back to article ICANN't get no respect: Europe throws Whois privacy plan in the trash

European data regulators have torn up the latest proposal by internet overseer ICANN over its Whois data service, sending the hapless organization back to the drawing board for a third time. In a letter [PDF] to the US-based internet's naming and addressing systems, the chair of the European Data Protection Board (EDPB) makes …

  1. Anonymous Coward
    Anonymous Coward

    Despite existing solely to develop rules for the internet's underlying infrastructure and possessing a $100m annual budget,

    From ICANN's website:

    HEADQUARTERS, Los Angeles, California, USA, 12025 Waterfront Drive, Suite 300, Los Angeles, CA 90094-2536, USA

    Any expectations that they will even consider the idea of any law besides Californication one being applicable are a bit far fetched. That idea has to be taught to them (same as most other companies operating within the Californication reality distortion field). With a big stick if need be.

    1. Lee D Silver badge

      It's simple. You trade with another country, you have to abide by their rules too for that trade.

      It's a long-established situation everywhere, not just California. Otherwise Apple would just put two fingers up to every other state/country in the world and sell their products there. Instead they sold-out to China and all kinds of places to be able to sell their devices there.

      You are "International" but can't trade with Europe? That's a 50% hit on your revenue immediately, not counting fines and compliance work that you'll still need to do anyway.

      ICANN are being really idiotic here and will lose the EU domains if they're not careful. It wouldn't take a year to set up a "ECANN" and make all EU ISPs use it (you just say ICANN isn't GDPR compatible and, bam, they'll move over), which means that if the rest of the world want to trade with Europe, they'll have to send queries to ECANN not ICANN and the DNS roots will change to give preference to ECANN overnight (A third of them are in Europe anyway).

      This is arguing with the legal system that binds 50% of your worldwide customers saying "We don't care, and we're incompetent enough that we can't even fix it", which will just end in loss of control, whether through incompetence or legal decree. And once EU goes, other nations will follow suit.

      1. }{amis}{ Silver badge
        Alert

        " It wouldn't take a year to set up a "ECANN" and make all EU ISPs use it "

        I really hope that this is filed under "The Nuclear Option" as if this happens the first thing that will follow it would be China and Russia doing the same, resulting in the total fragmentation of the DNS system and the end of the internets as we currently know it!

        I'm personally hoping that ICant Dies and a U.N. organisation takes over regulated by international law, yes this would be a bureaucratic P.I.T.F.A. from square 1 but at this point I can't really see how it can be worse, given there are 3rd world dictatorships with a better grasp of law and order than ICANN

        1. Doctor Syntax Silver badge

          Re: " It wouldn't take a year to set up a "ECANN" and make all EU ISPs use it "

          "but at this point I can't really see how it can be worse"

          It could very easily. A few governments have wanted this option for the simple reason that they want to get some control over the net and this would be their best option.

          My preference would be for the internet community itself, or at least the widest possible geographic range of registrars acting on our behalf, to to more or less what Lee suggests but to do this independently of any government.

      2. Charles 9 Silver badge

        Thing, is the EU willing to play the ultimatum card and eventually start the wholesale balkanization of the Internet by usurping all ICANN functions? So far, I haven't heard threat of such an ultimatum which would probably be the only way to really get ICANN'S attention (since they can probably play sovereignty against the fines).

        1. Doctor Syntax Silver badge

          "is the EU willing to play the ultimatum card and eventually start the wholesale balkanization of the Internet by usurping all ICANN functions?"

          That's why I'd prefer a geographically diverse range of registrars, as many as possible, to act so that sheer weight of numbers would avoid balkanization.

          1. Charles 9 Silver badge

            Counterproductive. Your sheer weight of numbers will CAUSE rather than prevent balkanization because cartel behavior will eventually set in.

        2. Yes Me Silver badge

          the ultimatum card

          I don't see why splitting off the authority over certain TLDs, if it could be achieved, would lead to splintering of the Internet in any way. These are only names, which map to IP addresses. The root servers would figure out where to get the authoritative records from, even if some TLDs were administratively under ICANN and others under EUCANN. Splitting the authority doesn't split the network.

          That said, it is hard to see how ICANN can be so obtuse on this issue.

        3. oldfartuk

          Ofc they are. The EU has demonstarted many times in the past will grab all and any control over anything, since it all adds up to more power, and siezing the most power is the Primary Directive of the EU

    2. TheVogon Silver badge

      "Any expectations that they will even consider the idea of any law besides Californication one being applicable are a bit far fetched. "

      If they store data of Europeans it applies regardless of where they are based. And if they have EU revenue (they do) then so will the fines. At up to €20 million per violation.

