- Cyber-investigations and mitigations are impeded because investigators are unable to access complete domain name registration data.
- The mitigation or triage of cyber incidents cannot be accomplished in a timely manner.
- WHOIS has become an unreliable or less meaningful source of threat intelligence.
- Requests to access non-public WHOIS by legitimate investigators for legitimate. purposes are routinely refused.
- Those who protect Internet resources are also making more coarse blocking or mitigation decisions in the absence of what was formerly reliable data.
- The utility of WHOIS has been severely damaged.
- The redaction of WHOIS data is excessive.
APWG and M3AAWG make a number of recommendations as well:
- There must be an accredited access mechanism, providing tiered or gated access to qualified security actors.
- ICANN should not allow redaction of the contact data of legal entities.
- ICANN should adopt a contact data access request specification that will ensure consistency across all accredited registrars and gTLD registries.
- ICANN should ensure that the accredited access to redacted WHOIS data does not introduce delays in collecting or processing WHOIS data, and further, that the access not be encumbered by per request authorizations.
- ICANN should reconsider the current redaction policy.
- We ask that ICANN publish point of contact email addresses to provide investigators with an effective means of identifying domains associated with a victim or person of interest in an investigation.
In their final comments, the Working Groups encourage ICANN to improve the current, difficult condition, stating:
"We recognize that ICANN is likely aware of several of these issues. We also realize that ICANN organization and Board of Directors are awaiting the Expedited Policy Development Process for answers to many issues; however, we believe that the ICANN Board of Directors and ICANN organization have the ability to update the Temp Spec to fix the problems that this survey and others have identified as most pressing or egregious while the EPDP work continues."
It's essential that ICANN implement recommendations 2, 4, and 6 and quickly. From a public safety perspective, these are necessary adjustments. These fall within ICANN's remit to ensure security and stability of the Internet's Identifier systems. ICANN organization should further ensure that the parties involved in consensus policy development for the remaining recommendations consider the findings and analyses in this survey. This would be consistent with the organization's expressed desire to apply data to ensure informed policy deliberation.