WHOIS in peril?

Wednesday 4 October 16:00 - 17:30, Small talks

Neil Schwartzman (CAUCE)

On 25 May 2018, the European Union General Data Protection Regulation http://ec.europa.eu/justice/data-protection/reform/index_en.htm comes into effect.

WHOIS, one of the data systems critical to anti-abuse work, is profoundly affected by these new privacy laws. Some personal data, for example the email addresses of registrants, may be redacted from WHOIS.

To further complicate matters, ICANN has re-designed the WHOIS publication protocol, and there is a simultaneous move to switch to the new method, RDAP, which is currently being rolled-out. https://www.icann.org/news/announcement-2017-09-05-en

There are several groups within ICANN dealing with the changes envisioned to make WHOIS GDPR-compliant, none more hands-on than the GNSO RSD PDP working group, currently in discussions as to how best to comply with the GDPR, while maintaining a viable WHOIS service https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

  • How will GDPR affect WHOIS?
  • Will domain registrations all begin to look like those of .eu? or the unparsable image of .be?
  • What does an anti-abuse work look like in a world without a deep WHOIS service?
  • Is there any saving WHOIS from this fate?
  • What are the next steps politically? Legally?

Please join us for a discussion of all aspects of these impending changes.



Neil Schwartzman

Neil Schwartzman is a management consultant working with such clients as Apple Inc. and Mailchimp Inc. and has been involved in cybersecurity since 1994, when he wrote the world's first distributed spam filtering software.

Mr Schwartzman is the Executive Director of the Internet's oldest end-use advocacy group, the Coalition Against Unsolicited Commercial Email (CAUCE.org). In this capacity, he has been the Co-chair of the Messaging Anti-Abuse Working Group's (M3AAWG.org) Awards, Hosting, and Public Policy Committees, a founding member of the UCENet (a.k.a. The London Action Plan), a representative to the Anti-Phishing Working Group, the Stop Spam Alliance and the Anti-Spyware Coalition, and an appointed member of Canada's Federal Ministerial Task Force on Spam.

In 2012, he helped spearhead a yearlong external review and augmentation of cybersecurity and messaging anti-abuse best practices of the Organization of Economic Co-operation and Development's Anti-spam Toolkit undertaken by the London Action Plan, Industry Canada, MAAWG and CAUCE and presented these findings to the OECD, in Paris, France. He has participated in working groups of the U.S. Federal Communications Committee's 'Communications Security, Reliability and Interoperability Council' II and III specifically focused on the impact of malware and botnets.

Schwartzman won the first annual M3AAWG.org Mary Litynski Award for lifetime achievement in his work in anti-abuse.








Other VB2017 papers

The state of cybersecurity in Africa: Kenya

Tyrus Kamau (Euclid Consultancy)

The cyber threats Kenya faces range from basic hacking such as website defacements, financial fraud, social media account…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.