European Data Protection Regulators have been expressing their concerns for nearly twenty years about public records of domain name ownership (commonly referred to as WHOIS data). A recent case (C37-20) on public records of company ownership (required under money-laundering legislation) suggests that the European Court of Justice would have similar doubts. But its comments on […]
Tag: WHOIS
Originally a distributed database where those who were allocated internet naming and numbering resources were invited to post contact details in case they were needed for operational purposes. Some time last century, this got tangled up in the enforcement of intellectual property, privacy and incident response.
Categories
WHOIS access and the NIS2 Directive
The European Commission’s proposed update of the Network and Information Security Directive may revive discussions about access to WHOIS data. When a domain name is registered, contact details are typically requested for various purposes, including billing, administrative and technical questions. For most of the history of the DNS this ‘WHOIS’ data – including names, postal […]
Categories
WHOIS access for CSIRTs
Over recent months the GDPR has given extra weight to concerns – originally expressed by regulators fifteen years ago – about public access to information about individual registrants of DNS domains. This article considers the use of this WHOIS data by those handling information security incidents, and why this represents a benefit, rather than a […]