Rep. Latta Considering All Options to Restore Whois Database for Law Enforcement
House Communications Subcommittee ranking member Bob Latta, R-Ohio, is considering all options to restore law enforcement access to ICANN’s Whois database, a spokesperson told us Wednesday. Earlier, FTC Chairman Joe Simons wrote Latta about concerns about the availability of accurate domain name registration information when investigating crimes.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Latta wrote Simons June 24 asking how the FTC uses the Whois database to carry out its law enforcement mission, saying the EU’s general data protection regulation negatively affected law enforcement’s ability to identify bad actors online. Simons wrote Latta July 30 saying the FTC routinely relied on Whois before the GDPR took effect in May 2018 to investigate fraud, locate perpetrators and return money to victims. ICANN in response to the GDPR has limited access to the information, he wrote. We obtained the correspondence through a Freedom of Information Act request.
Simons offered one potential solution: Congress could mandate “disclosure of domain name registration data associated with legal entities, as opposed to natural persons.” The GDPR protects information of natural persons but doesn’t apply to information about legal entities, which own a significant percentage of domain names, Simons wrote: “ICANN’s current mechanisms result in over-application of the GDPR by permitting registrars to choose whether to make the registration data of legal entities public or not. We have raised this issue within ICANN’s policy development process.”
Latta is “still monitoring the process at ICANN to restore WHOIS information and would like to see a solution that enables law enforcement and others to utilize the database to identify bad actors in a similar way to pre-GDPR implementation,” his office said.
Congress could pass legislation mandating U.S. registrars and registries that sell domain names to U.S. citizens have an open, accessible and accurate database. Proponents say ICANN and its contracted parties don’t have incentive to maintain an open and accurate database because it’s a liability.
ICANN hasn’t communicated with the FTC specifically on Simons’ letter to Latta, an ICANN spokesperson emailed. He noted the current multistakeholder process to ensure Whois operates under new global data privacy regulations. ICANN welcomed participation in the process from the FTC, NTIA and other agencies.
In response to the GDPR, ICANN “developed new policies that significantly limit the publicly available contact information relating to domain name registrants,” Simons wrote Latta. The FTC has been forced to request names, addresses, phone numbers and emails directly from registrars, which is “time-consuming and cumbersome,” he said. The agency would benefit from “greater and swifter access to domain name registration data,” Simons wrote, and the FTC has been working with other agencies on solutions.
The Department of Homeland Security, Food and Drug Administration and DOJ have noted the importance of maintaining the Whois database and how the current situation is putting U.S. citizens at risk.