      1. Charles 9 Silver badge

        But fines won't faze ICANN much; they can hide behind sovereignty and never go to Europe. What WILL hurt ICANN is a Power Play: a move to usurp their control over say the DNS roots and .com. But doing that will cause the Internet to fragment.

        1. I ain't Spartacus Gold badge

          I think people are overestimating how much the EU care about ICANN. They're not going to destroy it, and they don't need to. All registrars in Europe will just come up with their own GDPR policies and submit whatever info they see fit to the DNS records. ICANN can't enforce their contracts, because they directly violate the law and so those clauses on DNS info become invalid.

          So there are 3 basic options here. 1. ICANN then refuse to allow those registries to keep their contracts, and blow a massive amount of their revenue stream out of the water, in hopes they can find non-EU companies willing to do the job (which they won't) because then the EU can either block credit card payments to them, fine them, or set up its own version of ICANN for Europe.

          Option 2 is that the EU launches a power grab over DNS. But what's the point? They're getting what they want from GDPR already. This info will no longer be submitted by the registrars, and they'll comply. DNS records will be less useful - but do you think legislators care about that?

          Option 3 is therefore the most likely. Nothing much of anything will happen. The Registrars will comply with the law. ICANN will continue to flail for another few years, then eventually accept the inevitable. Grumpily, and possibly after having been hit with the fine stick. The board will continue to be smug, useless wankers, continue to increase the size of their bonuses, and when the money starts to run out will consider selling some more .name domains to raise cash.

          1. Charles 9 Silver badge

            "Option 3 is therefore the most likely. Nothing much of anything will happen. The Registrars will comply with the law. ICANN will continue to flail for another few years, then eventually accept the inevitable. Grumpily, and possibly after having been hit with the fine stick. The board will continue to be smug, useless wankers, continue to increase the size of their bonuses, and when the money starts to run out will consider selling some more .name domains to raise cash."

            But there's a wildcard to Option 3: President Trump, who you've noticed is VERY protectionist. Not to mention impulsive. If he starts noticing the GDPR as Europe stepping on American toes, there's bound to be a brouhaha that can potentially tie ICANN's hands. Not to mention put California under an uncomfortable microscope.

          2. Alan Brown Silver badge

            "Europe will just come up with their own GDPR policies and submit whatever info they see fit to the DNS records. ICANN can't enforce their contracts, because they directly violate the law and so those clauses on DNS info become invalid."

            This whole issue is why ICANN is trying to usurp the 13 root servers - These are the _real_ controllers of the global DNS system and ICANN could be defanged overnight if any of them start pointing to other canonical TLD servers.

            Given ICANN's provably anticompetitive behaviour in rolling out TLDs which destroyed all the existing alternate roots/TLDs in operation, there are strong arguments that they should consider doing so.

          3. oldfartuk

            Option 2 - you underestimate the raw greed for power in the EU. They have amply demonstrated in the past they will grab all and every power going if they can, they have to, the founder of the EU, Jean Monnet stated "Every treaty must contain a power grab, but be dressed up to look like a trade agreement" (I paraphrase). The aim of the Eu is the totalitarian , German run, EU Superstate. Grabbing power from iCANN is a low hanging fruit to the professional power merchants of Brussels.

        2. Yes Me Silver badge

          ...that will cause the Internet to fragment

          No it won't. Spitting control over certain TLDs is the most that would happen, and that won't split the actual network.

          1. doublelayer Silver badge

            Re: ...that will cause the Internet to fragment

            No. TLDs are already split up. The country specific ones already work on that basis, where data is removed from the public database by certain registries (including .uk). This is fine. However, GDPR means that storing data on EU citizens and making money off them for any domain names must be done while respecting their privacy. Therefore, who gets .com? EU people have domains in it, but ICANN is not going to give it to you. If ICANN don't change and they keep .com, they violate EU law and can be taken to court. If ECANN take control of .com, their only way to do this is to take control of parts of DNS as well. We could even get into a situation where both have a .com and someone has the nightmare of making that work out. Two places that both regulate domain names is asking for chaos, and the results of chaos on the internet are usually some country saying "We'll just do this my way and everything will be fine as long as I'm happy with it". In the interest of that not happening, ICANN, either change whois to comply or just scrap it.

        3. TheVogon Silver badge

          "But fines won't faze ICANN much; they can hide behind sovereignty and never go to Europe."

