Questions? +1 (202) 335-3939 Login
Trusted News Since 1995
A service for global professionals · Sunday, February 28, 2021 · 536,086,220 Articles · 3+ Million Readers

Interisle Study Reveals Excessive Withholding of Internet WHOIS Data

ICANN policy suppresses contact data needed to maintain a secure and interoperable Internet

HOPKINTON, MA, USA, January 25, 2021 / -- Interisle Consulting Group ( today announced the publication of a major new research report, the WHOIS Contact Data Availability and Registrant Classification Study. The report presents an in-depth analysis of how contact data for Internet domain names—which make all web sites, email, and apps work—has disappeared from public access, impeding cybercrime investigation, consumer protection, Internet security, and online commerce.

Contact data identifies who registered and controls a domain name, and this information has long been available in a public lookup system called WHOIS. The European Union’s General Data Protection Regulation (GDPR), adopted in May 2018, restricted the publication of personally identifiable data in WHOIS. In response, the Internet Corporation for Assigned Names and Numbers (ICANN) established a new policy, allowing registrars and registry operators to redact (withhold) personally identifiable data from publication in WHOIS.

The Interisle study finds that ICANN’s GDPR-driven policy has resulted in the redaction of contact data for 57% of all generic Top-level Domain (gTLD) names. ICANN’s policy has allowed registrars and registry operators to hide much more contact data than is required by the GDPR—perhaps five times as much. Including “proxy-protected” domains, for which the identity of the domain owner is deliberately concealed, 86.5% of registrants can no longer be identified via WHOIS—up from 24% before the ICANN policy went into effect. The implications of this ICANN policy change are profound: consumers can no longer use WHOIS to confirm the identities of parties they may want to transact with on the Internet, it is harder for law enforcement personnel and security professionals to identify criminals and cybercrime victims, and brand owners face greater challenges defending misuse of their intellectual property.

Interisle’s analysts visited 3,000 domain names to see if the web site owners could be identified. “More than half of gTLD domain names—51.7%—are now controlled by unidentifiable parties,” said Lyman Chapin, an Interisle partner and co-author of the study. “These are domains that cannot be attributed to a registrant or site owner, either via WHOIS or by examining their web site content. Before GDPR and ICANN’s policy, only about 18% of domains were controlled by unidentifiable parties. This seriously impedes timely response to criminal activity and efforts to find and help the victims of cybercrime.”

“A study like this was long overdue,” said Greg Aaron, Interisle associate and principal analyst of the study. “ICANN’s stated goal was to ‘ensure compliance with the law while preserving the current information contained in WHOIS to the greatest extent possible.’ The new study demonstrates that ICANN has not met this goal. The result has deprived parties of data they need to help maintain a secure and interoperable Internet. The study gives policy-makers inside and outside of ICANN the data they need to make adjustments.”

The full text of Interisle’s report is available at

About Interisle Consulting Group

Interisle's principal consultants and associates are experienced practitioners with extensive track records in industry and academia and world-class expertise in business and technology strategy, Internet technologies and governance, financial industry applications, and software design.

Interisle is currently engaged in a long-term effort to collect and analyze data on the way in which criminals abuse the Internet and its users, so that Internet policy development can be informed by reliable and reproducible intelligence based on data rather than anecdotes. As part of this effort Interisle has already published three study reports:

Phishing Landscape 2020, which captures and analyzes a large set of information about phishing attacks, to better understand how much phishing is taking place and where it is taking place, and to see if the data suggests better ways to fight phishing.

Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN, which assesses the effectiveness and impact of ICANN's registration data access policies and procedures by examining the practices of 23 registrars that collectively sponsor more than two-thirds of the registrations in the generic top-level domains (gTLDs).

Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access, which confirms a popular hypothesis that cybercriminals take advantage of bulk registration services to “weaponize” large numbers of domain names for their attacks, and illustrates how ICANN's policy of redacting WHOIS point of contact information to comply with the GDPR significantly encumbers cybercrime investigation.

For more about Interisle, please visit:

For media inquiries related to Interisle, please contact the Interisle partners at

David Piscitello
Interisle Consulting Group
+1 843-715-4018
email us here

Powered by EIN Presswire

EIN Presswire does not exercise editorial control over third-party content provided, uploaded, published, or distributed by users of EIN Presswire. We are a distributor, not a publisher, of 3rd party content. Such content may contain the views, opinions, statements, offers, and other material of the respective users, suppliers, participants, or authors.

Submit your press release