ICANN disputes FDA’s assertions about Whois
Domain system overseer disagrees with FDA rep’s complaints about Whois.
Dan Burke, the U.S. FDA’s Chief of the Investigative Services Division, gave a presentation on June 2 about Whois at a webinar sponsored by The Coalition for a Secure and Transparent Internet (CSTI).
DomainTools, LegitScript, and Spamhaus founded CSTI to advocate for open Whois records in the wake of the EU’s General Data Protection Regulation (GDPR). All of these groups use Whois data for investigations, and much of that information has been obscured in the wake of GDPR.
ICANN disputes several things that Burke said during the presentation.
1. A requestor must have a subpoena to access non-public registration data
The prepared presentation said that most registrars will not share Whois data without a subpoena. But during the presentation, Burke said that the only way to get Whois data was with a subpoena.
ICANN noted that registrars and registry operators must provide reasonable access to registrant data at the request of legitimate interests. How this plays out in practice is open for debate, though.
Burke notes that some registrars won’t take action. He pointed to adderallstore(.)com, a domain registered at Crazy Domains (owned by Newfold Digital). He said that the FDA asked Crazy Domains to take the domain down and the registrar said it’s just the registrar and the FDA should contact that host. (Note that this was a take-down request, not a Whois request.) Burke said some registrars help in cases like this, and some don’t.
He also said unwillingness by registrars has led the FDA to go up a level to registries, and pointed to a pilot program it is running with Verisign and PIR:
2. ICANN salaries and those at registrars/registries are tied to selling more domains.
The insinuation is that ICANN looks the other way because its people make more money when more domains are registered. ICANN denies this. Given current registration numbers and ICANN’s budget, I’m inclined to agree that “bad domains” aren’t propping up salaries.
It’s a more relevant argument for some registrars and registries that count on malicious registrations to fill their coffers.
3. ICANN ignores complaints from government agencies
ICANN explained its role in the internet ecosystem and the ways to participate. In his presentation, Burke said he doesn’t have the bandwidth to try to work with ICANN.
Whenever I write about the lack of public Whois data, people inevitably comment that bad actors used fake Whois data. But security researchers point out that even bad data has value. Burke mentioned that Whois data allowed it to draw links between networks and more easily get subpoenas based on that info.
If I were to use the Politifact rating system, I’d give Burke’s presentation a “Mostly True” or “Half True” rating. It’s mostly accurate but leaves out important details.
Post link: ICANN disputes FDA’s assertions about Whois
© DomainNameWire.com 2022. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.