Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Download the PDF
Mr. Göran Marby
ICANN President and CEO
Mr. Cherine Chalaby
March 28, 2018
Request for Adequate Assurances Relating to WHOIS and GDPR
Dear Messrs. Marby and Chalaby:
We and other digital threat management professionals, such as the security and anti-abuse community, intellectual property professionals and their respective rights’ holders, including our customers (“we” or “us”), rely on WHOIS data as an essential element in discovering, identifying, tracking, and mitigating threats online.
With less than sixty days left, having a draft document reflecting “over-compliance” with GDPR is an egregious violation of ICANN consensus policies. This unmistakenly undermines the stability and security operations of the Internet’s unique identifier systems. ICANN is damaging the openness, interoperability, resilience, security, and stability of the DNS, which is not required by law.
ICANN is accountable to the Internet community for operating in accordance with its Articles of Incorporation and the Bylaws, including its Mission. We draw your attention to the March 15, 2018, GAC Communiqué – San Juan, Puerto Rico, particularly GAC Consensus Advice to the Board with respect to WHOIS and the GDPR, including the rationale for the Consensus Advice on pages 9-10 therein. If ICANN were to adopt the “Calzone” model or a substantially similar iteration that suffers from the same flaws, ICANN would be taking “an action that is not consistent with”1 (i.e., rejecting) GAC Advice. Under the ICANN Bylaws, GAC Consensus Advice may only be rejected by a vote of no less than 60% of the Board,2 and the GAC and the Board are required to “then try in good faith, and in a timely and efficient manner, to find a mutually acceptable solution.”3
ICANN must have a means to compel the registrars and registry operators to provide access to WHOIS data to the extent allowed by applicable law, and to participate in the tiered access model. We fear registrars are going to mask their data come May. We must know that ICANN will be in a position to enforce its agreements with the Registries and Registrars consistent with applicable law.
We respectfully request that the interim model be revised so that it is not “over-compliant” with GDPR and protects data in accordance with applicable law, including an appropriate method of tiered access that will allow us to maintain the “stability and security” of the Internet.
Very truly yours,
Trouble viewing the survey? Click Here
1 ICANN Bylaws, as amended, § 12.2(a)(x).