          I think loosing up to €20 million a pop from their European revenue will faze them quite a lot!

      2. Criminny Rickets

        Slippery slope

        "If they store data of Europeans it applies regardless of where they are based"

        What if a pay grumble website is in a country with relaxed laws that says someone only needs to be 15 to view the content. Yet, in the EU, the law is that one has to be 18 to view such content. Does that website have to restrict people under 18 from seeing the content as it violated European law, even though it is legal in the country is is based? Can the EU fine that website for allowing under 18 yo's to get a subscription and view the content of the site, even though it is not based in the EU and is following the local laws?

        1. Anonymous Coward
          Anonymous Coward

          Re: Slippery slope

          "Can the EU fine that website for allowing under 18 yo's to get a subscription and view the content of the site, even though it is not based in the EU and is following the local laws?"

          IMHO yes they can. The website is "doing business" with someone in the EU, so the same rules apply. That's why some American sites just opted for the option of blocking traffic from the EU rather than change their setup in time for GDPR rollout.

        2. The First Dave

          Re: Slippery slope

          If the viewer comes from a country where the viewer is underage, then yes, that must be restricted.

          1. DCFusor Silver badge

            Re: Slippery slope

            Shoe's about to be on the other foot here. People despise the USA (rightly, IMO, and I'm a USian) for acting as if their laws apply everywhere on earth (DVD Jon was a hilarious example that got tossed out when the judge realized what country they were in).

            Now we have another set of un-elected bureaucrats thinking that a country or small (and getting smaller) group of them can dictate to the world...

            In this case, it doesn't even matter if it's perceived as for good - or even "think of the children". It's a matter of "Who in heck are you to regulate me? You are NOT my boss/leader/elected government/in my country/relevant to my life at all". I kinda like the idea of privacy myself, but here it seems a little ridiculous/over-reach since the entire point is to put a site up on the web for the world to read anyway.

            Standing above it all, as much as I can, but V Nuland's "Fsck the EU' is now seeming more prophetic than it did before when it was just evil (and taking over another country to install a Nazi is evil whether the EU objects or not). And ironic as hell given which of the US administrations/parties she purportedly represented - you know, the ones most of the EU wish hadn't lost the last elections? The ones who actually did all the stuff the current one hasn't had time to do, yet gets the blame for?

            The cognitive dissonance is deafening.

            1. NogginTheNog

              Re: Slippery slope

              The EU aren’t trying to dictate to the world. They’re telling companies, wherever they are based, if you trade in our region then you must abide by our laws. Doesn’t sound unreasonable to me?

              Unlike the US who threaten and fine non-US companies who trade with third parties like Iran?

            2. Jamie Jones Silver badge

              Re: Slippery slope

              Now we have another set of un-elected bureaucrats thinking that a country or small (and getting smaller) group of them can dictate to the world...

              I see you've been influenced by the BRexit bullshit.

              The "EU bureaucrats" are no more unlecected as they are in any government.

              See: https://www.economist.com/the-economist-explains/2017/07/14/does-it-make-sense-to-refer-to-eu-officials-as-unelected-bureaucrats

              1. Paul Shirley

                Re: Slippery slope

                "no more unlecected as they are in any government."

                You're forgetting many Americans believe it's better to expose civil servants to political pressure and the dumbness of the mob via election, instead of choosing them based on competency, honesty and balance. Depressing that so many this side of the pond imagine ours are selected in the same dangerous way.

              2. Number6

                Re: Slippery slope

                I see you've been influenced by the BRexit bullshit.

                The "EU bureaucrats" are no more unlecected as they are in any government.

                I thought he was talking about the ICANN board. In this instance the EU are the good guys.

            3. SImon Hobson Silver badge

              Re: Slippery slope

              thinking that a country or small (and getting smaller) group of them can dictate to the world...

              Actually they are not dictating to the world. A registrar based in the US can demand whatever information it likes from a US citizen and publish it in whois records for the world to see - but see other comments about California having just passed a similar law. As you point out, all of that bit is none of the EU's business.

              But, if the registrant (or anyone who's personal information is included in the registration) is an EU citizen, or lives in the EU, or the registrar has an EU presence - then any of these put the data collection and use within the scope of the EU regulations. But if (say) I as an EU citizen decide to register with a registrar based in the US (and with no EU presence) then that's my loss because I'd be giving my details to an outfit that I (should) know is outside the scope of the EU regulations.

