The only difference for GDPR is that the "WHOIS privacy" service will have to be free and on by default (as I understand it, there could be further limits as to what data the registrar can keep in its private database). If I am doing something illegal, the police can contact the registrar and get my personal information. There is absolutely no need for my name, home address, email and telephone number to be listed in public. If you think I have committed a crime, contact the police and they will contact the registrar.
WHOIS is like a phone book. I choose to not get listed in either. However, if I call to say that I have planted a bomb, then sure as hell the police will be able to find out my name and address by asking the telephone company.
you are really not going to have anything of value to contribute to the discussion if this is the first time you've heard of GDPR or WHOIS.
Whois privacy is a thing. Most registrars just charge extra for it. I see no problem with making that free and the default option.
What things break in fundamental ways if whois privacy is enabled for everyone for free by default?
"Limited companies" are businesses, owned by those individuals. An individual can register a personal domain for their own personal communications or communications. In US Constitutional terms, it becomes a free speech issue. Can one speak as an individual on the Internet hosting a website or email service or even an FTP document server, without giving up the personal information of the domain owner?
You can have a phone directory under the new law, under two conditions:
1. The person has to explicitly give consent for their number to be published (default is "no").
2. You cannot refuse the phone service if the person chooses to not get listed in the phone directory.
Does this also spell the death of the SOA and RP records in DNS, since they also broadcast contact information?
Comment removed based on user account deletion
In the UK a domain that is non commercial can opt to keep the name of the registrant private. I like that distinction of what should be publicly known and what can reasonably be kept private.
GDPR doesn't prohibit courts from issuing subpoenas ordering registrars to identify domain owners.
Whois is a relic of the early days of the internet, when things were small and simple, and most conflicts were resolved engineer-to-engineer with a phone call or an email. The contact information was there to allow this sort of communication - often in the form of 'logging hack attempts from your server, someone probably compromised it' or 'Fix your bloody BGP announcements!' There was no point involving anyone else - the rest of the company barely understood what a computer did.
That was before there were millions of dollars at stake and lawsuits were commonplace. These days any large company is going to want all inter-company communications to go through customer services coming in and legal going out. They certainly won't want their engineers trying to directly contact the engineers of another company. Engineers tend to be distressingly honest at times, and what they see as a harmless explanation, a lawyer might see as an admission of error that can be used in a lawsuit.
ICANN and IANA jointly run the root servers. Announce that any TLD registrar that doesn't provide WHOIS service will no longer be listed, and see how many days it takes the EU to fix their law.
Yes because we've all seen how quickly the EU bends over to the whim of Americans. /sarcasm
If there is a conflict between the GDPR and WHOIS, then contrary to popular belief here on Slashdot, this is a flaw in the GDPR.
Why? New time, new law. Something acceptable in the past, not acceptable now and incompatible with some service no one uses anymore doesn't make it "flawed". Specifically take note of the last part. WHOIS is a worthless database full of garbage entries. Hell my own domain's WHOIS entry isn't complaint with ICANN's rules and hasn't been for the past 15 years.
The Internet was not designed around domain owner anonymity
The internet was not designed around identifying content owners. It was only ever designed around identifying individual computers. WHOIS is a useless bolt-on, completely irrelevant in that it hasn't contained useful information since the turn of the century and the rules about publishing identifying information have been either completely ignored at worst or gone unverified at best.
If you get something useful out of a WHOIS query, you should probably play the phone number in the lottery tonight.
No requirement for civil proceedings requires personal information to be posted publicly. The registra has this personal information and can be compelled by a court to provide it. Nothing more should be needed.
Congratulations Europe, you just outlawed the phone book. White pages and yellow pages both.
You can opt out of the phone book for free. Same is required with Whois now under GDPR. Bravo Europe!
GDPR doesn't prohibit courts from issuing subpoenas ordering registrars to identify domain owners.
There is no court subpoena if you can't identify a defendant.
The US government would have sovereign immunity to non-sense such as this.
Whois does more than just return registration information. It is the database of domain names. Without it you cannot ascertain whether what your DNS return values are true or whether or not a domain is unique.
Custom electronics and digital signage for your business: www.evcircuits.com
Those are third parties to ICANN. Private parties provide a technical contact, and that party contacts the actual technical contact.
The system requires the names for technical contacts to be published at the very least.
//TODO: Think of witty sig statement
GDPR is a big issue for anyone collecting statistics like ad networks. Just look it up on wikipedia.
The impact on whois is really a marginal thing.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Then how do defendants get identified by their IP addresses? There is no public IP - subscriber database. You have to ask the ISP to provide the information.
