ICANN to EU: Hey, you’ve adopted the GDPR – Domain Name Wire

ICANN notes that the GDPR makes it more difficult to eliminate DNS abuse.

ICANN sent a late comment to the European Commission’s (EC) call for evidence on the European Union (EU) Anti-Counterfeiting Toolkit (wow, that’s a mouthful).

Basically, this counterfeiting toolkit and associated report analyzed DNS abuse and what to do about it. The ICANN Business Constituency previously submitted comments to the EU, and now ICANN has contributed (but after the deadline).

ICANN explained the limited role it plays on the Internet and also stated, “ICANN is not the Internet’s content police”.

But he also took the opportunity to shift blame to the EU for making it harder to investigate DNS abuse at the domain level. It was the EU, after all, that forced registrars to stop displaying public Whois information under GDRP.

He wrote :

This [GDPR] has fragmented a system that many rely on for reasons as varied as law enforcement investigations, intellectual property, and security incident response, among others.

The GDPR also makes it difficult to verify the accuracy of registration data:

In addition, the GDPR has affected ICANN org’s ability to investigate registration data inaccuracy and take remedial action with gTLD registrars. Prior to the GDPR, ICANN org investigated the accuracy of gTLD registration data both in response to external complaints and in the context of the WHOIS Accuracy Reporting System project, in which ICANN org proactively identified potential inaccuracies and addressed them with registrars. This project was discontinued on the effective date of the GDPR, as much of the registrant contact information is now removed from public view and therefore not accessible for analysis. .

In other words, the EU removed one of the essential tools that security researchers use to stifle DNS abuse.

Comments are closed.