US Government Reiterates Opposition to Changes to WHOIS Resulting From EU’s GDPR

The US government continues to be opposed to changes to Whois that they believe will have little benefit for consumer privacy and major benefits for cyber-criminals. The comments were made, again, in a speech by the the NTIA’s Assistant Secretary of Commerce for Communications and Information, David J. Redl, at a FDA Online Opioid Summit in Washington, D.C. on 2 April.

In his speech, Redl said “the WHOIS is a resource that,
prior to the GDPR, provided public access to domain name registration
information, including contact information for the entity or person registering
the domain name. This information is a critical tool that helps keep people
accountable for what they do and put online. Law enforcement uses WHOIS to shut
down criminal enterprises and malicious websites, including those that
illegally sell opioids. Cybersecurity researchers use it to track bad actors.
And it is a first line in the defense of intellectual property protection,
including the misuse of opioid brand names.”

The European Union’s General Data Protection Regulation has
been developed by the European Commission to give individuals more control over
their data that businesses hold, including domain name Registries and
Registrars. It also applies to businesses outside of the EU that hold data on
citizens and residents of the EU. It’s impact is far-reaching and penalties for
breaches are severe – fines of up to €20 million or up to 4% of the annual
worldwide turnover, whichever is greater.

“Unfortunately, when GDPR went into effect, those companies
responsible for providing WHOIS stopped publishing much of the data because
they feared it would make them vulnerable to the massive fines GDPR imposes for
privacy violations. The U.S. government’s position on this is clear: the loss
of a public WHOIS without a predictable and timely mechanism to access redacted
information has little benefit for consumer privacy, and major benefits for
cyber-criminals.”

But Redl says there has been some progress on this issue within ICANN. “First, ICANN put in place last year a temporary policy that clarified that WHOIS data should continue to be collected and reasonable access should be provided. This kicked off an intensive global multistakeholder discussion about how to develop a long-term solution. NTIA continues to actively push U.S. interests in these discussions. In March, policy recommendations were finalised and submitted to the ICANN Board for approval.”

Redl says he wants “to congratulate the people who have
worked on developing these policy recommendations for how to handle the
processing of WHOIS information in a manner that is compliant with GDPR. This
was the first step we needed to ensure that the WHOIS system is preserved.”

“However, it must be noted, issues remain. Yet to be
addressed is development of a technical solution, and policies associated with
disclosure and access to non-public WHOIS information.  Now it is time to deliberately and swiftly
create a system that allow for third parties with legitimate interests, like
law enforcement, IP rights holders, and cybersecurity researchers to access
non-public data critical to fulfilling their missions. NTIA is expecting this
second phase of the discussion to kick off in earnest in the coming weeks, and
to achieve substantial progress in advance of ICANN’s meeting in Montreal in
November.

Redl concluded by saying the “NTIA remains a staunch
defender of the free and open Internet. That’s not going to change. But we also
aren’t going to turn a blind eye to the real issues that are raised by this
freedom and openness.”

“We reject the notion that a free and open Internet must
tacitly condone illegal activity. We believe there’s a path to solving these
issues without turning our backs on innovation and prosperity. And that path
begins with honest discussions and debates, with compromise and collaboration.
So if you have concerns or solutions you’d like to offer, I invite you to talk
to NTIA. We welcome all thoughtful approaches to building the Internet of the
future.”

This latest Domain News has been posted from here: Source Link

Facebook Comments