ICANN + GDPR = NoWHOIS

Welcome to the brave new domaining world, devoid of actual WHOIS information.

The GDPR is officially the most damaging bureaucratic concoction ever created about digital information, effectively dividing the Internet into two large zones: one available to Eurozone members, and one that can be accessed by the rest of the world only.

Nobody wants to be a data safeguard and processor for Europe’s central government. Europeans have long lost control to their own privacy, and yet demand others should safeguard it.

If you visit London, thousands of cameras track your every move, storing your image in GDPR non-compliant servers. That means, of course, that your data is not accessible, editable or deletable by you. How’s that for better privacy, Europeans?

The hypocrite Eurocrat bureaucrats believe that by creating a draconian law a sense of safety will be instilled across the Internet. The tightening of security controls should be mandatory regardless of locale. Big businesses that rely on processing of personal data, and embarrassing data breaches made public in recent years are to blame.

Demanding that businesses outside the realm of the 28 countries forming the EU, should comply with a Eurocentric law on data privacy, is hysterical, particularly when a large portion of cybercrime activity originates in Europe.

But this isn’t a war staged against Europe. It’s about rejecting legislation that pretends to solve a problem, while creating numerous others. Like Hercules and the Hydra, the GDPR spawns two ugly heads in place of the one it cuts.

WHOIS information is a huge victim of the GDRP.

As a domain investor, I’m losing access to a valuable tool that enabled me to transact daily with potential clients. And that’s just half the problem, as my information cannot be verified in the same manner as before, when selling domain names, for example. I will have to resort to different processes with companies such as Escrow.com. Luckily, my well-established relationships with these technology service providers will now pay off, but what about hundreds of other domain investors, many of which are just beginning?

As a domain crime researcher and consultant, I’m losing the ability to access information that’d help me locate repeat perpetrators. As Brian Krebs said, “any information is better than no information,” referring to the bogus WHOIS used by cybercriminals, that still used valid email addresses. That last part is now hidden from WHOIS, unavailable to anyone who is not working for the authorities.

So good luck with your domain names when they get stolen. ICANN has stalled for years to create a safe “thick WHOIS” that would achieve two things: protect data, and ensure it’s clean data. Instead, the broken WHOIS model is being replaced by a hidden and still broken model, and this is bad news for everyone in the domain industry, and everyone else as well.

Some believe that blocking the European Union IP ranges is “extreme.” In that sense, so is the GDPR, but don’t take my word for it.

As a content provider I’m not going to spend my time inviting third parties that might or might not have a valid reason to make data requests, and do so under threat of a law created in a country I do no business in.

Thousands of businesses will choose to cut their ties with the European Union, instead. Perhaps, Brexit wasn’t such a bad decision, after all.

Comments

  1. Theo,

    100% agreed. Most of our customers on domainIQ are either cybercrime investigators or government agencies. They are extremely upset that they can’t do their research and bring criminals to justice because key parts of whois records are now redacted on all, not just EU domains.

    What’s more concerning is that there are no procedures for governments to access this data at all because ICANN has not yet created a process, even though this has been cooking up for years.

    What a mess!
    Luc

  2. Luc – I appreciate your feedback. You’re operating a business that is being damaged in one fell swoop by industry changes caused by an over-reaching law, and that’s disastrous.

    ICANN is a bureaucratic organization, in effect, very slow at making decisions, and when pressed for time, these decisions can be ineffective addressing core issues.

    A lot of people will now miss a US-controlled ICANN. It was safeguarding everyone against ridiculous surprises such as the GDPR.

  3. Aaron Strong says

    Hows that ICANN multi stake model treating you now?….Remember, the proponents of the U.S. relinquishing control said it was to not fracture the internet. Yet today we are fractured.

  4. Aaron – The next ICANN gathering in Panama (ICANN 62) should be “fun.”

  5. Aaron Strong says

    Theo – It’s too late for ICANN to fix it. They are filled with oppressive government regimes. This is only the beginning and ICANN can’t fix this without the support of the United States Congress and President. I commented extensively on the the repercussions of the United States giving up control of ICANN and handing it to oppressive governments. Very few in politics and technology agreed. Yet today they stand there saying, “what the hell just happened?”.

  6. Aaron – Without doubt, the GDPR was created having a financial and political spear as its sharp edge.

    This article covers Peter Thiel’s position on the GDPR, a very interesting read: https://www.theguardian.com/technology/2018/mar/15/peter-thiel-silicon-valley-europe-regulation

  7. Aaron Strong says

    Theo – . The European Union and ICANN both passed its “laws” under disguises. GDPR used Privacy as a disguise, while ICANN used the argument that the internet would become fractured or splintered if the U.S. did not give up majority control. Clearly a disguise. As you know the changes happening are far from the domain industry being upset about blocking WhoIs. Today the internet became fractured in many ways with lasting consequences. The problems today, caused by the disguises, may not fit back into the bottle. As a reminder of those who don’t know, it was Obama that ordered the United States to remove its power in ICANN causing this fracture of the internet.

  8. DomainTools, an invaluable domain research tool, published today what changes thanks to GDPR: https://blog.domaintools.com/2018/05/gdpr-is-now-live/

  9. What you are all commenting on is valid, but on the larger issue, this had to happen. Over the last 24 years, civil liberties and protections were not put in place to protect net citizens. We needed a Bill of Rights created for the Internet. This never happened. The resulting consequence was that our freedoms and content were trampled on and overtaken by large tech companies. It’s evident in the fact that the power of distribution, which was accessible to all of us, has once again become too expensive to compete as a business. While there was once open terrain, there are now gatekeepers and walls. The power that we all had has been taken and used against us.