              If I am more sensible and use an EU based registrar, then it is illegal for that registrar to pass any of my personal information to ICANN't - and so the EU registrars are simply telling ICANN't that they are ignoring the illegal clasuses in the contract and not passing along the personal information. In other words - the EU registrars could see what ICANN't were (or weren't) doing and put their own processes in place.

              It will be "interesting" to see what happens next - definitely needs popcorn on standby. The best ICANN't could try would be to cancel the contracts of any registrar not proving the information it wants - the "do as we tell you or bog off" approach. But just think of the ramifications - they'd instantly destroy the credibility of the (say) .com TLD. Just think how many (for example) .com domains the likes fo GoDaddy and Joker will have registered, and the chaos that cancelling the registrations of those domains would cause. Now I know ICANN't have some real problems with reality - but I don't even they would consider this a good move !

        3. This post has been deleted by a moderator

          1. This post has been deleted by a moderator

            1. This post has been deleted by a moderator

              1. This post has been deleted by a moderator

              2. Anonymous Coward
                Anonymous Coward

                Re: Slippery slope

                "justifying your predilections"

                Nobody mentioned child porn until you brought it up and started making spurious accusations. Projection?

        4. Jonathon Green

          Re: Slippery slope

          Those questioning whether companies based in one country can be held accountable for breaches of the law in other countries as a result of making services available over the internet might like to consider the fate of on-line betting companies who’s services were determined to be in breach of US law...

          If (as it seems at the moment) ICANN is determined to make itself the test case I have no doubt that the EU can and will make life very uncomfortable (and expensive) for them...

          1. Charles 9 Silver badge

            Re: Slippery slope

            I don't know. What makes you think ICANN can't find some way to blow it over, if not retaliate such as by calling out Protectionist President Trump? That's why a nuclear card may need to at least be threatened. Money won't really faze ICANN but the threat of being made irrelevant certainly will.

    3. Nick Kew Silver badge

      California Law

      Has anyone looked into whether this story (last week) might be relevant? California's own GDPR?

      1. Orv Silver badge

        Re: California Law

        I was going to say.

        California may not be much help to them for much longer. Maybe they can relocate to Delaware or somewhere else with a pliable legislature.

      2. John Brown (no body) Silver badge

        Re: California Law

        "Has anyone looked into whether this story (last week) might be relevant? California's own GDPR?"

        Exactly what I came here to post too. ICANN are on two years notice (sound familiar?) to comply with something very much like GDPR in their home state/jurisdiction. They may as well bite the bullet now and get it over with.

    4. Alan Brown Silver badge

      "Any expectations that they will even consider the idea of any law besides Californication one being applicable are a bit far fetched"

      Well, now that California has enacted its own version of GDPR....

      And of course it's worth pointing out that virtually the entire time they've been sticking their fingers in their ears and pretending that data privacy laws don't apply to them, the chair has been an extremely dodgy New Zealand intellectual property lawyer who has been utterly focussed on dollar signs(*) and a very long history of behaviour which indicates a personal reality distorton field which makes Jobs' one look minor.

      (*) There shouldn't be any prizes for guessing who the main mover and shaker about adding thousands of new TLDs was, or what kind of business he's now involved in.

  2. ratfox Silver badge
    Pint

    Good for regulators

    Couldn't happen to a nicer ineffective and corrupt organization.

    1. Pascal Monett Silver badge

      Re: Good for regulators

      Indeed, it is quite satisfying to see the pricks at ICANN taken down a notch or three.

      I just hope the slapping will continue.

      1. TheVogon Silver badge

        Re: Good for regulators

        "Indeed, it is quite satisfying to see the pricks at ICANN taken down a notch or three."

        And US corporations in general. I'm sure they will mostly be subsiding the EU budget for a good few years until they get their house in order!

        1. DCFusor Silver badge

          Re: Good for regulators

          No fan of ICANN myself. But I see other issues afoot here, and they're just a weak strawman in the wind by comparison. Precedent and all that. Though they probably do deserve a good whippin' behind the woodshed, I'd never argue that one.

          I see as more important the idea, which never seems to go away, that any one government or small group of them think they can grab the right to control something worldwide - something that shows us all how petty governments are in general, and which exposes their fakery in creating enemies for us to fear and them to rescue us from - at our expense.

          How come it's bad when China tries to do it but not anyone else? What a load.

          When I hang out with friends all over the earth on video chats, at one point I couldn't take it anymore - I had a group of Israelis and Iranians in the same call, swapping guitar licks, and no mention of politics in an hout. I asked, WTF, your governments are talking about bombing one another out of existence?

