As a result of changes to data privacy laws such a GDPR and POPIA, changes are required to ensure WHOIS remains compliant.
WHOIS is a publicly available directory where one can look up information regarding who is responsible for a domain name.
POPIA currently takes precedence over other pieces of legislation that are governing data privacy and protection in South Africa. This is particularly important as the Act comes into full effect on 1 July 2021.
It is important for WHOIS to be aligned with POPIA to ensure that Registries and Registrars also comply to the ICANN’s policies.
Palesa Legoze, Chairperson of the .za Domain Name Authority (ZADNA) board, recently discussed how WHOIS must evolve under the Protection of Personal Information Act (POPIA).
Legoze was speaking at a webinar hosted by ZADNA, which looked at evolving online privacy laws.
The changes required by privacy laws should not cause the WHOIS database to lose its functionality – particularly in the context of law enforcement personnel who use the WHOIS data to conduct their investigations.
“The question is, in the South African context, what systems have to be put in place to ensure that law enforcement has access in real-time to WHOIS none public information, to ensure that they can conduct their investigations without delay and hindrance,” noted Legoze.
Other third parties, such as cybersecurity investigators and those involved in Intellectual Property protection, must also have access to none public information when they have a legitimate purpose.
Legoze said that South Africa needs to have a framework to assist these parties to have access to information in real-time.
It is therefore critical for those who use WHOIS data for their investigation to actively participate in the process of the evolving WHOIS Policy so that their needs can be incorporated.
Insight from industry players is needed
Therefore, those who use WHOIS data for their investigations are urged to get involved in the discussions regarding WHOIS in South Africa.
If not, the struggles that many law enforcement and cybersecurity investigators experienced in places like Europe and the USA when Temporary Specifications were implemented are evidence of what can go wrong.
The Temporary Specifications were put in place to ensure that Registry operators and Registrars comply with GDPR, while maintaining the existing WHOIS system to the greatest extent possible.
These have been replaced by the Interim Registration Data Policy, which in essence is the same.
“Some of the concerns that have been raised include the fact that the current WHOIS system’s ability to meet law enforcement needs had been drastically reduced,” said Legoze.
“Secondly, investigations were discontinued or delayed due to not getting access to the information as and when it is required – in real-time.”
Legoze indicated that that many cybersecurity professionals did not have the knowledge of how to request access to this important WHOIS data which was previously publicly available and has now been redacted.
Additionally, many were denied access even after following the proper protocols.
South Africa, therefore, needs cybersecurity professionals and law enforcement to be part of the process of evolving WHOIS policy so that their needs are comprehensively incorporated into the changes that must take place.
Legoze also highlighted that DNS abuse is on the rise and it threatens to undermine trust and confidence that users have in the Internet.
She noted that DNS abuse cybercriminals often piggybacks off the names of big events and happenings – such as COVID-19 pandemic.
“It has been widely reported that criminals are taking advantage of the pandemic by launching malicious online campaigns,” said Legoze.
“There has also been a spike in the number of COVID-related domain names being used to distribute malware, launch phishing and pharming scams.”
She added that consideration should be given to collaboration with registries and registrars around the world, as well as joining the Public Interest Registry that recently launched an institute to combat DNS abuse.