SoylentNews is people
SoylentNews
The Whois public database of domain name registration details is dead.
In a letter [PDF] sent this week to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.
The letter also has harsh words for ICANN's proposed interim solution, criticizing its vagueness and noting it needs to include explicit wording about what can be done with registrant data, as well as introduce auditing and compliance functions to make sure the data isn't being abused.
ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number.
ICANN has already acknowledged it has no chance of doing so: a blog post by the company in response to the letter warns that without being granted a special temporary exemption from the law, the system will fracture.
[...] Critics point out that ICANN has largely brought these problems on itself, having ignored official warnings from the Article 29 Working Party for nearly a decade, and only taking the GDPR requirements seriously six months ago when there has been a clear two-year lead time.
One company that is caught in the middle of the dispute is sanguine about the possible death of the service. "Is this the end of public Whois? Yes, in its current form," CEO of Irish registrar Blacknight, Michele Neylon told us. "But is it going to go completely dark? No."
Neylon has long complained about ICANN's refusal to acknowledge European law when it comes to the Whois service: back in 2013, he refused to sign an updated version of the contract that domain name sellers have with ICANN until it gave him a legal waiver over its data retention requirements.
"That decision probably cost us money, but if we have to choose between operating legally or illegally our path is clear," he wrote in a blog post this week.
(Score: 2) by bradley13 on Sunday April 15 2018, @06:47AM
On the one hand, I support Europe's privacy laws - we live in a time where this is a real problem. On the other hand, Whois should be providing nothing more (and nothing less) than a public property registry. It makes sense to know who owns what.
That said, I do not understand the letter. IANAL, but: I would expect specific objections. However, the letter seems incredibly vague. Just two examples:
- "WP29 has clarified that purposes specified by the controller must be detailed enough to determine what kind of processing is and is not included within the specified purpose, and to allow that compliance with the law can be assessed and data protection safeguards applied. Not all of the purposes enumerated in the Final Interim Model satisfy these requirements." They then provide one (vague) example. If they object to terms in a legal document, they need to specifically list the terms they object to. How else are you supposed to either revise the document or answer their objections?
- "ICANN should take care in defining purposes in a manner which corresponds to its own organisational mission and mandate, which is to coordinate the stable operation of the Internet's unique identifier systems. Purposes pursued by other interested third parties should not determine the purposes pursued by ICANN. The WP29 cautions ICANN not to conflate its own purposes with the interests of third parties." They give zero indication as to where they see conflation with third party interests.
ICANN may indeed be late, addressing European privacy legislation. However, this letter looks more like public posturing (with what goal?) than any attempt to actually move things along.
Everyone is somebody else's weirdo.