          Their response was "Doug, you know your government is full of sh*t, and the US is a big place. We live in smaller places. You don't think we KNOW OURS ARE FULL OF IT TOO? Why should it dictate who we can be friends with? Or who kills who?".

          It was a real wakeup moment for me. It's not the people who are the problem, and from space there's no lines on the ground where people on one side have to kill those on the other side. Governments worldwide are afraid more of us will wake up to this idea - that they create all the problems they want to pick out pockets to solve, or at least in the case of privacy, take money from those who steal it, also get the data for their own population control use, and pretend to care about our secrets. The key word is "pretend" people. Follow the $, or the power, which is the same thing.

          1. SImon Hobson Silver badge

            Re: Good for regulators

            that any one government or small group of them think they can grab the right to control something worldwide

            Yet again, the EU is NOT doing this. ICANN't really can do whatever they like with (say) US citizens' data and the EU won't give a toss. So a US registrar, operating in the US, can sell to a US citizen not living in the EU - and the EU is not trying to prevent the registrants personal information going into whois, that's for US authorities to deal with and note that California has just passed a law very similar to GDPR.

            But where (eg) the registrant is an EU citizen living in the EU, then that's different. It does not matter at all who the company is - GDPR applies and if the organisation has any presence in the EU then it's possible for the EU to fine it for GDPR breaches.

            Now, lets consider an analogy - a poor one because there's physical goods involved etc. Suppose a purely EU based car manufacturer wanted to sell their cars into the US. The US authorities would say words to the effect of "sell into our market and you abide by our rules" - so the cars would have to meet US DoT regulations, have lights that work "the US way", and so on. That's not the US saying that cars sold in the EU have to meet US regs - they simply would not care - only that cars sold into the US have to meet US regs. And it works both ways - a US manufacturer has to make their products meet EU regs if they sell them into the EU.

  3. Nattrash

    Is there a pattern here?

    >>> Still convinced that European law couldn't impact it [...]

    Haven't history shown something like this before? perople want to know...

    BTW, does anybody know whatever happened to those plans to create alternatives to ICANN? I think I remember some EU and Chinese noises to do so, and the US set to keep "the internet" in its own hands because "it would break the internet(!)". TBH, it would be some kind of answer; US doing the (privacy) stuff they want for their subjects, and Europe (and ROW) applying their philosophy. You know, applying a territories laws to the region of influence and not beyond...

    Ah well, looks like the Europeans will get compensation for those tariff experiments ☺

    >>> [...] was stunned to find that it faced multi-million-dollar fines [...]

  4. Teiwaz Silver badge

    Now this is taking control.

    The numpties in Westminster would have fallen all over themselves to back down the moment ICANN looked to be about to throw a hissy.

    1. Anonymous Coward
      Anonymous Coward

      Comparing the current flailing of our esteemed government and ICANN when dealing with europe has quite a few fun parallels. We're just not as far down the track.

  5. Detective Emil

    "… directly against the stated positions of both ICANN and its most influential members …"

    Sounds good to me.

  6. Edward Phillips

    Local Expertise

    The thing I find most inexplicable is that ICANN hasn't looked at the WHOIS systems in Europe that work - there are country domain registries who have solutions to GDPR working just fine, yet ICANN doesn't appear to consider them options. There are IPR lawyers in the UK and Germany, yet Nominet and DENIC don't seem to be struggling with this.

    1. I ain't Spartacus Gold badge

      Re: Local Expertise

      The ICANN board only do output nowadays. They're sitting on a huge pile of cash from the .names sale, and a steady regular income. Nobody has oversight of them, and they know it's too much of a ballache to try and move their role to the UN.

      So they can just sit their commissioning reports and then ignoring them when they don't like the results. Listening is something that happens to other people. The rest of their time is spent in first-class and 5 star accommodation, increasing their bonuses every year and pissing about. It's the perfect job. Nothing changes that fast anyway, and all roads to appeal lead to a random sub-committee of the board, usually with the same people on it who made the original shit decision. See reports passim of the dot.africa clusterfuck for details.

    2. TonyHoyle

      Re: Local Expertise

      Nominet simply don't list the address any more, just a statement that the address that they have on file is accurate.

      This is all that's needed. GDPR allows sharing data for legal purposes so there's no loss to law enforcement, just spammers/domain harvesters.

      Interestingly the RIPE database still contains this information, the argument I think being that the contacts for network blocks tend to be engineers in charge of them not individuals (plus they've implemented a right to have the data removed).

