In response to an inquiry earlier this Summer by Congressman Robert Latta (R-OH), several federal agencies have offered insight into the importance of WHOIS as well as their difficulties in gaining access to the information since the implementation of the European Union’s General Data Protection Regulation went into effect in Spring of 2018.

Responses from the U.S. Food & Drug Administration, Federal Trade Commission, National Telecommunications & Information Administration as well as the Department of Homeland Security’s Immigration & Customs Enforcement Homeland Security Investigations and the National Intellectual Property Rights Coordination Center all stressed the value and importance of WHOIS information in the execution of their individual obligations. As the FDA stated, “Access to WHOIS information has been a critical aspect of FDA’s mission to protect public health.”

The agencies also all confirmed that the implementation of the E.U. General Data Protection Regulation had limited their timely access to this data with detrimental results. While an inability to access to this data presents challenges in the best of times, it is compounded during times of crisis which typically result in a spike in fraud. According to the FDA, “…lack of WHOIS transparency significantly hindered FDA’s ability to identify sellers of fraudulent and unproven treatment for COVID-19 as well as illegitimate test kits and counterfeit or substandard personal protective equipment.”

What is clear is that the implementation of the E.U.’s GDPR has made it more difficult and time-consuming to identify and stop fraudulent activity on the Internet. ICANN recognized the severity of this issue and created an Expedited Policy Development Process to look into and develop a solution to balancing individuals’ privacy with consumer protection and cyber security. Unfortunately, that process has now concluded without an acceptable solution to access this important information.

“HSI views WHOIS information, and the accessibility to it, as critical information required to advance HSI criminal investigations, including COVID-19 fraud. Since the implementation of GDPR, HSI has recognized the lack of availability to complete WHOIS data as a significant issue that will continue to grow.”

Given the inability of ICANN to come up with a solution that addresses the problems highlighted by these federal agencies, now is the time for Congress to engage and restore access to WHOIS information so that we can better protect our consumers.

You can read the individual responses from the federal agencies below:

FDA
FTC
ICE/HSI
NTIA
DOJ/FBI