The European Commission has suggested that law enforcement authorities could soon have restricted access to the WHOIS database that identifies website owners because the system is on a collision course with the EU’s strict new data protection law.
Law enforcement authorities have complained to the Commission about plans to change the system in May because they rely on WHOIS to look up a “significant number” of websites every week as part of criminal investigations. However law enforcement authorities are up in arms over the threat of having limited access to information to identify people who run websites.
Last month, EC3, the cybercrime division of EU police agency Europol, sent ICANN a document describing its position on the overhaul. The agency asked for there to be no access restrictions limiting analysts who use WHOIS in order to prevent cybersecurity breaches, citing investigators’ use of the database after last year’s WannaCry hacking and an attack on Deutsche Telekom’s networks that affected 900,000 customers.
But the Commission has warned that the sweeping new EU data protection regulation set to take effect on 25 May will mean that at least some personal information about website owners may no longer be displayed in WHOIS directories.
The WHOIS system is publicly available and contains names, email addresses, phone numbers and other information identifying people who registered internet domain names.
It has sparked a dispute between police forces and privacy activists, and the Commission has waded in to press for reforms from the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit organisation that requires information about people who register websites to be available in WHOIS databases.
The online directories of personal information are likely to clash with the new EU law, which requires a specific justification for an organisation to obtain Europeans’ personal data.