  7. onefang Silver badge

    We're gonna need more popcorn.

    1. I ain't Spartacus Gold badge

      No popcorn is the wrong item. Pitchforks and flaming torches are the way to deal with ICANN.

      Once the board have been buried at the crossroads with stakes through their hearts, then we can find some more competent (and less greedy) people to do it. And ICANN can go back to being very boring, and slowly tweaking the odd DNS setting every so often.

  8. Mark 85 Silver badge

    SImples

    Just turn off Whois until things get sorted out. The adage about "absolute power corrupting absolutely" is a big part of ICANN's problem.

    1. Number6

      Re: SImples

      That's sort of what has happened. Have you tried a whois query recently? The generic one gives a lot less information than it used to, and if you go to a registrar's site you get this in the notes:

      IMPORTANT: Port43 will provide the ICANN-required minimum data set per

      ICANN Temporary Specification, adopted 17 May 2018.

      Visit https://whois.godaddy.com to look up contact data for domains

      not covered by GDPR policy.

      Of course, if you're happy to go to their website then all is revealed if it's not a registration covered by GDPR because they have better control over it. Hopefully they'll add California residents to the same list as those covered by GDPR.

  9. Kevin McMurtrie Silver badge

    Break it all

    ICANN and the GDPR are both hopelessly broken. Solutions might come about more quickly if both sides stop looking for a middle ground between privacy and accountability that doesn't exist yet. Turn it off. I'll enjoy the summer of no Internet.

    Anyone thinking that 100% anonymous domain names are going to work wasn't paying attention to the dark old days of the Internet when that was essentially allowed.

    1. Charles 9 Silver badge

      Re: Break it all

      Until you have to order something you can only get from a site you can't reach...and no, you can't get it from the Sears catalog, either.

      1. doublelayer Silver badge

        Re: Break it all

        I have to wonder whether we really need whois anymore. Does anyone still use it to contact people? Anyone who has a dodgy site can just buy anonymity anyway, that is if they don't just put in junk.

        Recently, I decided I wanted a domain name that turned out to already be taken, but it wasn't being used. There was no system at the end, so I thought there might be a chance the people who registered it didn't need it anymore. So I did a whois on it to figure out who they were. Fortunately, I got neither junk nor a "privacy service" company. I actually found who owned the domain. And it was a company. I don't know why they have it, I don't know whether they are still planning to use it, and most importantly, I don't know how to find out. The addresses provided are all the main company (which has very little to do with this domain name anymore if they ever did). Somehow, I assume that sending an email to the address listed in whois, which is the same one as on their contact us page, and telling them that I'd like to buy a domain I don't think they're using won't be particularly productive.

        I'm wondering, therefore, whether whois is really of use in communicating with someone at the place that has the domain. I can see how this might have been helpful during the early days of the internet, when there were rather few sites online, but now that a lot of this is done automatically, I see little use for the system. Do any of my comments section countrymen have a purpose to keep it around?

        1. Mark 85 Silver badge

          Re: Break it all

          I have to wonder whether we really need whois anymore.

          Previous articles suggest that ICANN makes some nice money from, of all things, lawyers using it in mass to track down website owners for "infringement" purposes. Usually lawyers for the music and motion picture groups.

        2. Anonymous Coward
          Anonymous Coward

          Re: Break it all

          "I have to wonder whether we really need whois anymore. Does anyone still use it to contact people?"

          Yes, they do, and yes, we need it.

          In many cases the only publicly obvious way to get in touch with the technical IT people is the contact in the domain records.

          In our case, people contact us all the time. We run quite a few internet facing services, over a few dozen domains. In one or two cases we can be identified by the domain name, and in a few more, by the site content. Other sites do not have obvious links back to us, and if they do, those will go to end-user departments who have no understanding of technical issues, nor do they know who in the organization could even determine if it is our issue or a red herring.

          We get notifications of compromised systems (real or imagined), compromised accounts (real or imagined), legal issues with respect to site contents (RoI), reports of problems with the site, with mail systems, with DNS records, with network performance.

          We are contacted about security certificate issues by end users, partner organizations, or vendors.

          I've hosted our national police force, visiting to make inquiries on the behest of the US Secret Service... again found via DNS data. Until we trained them to call someone else here, there was a period when we got a call from one police force a week.

          We also get calls from the IT departments of similar organizations around the world, asking about various technical solutions and products we use or have evaluated.

          We use whois to find technical people who can resolve our issues with accessing external sites and services from our networks or systems.