    Something had to happen and Europe was the one that had the potential to do so. In America, Google, Apple, AT&T, Facebook and Amazon (Hydra) have, in my opinion, coopted with the US government to control our data and in essence, enslave us on the “Informational” Super Highway. On the business side; these companies have had free reign to grow into monopolies. On the government side; they have the ability to use, as a proxy, these companies to surveil us and know our positions and tendencies. Likewise these companies are now part of our national security which which give them both incredible power over us and the internet.

    These monopolies have a power source that must keep growing and consuming. The GDRP is one tool that will strike back at these monopolies. Yes, we want Whois to help us with our businesses but that doesn’t stop us from controlling our own Whois on our domain names. We should and can control it. The impulse to let others control it is what got us to this point. We need to use those powers, of what is ultimately our right, to fight to get back control. It will be a Herculean struggle but in the end, worth it.

  10. Aaron Strong says

    Michael – Thanks for joining the conversation on this most unfortunate circumstance. I will respectfully disagree and rebuttal some of your points.

    “We needed a Bill of Rights created for the Internet. This never happened.”

    Prior to the U.S. relinquishing control of the internet, the majority stakeholder, the United States, was bound to the United States Constitution, in which there is freedom of speech. Therefore the U.S. Consitution was the “internet bill of rights” as you call it.

    “The GDRP is one tool that will strike back at these monopolies.”

    No, GDPR just gave these monopolies more power. GDPR does not address what it was intended to do. It is a flawed and badly written law that does not break up the large technology monopolies, but instead creates barriers for people to compete with the technology monopolies.

  11. Thanks Aaron. It doesn’t matter that the US relinquished control. If the US government used antitrust laws or imposed regulation, it would have a dramatic impact around the world. It hadn’t and hasn’t. Maybe that will change but Europe has been engaged in fighting these monopolies for several years now. I am interested in seeing how it plays out.

    I do not believe DGRP gives monopolies more power. I would like to know how you see it doing so. I will reference this article: http://www.bbc.com/news/technology-44252327

    “The companies are accused of forcing users to consent to targeted advertising to use their services.”

    This abuse and control needs to stop. Currently, only governments have the power to counter them.

  12. Aaron Strong says

    Michael –
    “I do not believe DGRP gives monopolies more power. I would like to know how you see it doing so.

    The consequences of GDPR to the technology monopolies will be less severe than it would be to an internet entrepreneur or a startup trying to use the internet’s resources. The tech monopolies can continue to fight the legalities of the regulations and continue to lobby the political bureaucrats in their favor. The monopolies can climb the barriers caused by the regulations while the internet entrepreneur or startup is hindered at a pace worse than seen before. The people, the citizens, the entrepreneurs, the startups, lose with GDPR, not gain. We are seeing evidence of this today as those small business professionals in Europe are unable to access needed resources.

    I am curious to understand how you think GDPR will break these technology monopolies?
    Respectfully,
    Aaron

  13. Aaron, DGPR will not break technology monopolies but is one tool that will help to reduce their power and overreach.

    Data is power and when it comes to advertising, companies like Google dominate that data “because” of the internet. We have very little say in how it is gathered and stored. While it is amazing what these companies can do, it is not an even playing field for the rest of us and leads to unfair business practices. Artificial intelligence is drilling down on that data and we don’t stand a chance to compete unless some controls are put in place.

    The internet should be a place where we can all live virtually and share in commerce.

  14. Great debate, guys. Reinforced by the more than 400 GDPR update emails that I received so far, I can say that Europe played its cards right, without receiving any resistance from ICANN or the US government. But this, might soon change.

  15. Aaron Strong says

    Michael – We agree on several points and disagree on others.

    *I agree we need to address privacy and data collection by all technology companies. I disagree that GDPR addresses this issue in a meaningful way.

    *I agree big technology is a monopoly and that they control, gather and store data unfairly. I disagree that GDPR addresses this issue in a meaningful way.

    *I agree “The internet should be a place where we can all live virtually and share in commerce.” I disagree that GDPR addresses this issue. Today we are witnessing GDPR has hindered commerce and communications in many countries as multiple companies and websites have blacklisted the European Union. This hurts the people, the citizens, and the small guys around the world more than it does the big tech monopolies.

    Great discussion, respectfully,

    Aaron

  16. @Michael, glad to hear I’m not the only one on the pro-privacy side 😉 I’m not fit at this hour to write a lot about it this time, and I still got some work to do. However, I never thought the concept of a public whois by default was proper and right. Most people do need protection from the big data collectors, as they don’t understand the risk of it.

    @Theo: Interesting point regarding the cameras in London, something I’ve disliked for a long time as well. Ultimately, GDPR might have an impact on that too, even though who knows if this will play out before England leaves the EU.

    GDPR and the current ICANN changes have (IMHO) nothing to do with ICANN not being under the control of the US any more. I personally don’t think a single country should be in charge of the Internet.

  17. I’m all for privacy but with the loss of whois, a lot of domainers are going to lose money, domains will be stolen and unable to be traced and scammers can use domain names to scam,phish much easier. that is not good. as a domainer gdpr really hurts.

  18. Here’s an article about GDPR and its effects inside Europe: https://goo.gl/652GQr [English] or see the original in Spanish: https://www.elconfidencial.com/tecnologia/2018-05-28/gdpr-empresas-fraude-multas-millonarias-abogados_1569093/

Speak Your Mind

*