ICANN disputes FDA’s assertions about Whois

Domain system overseer disagrees with FDA rep’s complaints about Whois.

Logo for Food and Drug Administration has FDA in white letters on blue background

ICANN CEO Göran Marby has sent a letter (pdf) to the U.S. Food and Drug Administration disputing a presentation (pdf) one of its representatives made this month.

Dan Burke, the U.S. FDA’s Chief of the Investigative Services Division, gave a presentation on June 2 about Whois at a webinar sponsored by The Coalition for a Secure and Transparent Internet (CSTI).

DomainTools, LegitScript, and Spamhaus founded CSTI to advocate for open Whois records in the wake of the EU’s General Data Protection Regulation (GDPR). All of these groups use Whois data for investigations, and much of that information has been obscured in the wake of GDPR.

ICANN disputes several things that Burke said during the presentation.

1. A requestor must have a subpoena to access non-public registration data

The prepared presentation said that most registrars will not share Whois data without a subpoena. But during the presentation, Burke said that the only way to get Whois data was with a subpoena.

ICANN noted that registrars and registry operators must provide reasonable access to registrant data at the request of legitimate interests. How this plays out in practice is open for debate, though.

Burke notes that some registrars won’t take action. He pointed to adderallstore(.)com, a domain registered at Crazy Domains (owned by Newfold Digital). He said that the FDA asked Crazy Domains to take the domain down and the registrar said it’s just the registrar and the FDA should contact that host. (Note that this was a take-down request, not a Whois request.) Burke said some registrars help in cases like this, and some don’t.

He also said unwillingness by registrars has led the FDA to go up a level to registries, and pointed to a pilot program it is running with Verisign and PIR:

Pilot program to crack down on online opioid sales to begin

2. ICANN salaries and those at registrars/registries are tied to selling more domains.

The insinuation is that ICANN looks the other way because its people make more money when more domains are registered. ICANN denies this. Given current registration numbers and ICANN’s budget, I’m inclined to agree that “bad domains” aren’t propping up salaries.

It’s a more relevant argument for some registrars and registries that count on malicious registrations to fill their coffers.

3. ICANN ignores complaints from government agencies

ICANN explained its role in the internet ecosystem and the ways to participate. In his presentation, Burke said he doesn’t have the bandwidth to try to work with ICANN.

The takeaway

Whenever I write about the lack of public Whois data, people inevitably comment that bad actors used fake Whois data. But security researchers point out that even bad data has value. Burke mentioned that Whois data allowed it to draw links between networks and more easily get subpoenas based on that info.

If I were to use the Politifact rating system, I’d give Burke’s presentation a “Mostly True” or “Half True” rating. It’s mostly accurate but leaves out important details.

Post link: ICANN disputes FDA’s assertions about Whois

© DomainNameWire.com 2022. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:

  1. ICANN Wants to Trap WHOIS Abusers for Study
  2. What the provocative WHOIS report means for domain investors
  3. GDPR will make domain name transfers more difficult
Back to top button