The General Data Protection Regulation law passed in May of last year, and since then major changes started to take effect. Certain provisions within the law impact the way companies operate online and the way personal information is being protect, but in addition to that, GDPR also impacts the information available online regarding domain name registrants.
The Effect Of GDPR On WHOIS
As a result of those provisions, WHOIS goes into conflict with these new regulations, which poses a threat to the platform. WHOIS is an open record database featuring both individuals as well as organizations that have a domain name registered. A WHOIS database download includes 300 million domain names.
Within the WHOIS database, contact information is included, which is available to the public. The information is included is not meant for commercial purposes, but for combatting spam, addressing technical issues, and checking if certain domain names are available. However, the contact information featured on the site is often times used by third parties for marketing campaigns.
Despite the fact that the GDPR is an EU-issued regulation, it has a far-reaching impact. As a result of it, a lot of contact details had to be removed from WHOIS’ records, which in turn makes it difficult for domain registrants to be contacted – unless those domain registrants have specifically allowed that information to be made public or have it displayed on their own websites.
GDPR can be beneficial for domain owners, as it provides more privacy. On the other hand, removing the WHOIS system could pose a problem when it comes to research and security, due to the fact that malicious domains would be harder to identify and stop.
Cryptography As A Solution?
One suggested method that could be a solution to the problem the WHOIS database is facing could be cryptography. Cryptography is a way of protecting information by using codes. The method relies on mathematical algorithms which are able to encrypt text – which then can be decrypted in order to reach the original information.
What his method does is it ensures that only the intended recipient of the information is able to interpret it, and that parties on both end (the sender as well as the receiver) are aware of each other’s identity. As a result of this, information is being protected when it comes to unwanted third parties, and makes the parties involved accountable for the way they handle the data – thus helping when it comes to, for example, a WHOIS database download that might be used for commercial purposes.
By using cryptography, WHOIS could be allowed to operate under the new rules, as the method addresses the issues that go against the GDPR. Each registry would have to make a private key, which would be added to the personal data. Instead of making the contact information available to the public, WHOIS could be using the information as well as the private key and create hash values which would be then accessible to the public. This could be useful when it comes to identifying multiple abusive domains at once, given that they could be registered by the same individual, which means they would appear under the same private key.