Washington, D.C. | October 17, 2019
On October 17, the Coalition for a Secure & Transparent Internet (CSTI) hosted a Capitol Hill briefing entitled: What is WHOIS: Understanding One of Our Most Critical Cyber Assets.
CSTI convened law enforcement officials from the Department of Justice and Drug Enforcement Administration, along with representatives from the National Association of Boards of Pharmacy, Motion Picture Association of America and Kroll to discuss with policymakers how restricted access to WHOIS data impacts their investigations and ultimately public safety.
According to Neil Fried, Senior Vice President of Federal Advocacy and Regulatory Affairs for the Motion Picture Association of America, “All law enforcement and industries start their investigation online with the WHOIS database.” Jason Gull, Senior Counsel, Computer Crime and Intellectual Property Section (CCIPS), U.S. Department of Justice, agreed, noting the role WHOIS has played in online investigations, “the speed at which the people are able to communicate and also to commit crimes over the internet has given rise to a need for some sort of rapid information sharing. [WHOIS] is a critical thing that we do to get at least expedited preservation of evidence before it can go away.”
Unfortunately, because of an overly broad interpretation of the European Union’s General Data Protection Regulation, this information is now being almost entirely redacted. “We are finding that WHOIS is turning into WHOWAS. We have historical information about what WHOIS from a year ago and the new information is like having an old phone book,” Gull added.
GG Levine, Digital Health Manager from the National Association of Boards of Pharmacy spoke to the impact the GDPR has had on their efforts to identify illegal online pharmacies selling opioids and prescription medicine illegally, “Since the GDPR has come into effect, instead of having a window to see behind the websites, we have a brick wall.”
The briefing was particularly timely given the ongoing negotiations between the National Telecommunications Information Administration (NTIA) and ICANN, the international organizations with oversight on this issue. ICANN will hold its next meetings in November and NTIA has targeted these meetings as a deadline to see, ‘substantial progress’ toward a workable access model for this important information.
CSTI supports NTIA’s efforts to achieve a global solution through ICANN but believes the U.S. must continue to assert its prerogative to preserve resources, like WHOIS, that are critical to consumer protection.
Alan Brill, Senior Managing Director at Kroll, summed up the discussion perfectly by pointing out, “The only people who are helped by not having WHOIS are the bad guys.”