What is the difference here?
Whois privacy is a thing. Most registrars just charge extra for it. I see no problem with making that free and the default option.
When you use the "whois privacy" option: the legal owner of the domain according to the registry will be a proxy service. That means technically you no longer own the domain, except according to the proxy service you've hired --- if they go bankrupt or something, there's a chance "your" domain gets sold to satisfy their debts.
GDPR doesn't prohibit courts from issuing subpoenas ordering registrars to identify domain owners.
There is no court subpoena if you can't identify a defendant.
IANAL, but I believe there is a way to do this.
You can write a subpoena for an unknown person (e.g, a John Doe with partial information (like a domain name) and submit it to the court.
If approved by the court, you can take the subpoena to the registrar for that domain name and as part of the discovery process attempt to compel the registrar to release the name.
If the registrar doesn't turn over the information associated with the domain name, they are in violation of a court order. I believe the court can find the registrar in contempt of court.
GDPR is a euro thing. The US constitution (and US free speech laws) are not really relevant. The EU and the UK have different standards for free speech and privacy than the US.
And WHOIS as a database system isn't at all a problem, only the rules for implementation as currently written by ICANN are.
e.g. the WHOIS system for Sweden is fully in compliance with the GDPR because it doesn't contain any personal names or details of people, but rather points to the registra, and still happily serves all the purposes you list.
GDPR doesn't affect things like company registration and ownership records. There is a clear legal, necessary requirement for them to exist and permission is required in order to set up a limited liability company.
If ICANN tried to kick EU domains off then the EU would just fork DNS. The EU is much larger than the US (511 million to 325 million people) and any such move would hurt the US far more anyway, because the US would be the one with an incomplete set of DNS records.
In practical terms the US would be forced to recognize domains registered in the EU, because otherwise people in the US could register the same domains and use them to spread malware. Of course a lot of services people rely on would break for US users too.
ICANN will capitulate.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Why should ICANN care?
Not every entity in the world has to be complaint with EU law. Or US law. Or Chinese or Iranian law.
No explanation of who or what ICANN are either, but I notice you didn't bother to complain about that.
If you're working in IT and haven't encountered GDPR then you should investigate it fully - it has impacts globally.
He was using an analogy to help people with limited education.
It's also about domain squatting, for which a working contact address is very useful.
"No requirement for civil proceedings requires personal information to be posted publicly."
Oh boy I can tell you've never done SHIT in court, because once the proceedings are done, ALL OF THAT INFO IS MADE PUBLIC FUCKING RECORD.
Care to try again, oh ye of obviously lacking civic duty?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
OK. Lots of people are saying, in one way or another, that I should have used harsher terms in criticizing ICANN. I don't like doing that, but I'll admit in this case it seems justified.
What I'm not sure of is to what extent the implementing regulations were detailed by the law that got passed. If, as some have indicated (and I still doubt) the detailed measures were a part of the bill, then I was extremely much too lenient in my criticisms. I've been assuming that the implementing rules were created based on the law rather than being specified in detail in the law. I still think that most likely. I also thought that the law was recently passed, rather than passed two years ago. Another "Whoops!".
But still, my basic feeling is that the reason the regulators are being so inflexible, is that ICANN has shown no intention of obeying the regulations. The mistakes I made only reinforce that ICANN has shown no intention of obeying the regulations.
I think we've pushed this "anyone can grow up to be president" thing too far.
I don't know about in Europe, but in the US there are "John Doe" subpoenas, where you don't know the name of the entity being subpoenaed, but you have other identifying information. Admittedly, those have been misused at times, but they also often serve a valid purpose.
So I suppose that a court could issue such a subpoena to "the entity using this IP address at this time". (Whether that information would be available is another question, of course.)
I think we've pushed this "anyone can grow up to be president" thing too far.
"No requirement for civil proceedings requires personal information to be posted publicly."
Oh boy I can tell you've never done SHIT in court, because once the proceedings are done, ALL OF THAT INFO IS MADE PUBLIC FUCKING RECORD.
Care to try again, oh ye of obviously lacking civic duty?
Errr you clearly missed the point. So let me make them nice and carefully in chronological order so you know how you got to your very silly and irrelevant point:
1. AC questioned the need to keep these records public.
2. Joce640k implied there is none because if something illegal happens then they can go to the police.
3. You called out a difference between civial and criminal liability implying with your post that records need to be public for civil cases to proceed.
