DomainTools, LegitScript, Spamhaus and others join forces to advocate for legislation to preserve accessible WHOIS data

Several leading internet security and consumer safety organizations are joining forces to launch a new group called the Coalition for a Secure and Transparent Internet (CSTI). The group’s objective is to preserve a critical tool that protects internet users and consumers: WHOIS data, which functions as a sort of phone book for the internet. By permitting lookup of who has registered a domain name, WHOIS helps protect consumers from fraud, children from predators, and email users from spam and phishing.

WHOIS has been openly available since the beginning of the internet. However, the recent implementation of the EU’s GDPR privacy regulations has threatened the availability of this data set, not merely for EU domain names but for nearly all the world’s websites. As more and more of this data is withheld it adversely affects the ability of cyber security professionals, consumer advocates, and others to protect networks, organizations and internet users globally.

CSTI was organized to promote and protect open access to WHOIS and other Domain Name System (DNS) information as a critical tool in network and cyber security, consumer protection, brand protection, and anti-abuse on the internet. The coalition was launched by DomainTools, LegitScript, and Spamhaus with early support from ACT | The App Association, Alliance for Safe Online Pharmacies, Center on Illicit Networks and Transnational Organized Crime, Coalition for Online Accountability, Crucial Point LLC, CTO Vision, Liberty Asia, Motion Picture Association of America, National Association of Boards of Pharmacy, and the Recording Industry Association of America. More allies are in the process of joining.

“Transparency of WHOIS data is fundamental to fair dealing, consumer protection, and public safety online,” said LegitScript CEO John Horton. “The potential blackout of WHOIS data gives predators, fraudsters and spammers safe haven to hide their identities. Every day, every single internet user benefits from the work that security experts, law enforcement, researchers and others do in reliance on accessible WHOIS data. This data going dark is a bad thing for average internet users and the integrity of the internet.”

“At its core, the Internet is an open network, fundamentally operating on trust,” Tim Chen, CEO of DomainTools said. “Helping to enforce that trust are systems like WHOIS that give individual internet users insight into who is behind a website or link they may navigate to, or who sent a given email that landed in their inbox.  Applied at scale, the WHOIS data empowers everyday security features built into real-time spam filters and browser navigation alerting systems.”

CSTI is advocating for U.S. legislation to require transparent WHOIS data for domain names operated by or engaged in commerce with Americans.

“The EU GDPR does not require a WHOIS blackout,” said Paul Luehr, advisor to CSTI and head of the privacy and cybersecurity practice at Faegre Baker Daniels LLP. “The GDPR only applies to EU natural persons, but it has been interpreted by many as a reason to block WHOIS data for all registrants, including those conducting commercial and financial transactions online, who should have some accountability to consumers. As a former FTC manager and federal prosecutor, I worry about the average consumer who will increasingly fall victim to spammers and scammers in the lengthening shadows of the internet.”

CSTI maintains that, “unless WHOIS data remains publicly available, cybercriminals – from nation-state actors and ransomware terrorists to online drug dealers and spammers – will threaten the security of the open internet. Supporting law enforcement in keeping the internet safe is a large group of motivated security researchers who are often the first to discover, map and convey cyberattack activity to relevant targets and authorities. CSTI was launched to fight for the ability of internet and network security professionals to continue to do their work to protect the public.”