On Sept. 30, 2021, M3 AAWG and the Anti-Phishing Working Group (APWG) provided its recommendations to ICANN regarding WHOIS domain name access. M3 AAWG and APWG had conducted surveys in 2018 and 2021 to understand the impact of ICANN implementation of the EU GDPR Temporary for gTLD Registration Data.

The 2021 results showed that changes to WHOIS access “…are impeding cyber applications and forensic investigations and as a result could cause harm to victims of phishing, malware and other cyber attacks…” (as noted in the recommendations, published here, https://www.m3aawg.org/sites/default/files/icann_recommendations_whois_survey_report-sept302021.pdf)

The WHOIS records are used by law enforcement, forensic investigators and others to understand criminal activity, identify malware and malicious domains and other investigations. Criminals often purchase domains in bulk for attacks or to escape detection, and criminal elements often switch among their domains to elude law enforcement. Investigators use bulk domain data to identify those misusing them. 

The GDPR Temporary Specification has reduced the utility of the WHOIS data and introduced delays into its use. In the 2021 survey, 70 percent of respondents said investigations were negatively affected, affecting how threats can be identified and handled. 

As a result, M3 AAWG and APWG have recommended that access of relevant data be readily available and that ICANN must establish a system of registrant data access for trusted persons, with privacy and security controls. The third recommendation is for a workable ICANN policy for sporadic and bulk users. 

The full letter of recommendation can be seen at https://www.m3aawg.org/sites/default/files/icann_recommendations_whois_survey_report-sept302021.pdf. 

News coverage also is available here, https://www.worldtrademarkreview.com/brand-management/balancing-privacy-and-security-when-tackling-dns-abuse-m3aawg-and-apwg-make-whois-recommendations