4. I stated that's not the case because these records get discovered during the court case.
Now at this point you've gone off the rails rambling about something irrelevant like court cases making these records public and then jested that I don't have a clue. I'm not sure quite what point you're trying to make here but it was completely irrelevant to the topic.
Anyway let me reel you back into the conversation slowly and reverse chronologically so you can meet us back on topic:
- Once something is in court and made public record it is no longer under the coverage of the GDPR. It becomes irrelevant to the conversation.
- To get discovered in court the information of people doesn't need to be posted publicly, just recorded privately by registras.
- The only public information needs to be the registra in charge of the domain. This is sufficient for any legal proceedings both civil and criminal.
- Ergo we're back to: WHOIS doesn't need to contain the private information that conflicts with the requirements of the GDPR.
Oh and I've been in court four times, once on each side of a civil case, and twice as an expert witness in a criminal case, and I studied this is a minor to my degree too. I don't feel like I lack very much thank you.
"4. I stated that's not the case because these records get discovered during the court case."
"I don't feel like I lack very much thank you."
you obviously lack the fact that many can't afford to PAY A COURT to compel people to hand over identifying information. Thus the GPDR by default fucks over people who need to access that information.
You haven't been in court enough, by any means, because you're missing a lot.
Try again when you've been dragged in and out of courtrooms for over 30 years from child custody to DRM cases (Kicked Electronic Arts Ass) criminal cases and more. You being an expert witness means exactly jack shit and if this was a minor to your degree you got a very lacking education.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
you obviously lack the fact that many can't afford to PAY A COURT to compel people to hand over identifying information.
Not at all. In much of the world it costs almost nothing to take someone to court, and costs even less if you win. But then you completely missed the entire premise of this post that someone is already taking someone to court over this otherwise they wouldn't need the information in the first place. That is one of the most epic logic fails I've seen posted on Slashdot.
You haven't been in court enough, by any means, because you're missing a lot.
Whatever man, just because your marriage broke up doesn't mean you know jack shit about how civil proceedings work. ... evidently.
The "go live" date for the GDPR has been known for 2 years. ICANNs ignoring it for nearly 23 months is simply the uninformed arrogance that has made US businesses so disliked across the world. People who do business with US companies do so warily. They like to think that "other peoples" laws do not apply to them and they think that US laws do apply to foreigners.
(If you do business in country XXX, the laws of that country apply to you. The laws of the USA do not apply in XXX. If someone has signed a treaty, that applies but getting the USA to fulfil its obligations is not a given.)
If a change had been applied in the US that had given privacy to people in the US, how long do you think the rest of the world would have been given to comply? It would not have been the 2 years ICANN has had. I suspect it would have been between 50 days and a month.
I'll see your Constitution and raise you a Queen.
ICANN now has a little over a month to come up with a replacement
After having been given almost three years of notice to do something about it. Look, it was never a point about if ICANN could or could not fix it. ICANN made it quite clear from their actions that they were not ever going to fix it. This whole thing shows that the most recent round of directors at ICANN are commercial focused buffoons that lack any real understanding of law or technology. It's a shit show right now at ICANN so this entire thing like, "Oh No! WHOIS will break!" is crap. Have idiots running an organization, watch idiotic results flow from that organization. It's that simple.
As someone with a personal domain, I appreciate the opportunity to avoid broadcasting my personal details on WHOIS.
As someone who has encountered a troll site for local politics, I appreciate looking up the registrant to discover that it is owned by a foreign individual.
Wtf? Why are you paying more for privacy than your domain? Wtf are you up to? Whois privacy is free from low cost registrar's like namesilo. It sounds like you pay more for each than I pay for both.
I'd pledge $50 to a gofundme campaign to sue Slashdot editors. They are really, really bad.
Are you white and super rich? You seem to think police just fucking do what you ask. Do you watch CSI shows and think cops know how to do basic technology shit? Wireshark your Internet traffic for a few hours and then wonder who the fuck you're communicating that you don't know about. Then call the police for their help.
Let me ask something here because I might not be seeing the complete picture.
Is this a bad thing? If so, why?
I have a couple of domains that I always felt extremely uncomfortable for them demanding that I list personally identifiable data to register, and that it would be exposed in listings for anyone and everyone to find out if they wanted to.
This single fact always gave me pause on publishing stuff and speaking my voice out for the potential of having trolls and whatnot finding out my private information and essencially doxing me.
I dunno how exactly things work in other countries, but I was never given the option to make this information anonymized or private - not even paying more for it.
So, I might be missing something here, but personally, good riddance.
And see that I'm not saying the info shouldn't be given... for criminal cases and whatnot, the information should still be there. Just not exposed bare in public.