A potentially dangerous side-effect of the new GDPR regulations has been identified, and it could be something of a boon for cyber criminals.
The regulations, which came into effect on May 25, require companies to gain explicit consent from users before harvesting their data, and must then adhere to strict rules on how it is kept. Whilst initially seen as a positive for consumers across Europe, who will see their data handled more securely, a few negative side-effects have begun to emerge.
Arguably the biggest of these concerns domain lookup service WhoIs, which has been told it can no longer offer the service for which it became famous around the world, as it’s not GDPR compliant.
WhoIs allows users to perform domain searches, IP lookups and search a global database for relevant information on domain registration and availability. It details the domain name owner and even the number of pages listed with Google – among other things.
The service isn’t just used by those seeking out a new domain name, however. For years, journalists and police officers alike have used WhoIs to quickly check the validity of websites and the individuals who may be behind them. With GDPR now in force, however, this identifiable information cannot be displayed, effectively making the service redundant for many of those who use it regularly.
Explaining why this is especially bad news in the fight against hackers, lawyers Brian Finch and Steven Farmer wrote a letter to the Wall Street Journal. In it, they said: “Police will be robbed of ready access to vital data drastically impeding their efforts to identify and shut down illicit activity. The regulatory rubric the EU has created will make it harder than ever to catch computer hackers.”
That said, some analysts have argued that limitations put on WhoIs wouldn’t actually make a difference to cyber security on the whole. The reason, they argue, is that WhoIs data from spurious websites is unlikely to be accurate, as that would make detection too easy. Instead, scammers are much more likely to provide false information – thereby removing any advantage that law enforcers could take by using such a system.
Meanwhile, WhoIs has asked for an extension to give it more time to become GDPR compliant – a request that has been denied.