          I'm sure there is more, but you should be getting the picture. The DNS contacts are the only more or less universally available contacts for systems on the Internet, and easily the most reliable such source, as well as the route most likely to put you in contact with a fairly experienced and technical individual.

    2. John Brown (no body) Silver badge

      Re: Break it all

      "Anyone thinking that 100% anonymous domain names are going to work wasn't paying attention to the dark old days of the Internet when that was essentially allowed."

      It's not about anonymous domain names at all. It's about not spaffing personal information all over the place and/or making it publicly available to Joe Soap. The registrars still have the right to request correct registration data and check it's accuracy and store it in the process of providing the service.

    3. Richard 12 Silver badge

      Re: Break it all

      This is about whether it's a good idea to hand your personal information to every spammer and fraudster on the Internet.

      Hint: It's a bad idea and should stop.

      Thousands of domains have been transferred due to fraudulent action. You must have heard of people being sent "Registration demands", that were actually a fraudster trying to take control of the domain.

  10. Anonymous Coward
    Anonymous Coward

    a silly question...

    Sorry for asking such a silly question, but this trouble is over a publicly searchable database of who owns or is in control of a domain name?

    like everyone else, why could they not send everyone an email telling them that they need permission to share that info.

    I know that acceptance of the sharing of info cannot be a requirement for use of the service, but that does not stop the hundreds of websites that are refusing access unless they can slurp, but surely the whole domain name registration thing has to have some exemptions for the internet to continue to function in a reasonable way.

    1. SImon Hobson Silver badge

      Re: a silly question...

      like everyone else, why could they not send everyone an email telling them that they need permission to share that info.

      Actually, yes they could - and it would be legal. Two issues with that though - with one leading from the other.

      By making it opt in (and no, it's not allowed to pre-tick the "I want to be spammed by the world" option on the web form !) it means that few will opt in. That's the first thing to keep in mind.

      That leads on to: ICANN't doesn't want to do that. Firstly it means they have to adapt their policies and systems to support it - a process which they claim will take years. Secondly it means admitting that it actually is bound by outside rules/laws.

      It looks very much like ICANN't have developed a real belief that they are a law unto themselves and don't have to consider what anyone else says - the comments about them having a Jobs like Reality Distortion Field seem well founded. They are suddenly finding out that this isn't the case.

  11. DerekCurrie Bronze badge
    Stop

    "The ludicrous situation" is the GDPR attempting to gut WHOIS

    Whatever ICANN's doing is fine with me. WHOIS is a critical part of the functioning of the Internet. What must be a RIGHT is to know who owns a website and to be able to take legal action to discover how to contact them for legal prosecution. To pretend that all owners of websites have the right to CON people, to present HATE SPEECH and to commit CRIME is insane. There must always be a way for every Internet user to trace exact responsibility for every website.

    Where I see logical arguments in this regard is whether everyone should have immediate access to detailed personal information about the website owner. I entirely agree that there should not be easily accessible address, phone number, email address or deeper details. But there must be well defined responsible owner information immediately available via WHOIS. There must then be a legal and logical path for discovery of all personal details for the purpose of legal action against the responsible owner.

    If these basic requirements cannot be met within the rules of the GDPR, then to hell with that aspect of the GDPR. I would fully expect all responsible and citizen representative governments to ignore any such ludicrous rules in the GDPR. That may be the only way to have such ludicrous rules removed from the GDPR. Criminal do NOT have the right to privacy. All people must have a method of immediately knowing a website's owner, no exceptions. All people must have a procedure for prosecuting criminal website owners, no exceptions.

    Why anyone would agree with protecting a criminal's privacy, I cannot imagine. How providing basic WHOIS information intrudes into the privacy of the rest of us, I cannot imagine. The key word here is *RESPONSIBILITY*. If someone is unwilling to take responsibility for their website and its contents, they should never be allowed to post their website onto the Internet. The goes for Granny as well as the leader of any nation.

    Who Are You? We all have a right to know, right now. No anonymous crooks; No anonymous cowards.

    1. Ken Hagan Gold badge

      Re: "The ludicrous situation" is the GDPR attempting to gut WHOIS

      So you look it up and discover that the owner is DrEvil@gmail.com. Does that actually help you with your leeal trouble? No. You have to dig deeper to get to someone you can sue and for that you will probably need the help of your local legal system. Funnily enough, your local legal system won't find that GDPR stands in their way.

