The General Data Protection Regulation (GDPR) could kibosh WHOIS requests and make the job of incident response much harder indeed
On 25 May the General Data Protection Regulation (GDPR) will come into effect, and could make the job of incident response a whole lot harder for security researchers. The Internet Corporation for Assigned Names and Numbers (ICANN) could find itself on the wrong end of fines up to four percent of global revenue unless it makes changes to the WHOIS system of querying domain name registrant databases. Currently, this type of registrant research is used as an investigative tool by security professionals when it comes to tackling everything from phishing scams to malware distribution sites. It’s often something of a first stop during an incident response, especially where a legitimate site has been compromised to distribute malware without the registered owners knowing.
While most domain name registrars already offer a privacy protection service that hides registrant name, address and telephone contact from the public-facing WHOIS search, this doesn’t appear to be enough to satisfy GDPR affirmative consent requirement. As a result, ICANN has proposed both redacting personal data from WHOIS and an accreditation process to verify the legitimacy of those (security professionals, law enforcement, journalists) who use it within their investigations.