Restricted Access to WHOIS Data Jeopardizes Brand Owners Online

As many brand owners know, WHOIS data is the publicly available information on who has registered a particular internet domain name. In layman’s terms, WHOIS records are akin to land title or property tax records: a record of who owns the internet property of domain names available in .com, .net and other generic top-level domain (gTLD) spaces. Each WHOIS record contains basic contact information for the domain name registrant: name, address, phone number, email address and certain other technical attributes. Since the dawn of the internet, gTLD registrars and registries – those companies who sell domain names – have collected contact information from all registrants at the time of registration.

WHOIS data is critical to brand owners as they police the misuse of their trademarks online and take corresponding enforcement action to protect their customers and maintain the integrity of their goodwill. They rely on WHOIS to help determine who is operating suspect websites that mislead customers about the source of their products or outright defraud them through the dissemination of counterfeits. In these instances, WHOIS data is used to identify the scale of such efforts across multiple domain names, the perpetrators behind such efforts and their networks of accomplices. Brand owners are all too familiar with the seemingly endless nature of the fight to protect trademarks online, and promptly obtaining access to WHOIS contact information is imperative for keeping pace with online infringement.

Because of an overly broad interpretation of the EU’s General Data Protection Regulation (GDPR), many domain name registrars and registries are shutting down public access to WHOIS data. This not only has the effect of impeding brand owner investigations and limiting the ability to protect American consumers and businesses, but it destabilizes the security of the open web. Already, cyber investigators and counter-terrorist agents are experiencing increasing difficulties utilizing WHOIS data as compared to before the enactment of GDPR, and we expect this situation to worsen.

While efforts have been undertaken by the Internet Corporation for Assigned Names and Numbers (ICANN) to develop an access model moving forward, those efforts have proven unsuccessful. The more time that lapses without resolution, the less safe are U.S. consumers who ever increasingly rely on the integrity of trademarks online. As Jason Gull, Senior Counsel in the Department of Justice’s Computer Crime and Intellectual Property Section mentioned at an October 2019 Capitol Hill briefing on WHOIS, “We are finding that WHOIS is turning into ‘WHOWAS.’ We have historical information about WHOIS from a year ago and the information is like having an old phonebook.

The National Telecommunications and Information Administration (NTIA) noted in an April 2019 letter that WHOIS, “is a critical tool” for intellectual property protection and stressed the importance of the creation of a timely solution that ensures access to WHOIS for brand owners, law enforcement and other stakeholders. That letter expected “significant progress” by the November 2019 ICANN meetings in Montreal. Those meetings have now come and gone without any notable steps toward a resolution.

The impact of this most recent missed deadline pushes the hope of an acceptable resolution another 12-18 months at minimum, as policies must be agreed to and any eventual access model will take time to be implemented. Meanwhile, criminals, infringers and their international networks can operate unencumbered, pulling in record profits from their cybercrimes. With the continued proliferation of bad actors online, brand owners, law enforcement, government agencies, security experts and researchers are already under strain to keep up with their increasingly sophisticated schemes. WHOIS records are indispensable for tracking down victims, sources and the perpetrators themselves.

FaegreBD client the Coalition for a Secure and Transparent Internet (CSTI) is raising awareness of the vital role that WHOIS domain name registration data plays in protecting brand owners and their consumers. If these issues impact your business and your brand, please contact the authors of this alert to stay informed on the latest developments and actions you can take to safeguard your domain name registration data.