Redacted Registrant Contact Data Requests
During the period from January 1, 2022 through August 31, 2022, we submitted 2751 requests to 340 ICANN-accredited registrars.
- Of those 2751 requests, 395 were compliant (14%).
- Of the 340 registrars to whom we made requests, only 55 provided registrant data (16%).
- 761 requests for registrant data did not receive a response at all (28%) and 327 received only an auto response (12%).
- 967 requests received a response indicating legal action (such as a subpoena) was required to obtain registrant data (35%).
Appdetex Whois Request System
The Appdetex Whois Request System was developed to help our customers obtain non-public WHOIS data following the implementation of GDPR in June 2018.
The system sends customer-verified, non-public WHOIS data requests for cybersecurity, consumer protection, and intellectual property enforcement activities in order to improve internet safety and security.
A Brief History
A need for data
The launch of the EU GDPR in May 2018 provided the impetus for developing this system. Before GDPR launched, we began working with our customers to provide a means of acquiring WHOIS data for legitimate enforcement purposes after the advent of GDPR. In the Spring of 2018, we worked with major brands to build a system for submitting these requests until ICANN approved a unified WHOIS request process governing all registrars. In June 2018, the Appdetex WHOIS Request System (AWRS) became operational.
How the system works
The system is a workflow management tool in which customers initiate WHOIS requests on customer-identified domains for verified legitimate uses. Data is maintained for each individual customer in accordance with applicable data protection requirements and is not shared with other customers or third parties.
Iteration and improvements
Over the course of several months of use, we were able to gather vital feedback from registrars regarding the format and content of WHOIS data requests. We used that feedback to make significant modifications to the system.
We were able to include language specifically required by individual domain registrars, removed requests for associated domains, and began WHOIS requests for only single domain names. We had our IP address safelisted with registrars when possible to facilitate the WHOIS request process. To the extent certain registrars required subpoenas or other legal requirements, we sought other solutions as opposed to sending repeated requests.
Personal contact with registrars was a crucial part of our work, including calling registrars directly, in an effort to conform the system to registrars’ individual data domain request processes.