GDPR 'risks making it harder to catch hackers'
- Published
A service used to identify and contact website owners has been forced to strip out information on its site to comply with the EU's GDPR legislation.
Whois is often used by journalists and police to make quick checks into the legitimacy of websites. It no longer shows contact names, email addresses or phone numbers.
Icann, the owner of Whois, had asked for more time to comply with GDPR despite having had years to prepare.
The request was turned down.
In a letter to the , lawyers Brian Finch and Steven Farmer claimed: "Police will be robbed of ready access to vital data drastically impeding their efforts to identify and shut down illicit activity.
"The regulatory rubric the EU has created will make it harder than ever to catch computer hackers," they wrote.
Mr Farmer told the ´óÏó´«Ã½ that the lack of guidance given by the EU was making companies extremely cautious about the regulation.
He said that because "the consequences of getting it wrong are so serious", companies are being "extremely conservative in interpreting the law".
"It's regrettable we didn't have guidance on the key principles," he said.
Whois is used by cyber-security firms as well as law enforcement.
Nik Whitfield, chief executive of cyber-security company Panaseer, said he had used Whois to help companies spot dodgy emails.
"The service is valuable for protection as it helps provide context around whether an external website is legitimate or potentially unsafe," he told the ´óÏó´«Ã½.
However, supporters of the new privacy regulation note that cyber-criminals were never likely to have provided accurate contact details for their scam websites, and highlight that the law does provide added protection for legitimate registrants.
At the time of writing, some websites were still presenting non-redacted website information.