    2. Charles 9 Silver badge

      Re: "The ludicrous situation" is the GDPR attempting to gut WHOIS

      The problem here is that ANYTHING that is open to the public is ALSO (part and parcel) open to ABUSE. Which is more important: being able to find someone who may well be acting on an alias, or protecting honest proprietors from being filched by shysters who take your publicly-available information and steal your identity?

    3. Anonymous Coward
      Anonymous Coward

      Re: What must be a RIGHT is to know who owns a website ...

      GDPR in this case is about not publicly broadcasting the info.

      It can still be obtained and stored by ICANN and still be available to law enforcement.

  12. StuntMisanthrope Bronze badge

    don'tbelievethehype.com

    It's a land grab by ne'er do wells. By luck, you have less financial centralisation and coercion, a technology and entrepreneurial business environment without barriers of entry and the ability to fail fast. Not so, over the pond. #youhavebeenwarned

    1. StuntMisanthrope Bronze badge

      Re: don'tbelievethehype.com

      The swamp is wallet deep in these parts.

  13. James Anderson

    As an EU citizen..

    Should I not have the right to know who owns a European domain name. If I want to know who owns a company I am dealing with I can go to companies house and get a list of the owners. What is so different about a domain name?

    The EU presents itself as a champion of the citizen but the net effect of thier meddling is some pointless messages saying " this site uses cookies", and, having to go through the extra step of waiving your GDPR rights anytime you sign up for a half useful service.

    It's all a pointless waste of time and money for everybody involved.

    1. doublelayer Silver badge

      Re: As an EU citizen..

      You should have the right to have your details private. That's the right that is due to you. If I am a company that you deal with, I shouldn't have the right to take your information and sell it without your consent. Even if I need to have that information to do what you paid me for, that doesn't mean I can do anything with it I please. The cookie warning is useful--even if they don't let you say no, you can know not to go there again and to clear your cookies, although I'll admit that I care less about cookies than many other things that are done. The GDPR statements about who has your data, why they have it, and what they are going to do with it provide information that lets you determine whether you trust them with your data and what precautions if any you will take when dealing with them.

      Now, onto having the right to know who owns a domain name, no, you don't have that right. More clearly, you don't have the right to know who owns a domain name if that person doesn't want to tell you. Consider a parallel: if you have a phone number and you don't know who it belongs to, you have no right to that information. If it is not listed by the owner somewhere, nobody you ask knows or is willing to tell you, and you can't get the person who answers to tell you, then you're out of luck. I have no obligation to list my phone number somewhere. I have no obligation to answer correctly if someone calls me up and asks who I am. Similarly, you don't have a right to know where I live, where I work, etc. You can find out yourself. You can ask and usually you will be told. I may release that information if I choose, where you can find it and use it freely. But you don't have a universal right to know.

      1. Charles 9 Silver badge

        Re: As an EU citizen..

        Bad parallel. How about a storefront instead, open to the public. Much as web site can be considered open to the public. Does not anything open to the public be required to be able to be confronted by the public it served, at least as a first resort before bringing the plods in?

  14. GcdJ

    At a micro level - I don't get SEO spam anymore

    I have a few domains that I use for a micro-business. Prior to GDPR (May 25th) I would get 3 or 4 spam emails a week offering SEO or web design services. Since May 25th I get ZERO spams offering these servcies.

    For this tiny benefit I love GDPR!! The data privacy is also important but it is extra value for me.

  15. Val1101

    My company is ignoring GDPR and all other EU nonsense. Zero interest in doing business with EU. Really, just don't care what they think.

    Val

    1. Anonymous Coward
      Anonymous Coward

      My company is ignoring GDPR and all other EU nonsense. Zero interest in doing business with EU.

      Oh good, how do you feel about Californians? Are you going to block them as well?

      Really, just don't care what they think.

      I guess you just don't care about the privacy of your customers.

      What's your company called, I'll make sure to avoid it.

  16. Panicnow
    Mushroom

    "GDPR is the worse legislation I've ever seen!"

    GDPR is a diabolical piece of legislation that makes EVERYONE a CRIMINAL!

    In order to comply you will have to:-

    Shred before disposing of anything with a name, an address, a telephone number or email address.

    ALL your emails etc HAVE to use BCC: for multiple recipients.

    You are advised to encrypt everything, in case you accidentally send it to the wrong person.

    You can use this legislation will be used to discredit anyone. E.g. FInd one example of a politician who copies your details to a third party and immediately report them to "ICO" and the policy, it is a CRIMINAL office.

    A full mass disobedience to comply will happen very soon!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019