Home Archives Profile Subscribe

APWG Monograph: ICANN interpretation of GDPR impedes cyberinvestigations

Thursday, 06 June 2019


WhoisisclosedIn the aftermath of the adoption of the EU GDPR, ICANN’s policies for access to domain registration data (Whois) have created adverse consequences for investigations into terrorist activities, political influence campaigns and cybercrimes, creating serious threats to public safety.

In this APWG monograph, I explain how Whois data is employed during preventative and forensic cyber investigations – and how ICANN’s interpretation of GDPR in particular delays development of programmatic machine-driven responses that are widely used to maintain public safety and are vital to the long-term viability of the Internet as a governable domain.

Image by https://www.flickr.com/photos/carbonnyc/ 

Posted at 09:11 AM in All matters security, Domain names and DNS | | Comments (0)

Spotlight Posts

  • Facts & Figures: Whois Policy Changes Impair Blocklisting Defenses
    Two independently conducted studies demonstrate that the onset of masking Whois contact data has had the direct, corresponding, and ongoing effect of reducing the number of blocklisted domains, dramatically undermining the efficiency of this and other security countermeasures.
  • Conservative abuse reporting throws new TLD program under the bus
    ICANN has released a January 2019 domain abuse report generated from the Domain Abuse Activity Repor...
  • APWG and M3AAWG Survey Finds ICANN WHOIS Changes Impede Cyber Investigations
    The Anti-Phishing Working Group (APWG) and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) have collaborated to conduct a survey of cyber investigators and anti-abuse service providers to understand how ICANN’s Temporary Specification for gTLD Registration Data has affected their access and usage of domain name registration information and their ability to mitigate abuse. I served as Principal Investigator for APWG and M3AAWG for this project. I received strong subject matter expertise support from both working groups. From our analysis of 327 survey responses we find that the changes to WHOIS access following ICANN’s implementation of the Temp Spec...
  • What is Ransomware
    Ransomware is a cyberattack (a virus) that is used to extort money. Originally, criminals used ransomware to extract payments from individuals for the recovery of personal information. Today, cyberattackers extort payments from businesses for the recovery of sensitive information. No one is immune to ransomware. Criminals have extorted payments for the recovery of medical or personal data from healthcare providers and have locked guests out of their hotel rooms. Even industrial systems may prove to be vulnerable to ransomware. Early ransomware, called locker ransomware, prevented a victim from accessing a desktop or browser. Cyberattackers quickly evolved to a more sophisticated...
  • Spam: The Security Threat You Easily Forget
    About this time last year, I spoke at a Cybersecurity conference in Krakow. I was asked during a video interview to identify security threats that I believed were most pressing. (Ignore the suit...) Yes, I said spam. Not DDoS? Not ransomware? Not breach of personal data? Not IoT? Are you daft, Dave? No. My thinking has not changed a full year later. Spam is a criminal infrastructure enabler Spam may have been merely annoying, unsolicited messages in your inbox at one time, but that was a millennia ago. The average spam volume reported to the Cisco Talos Email and Web...
Next