Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The impact of GDPR on WHOIS: Implications for businesses facing cybercrime
Cyber Security: A Peer-Reviewed Journal,
2
(2),
143-148
(2018)
Abstract
To protect privacy rights, the European Union’s General Data Protection Regulation (GDPR) has been effectively blocking access to the personal information of individuals who register Internet domains. Prior to the May 2018 GDPR enforcement deadline, this information was available through WHOIS, the directory service maintained by the ICANN, the organisation that manages the global domain system. By preventing access to this information, GDPR is depriving cyber security professionals of data that is vital for fighting a variety of Internet-based crimes. ICANN and European authorities have been engaged in high-stakes negotiations over who may legally access the data in the future, and how. To address the concerns of security professionals and others, ICANN has proposed creating a tiered system to allow accredited users, including security professionals, to continue accessing personal data. However, how that tiered system would work is unclear, complicated and mired in controversy. Corporate security officials should take note, as it could speed up the already rapidly escalating problem of cybercrime.
Keywords: GDPR; WHOIS; ICANN; Internet Corporation for Assigned Names and Numbers; PID; personal identifiable data; cybercrime; cyber security
The full article is available to subscribers to the journal.
Author's Biography
Anthony J. Ferrante is a Senior Managing Director and Global Head of Cybersecurity at FTI Consulting. He is based in Washington, DC in the Global Risk & Investigations Practice (GRIP) of the Forensic & Litigation Consulting segment. Anthony is considered an expert in cyber resilience, response and remediation services. He has more than 15 years’ top level cyber security experience, providing incident response and preparedness planning to more than 1,000 private sector and government organisations, including over 175 Fortune 500 companies and 70 Fortune 100 companies. Prior to joining FTI Consulting, Anthony served as Director for Cyber Incident Response at the US National Security Council at the White House, where he coordinated US response to unfolding domestic and international cyber security crises and issues. Building on his extensive cyber security and incident response experience, he led the development and implementation of Presidential Policy Directive 41 — United States Cyber Incident Coordination, the federal government’s national policy guiding cyber incident response efforts. Before joining the National Security Council, Anthony was Chief of Staff of the FBI’s Cyber Division. He joined the FBI as a special agent in 2005, assigned to the FBI’s New York Field Office. In 2006, Anthony was selected as a member of the FBI’s Cyber Action Team, a fly-team of experts who deploy globally to respond to the most critical cyber incidents on behalf of the US Government.
