It’s Time to Stop Domain Name Registrars and Registries from Facilitating Online Crime – and Profiting from It
Criminals buy domain names in bulk and weaponize them to launch endless anonymous cyberattacks and financial scams globally – making billions from their infinite supply of websites. Since the advent of the Internet, government and industry have pondered how to best regulate the online market for illicit trade, but little has been done to keep pace with profiteering cybercriminals.
Until GDPR was implemented in 2018, WHOIS data – the telephone directory of the Internet – made it possible for law enforcement, consumer protection agencies, child advocacy groups, anti-human trafficking organizations, cybersecurity investigators, intellectual property rights holders, journalists, academics and others to identify who registered any given domain.
Alarmingly, access to WHOIS data has been drastically curtailed as a result of overly broad interpretations of GDPR data privacy laws and the failure of registrars and registry operators to self-police. This has severely limited cyber investigations and restricted our ability to act quickly to protect American consumers.
Two Simple No-Cost Policy Actions to Make the Internet Safer Now
No-cost solutions already exist to protect consumers from widespread, longstanding criminal exploitation of an anonymous Internet by holding domain name registrars accountable for dangerous – even deadly – content online.
Congress must step up now to enact these two simple, no-cost polices and the Administration must aggressively enforce them in order to make the Internet safer today:
- Restore WHOIS data transparency
- Lock and suspend suspicious domain names