RiskIQ is closely monitoring the draft Temporary Specification/policy that was published yesterday and will govern WHOIS from a GDPR perspective over the next year after finalization and adoption by ICANN's Board.
From a review of the Temporary Specification, it appears that the Board has been taking seriously the accountability issues we raised in our letter sent to them over the weekend as some of the concerns are reflected in the Temporary Specification. And, from the ICANN webinar addressing the Temporary Specification this morning, ICANN recognizes that a lot of work needs to be done to ensure ICANN accountability is in place.
We remain concerned that ICANN is not assuming it evident that compliance needs to have additional resources in tandem with the Temporary Specification coming into effect. Just like ICANN expects the WHOIS database operators to have specialists on staff to properly conduct legitimate interest analysis for WHOIS queries, ICANN must also have specialists on staff to hold the WHOIS database operators accountable. To take a 'wait and see' attitude on whether more resources are needed seems irresponsible as it will cause unnecessary delays in the compliance process.
We will be providing comments on the Temporary Specification in the next couple of days with the goal of ensuring appropriate modifications are incorporated into the Temporary Specification before anticipated adoption by the Board this Thursday. A redline copy of the Temporary Specification is available here (also from within the ICANN update on the proposed Temporary Specification).
Jonathan Matkowsky is the Vice President of Brand Security and Intellectual Property at RiskIQ
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...