Insights | White Papers
WHOIS Contact Data Availability and
Registrant Classification Study
Interisle Study Reveals Excessive Withholding of Internet Whois Data
ICANN policy suppresses contact data needed to maintain a secure and interoperable Internet
January 25, 2021
Interisle Consulting Group today announced the publication of a major new research report, the WHOIS Contact Data Availability and
Registrant Classification Study. The report presents an in-depth analysis of how contact data for Internet domain names — which
make all web sites, email, and apps work-has disappeared from public access, impeding cybercrime investigation, consumer protection,
Internet security, and online commerce.
Contact data identifies who registered and controls a domain name, and this information has long been available in
a public lookup system called WHOIS. The European Union's General Data Protection Regulation (GDPR), adopted in May 2018, restricted
the publication of personally identifiable data in WHOIS. In response, the Internet Corporation for Assigned Names and Numbers (ICANN)
established a new policy, allowing registrars and registry operators to redact (withhold) personally identifiable data from publication in WHOIS.
The Interisle study finds that ICANN's GDPR-driven policy has resulted in the redaction of contact data for 57% of all
generic Top-level Domain (gTLD) names. ICANN's policy has allowed registrars and registry operators to hide much more contact data than
is required by the GDPR-perhaps five times as much. Including ‘proxy-protected’ domains, for which the identity of the domain
owner is deliberately concealed, 86.5% of registrants can no longer be identified via WHOIS-up from 24% before the ICANN policy went
into effect. The implications of this ICANN policy change are profound: consumers can no longer use WHOIS to confirm the identities of
parties they may want to transact with on the Internet, it is harder for law enforcement personnel and security professionals to identify
criminals and cybercrime victims, and brand owners face greater challenges defending misuse of their intellectual property.
Interisle's analysts visited 3,000 domain names to see if the web site owners could be identified. “More than
half of gTLD domain names-51.7%-are now controlled by unidentifiable parties,” said Lyman Chapin, an Interisle partner and co-author
of the study. “These are domains that cannot be attributed to a registrant or site owner, either via WHOIS or by examining
their web site content. Before GDPR and ICANN's policy, only about 18% of domains were controlled by unidentifiable parties. This seriously
impedes timely response to criminal activity and efforts to find and help the victims of cybercrime.”
“A study like this was long overdue,” said Greg Aaron, an Interisle associate and principal analyst of the study.
“ICANN's stated goal was to ‘ensure compliance with the law while preserving the current information contained in WHOIS to the greatest
extent possible.’ The new study demonstrates that ICANN has not met this goal. The result has deprived parties of data they need to help
maintain a secure and interoperable Internet. The study gives policy-makers inside and outside of ICANN the data they need to make adjustments.”
You may read an Executive Summary of the Report or
the complete Report.
You may also download the Data File that accompanies the report.
Comments can be submitted to firstname.lastname@example.org
The opinions, findings, and conclusions or recommendations expressed in this report are the product of independent work conducted by
Interisle Consulting Group, without direction or other influence from any outside party, including parties that may have provided funding to support the work.
World class expertise
in Internet technology
and network strategy