Redacted Registrant Contact Data Requests
During the period from September 1, 2020 through February 28, 2021, we submitted 4,575 requests to 182 ICANN-accredited registrars. Of those individual requests, only 10.1% resulted in responses that included registrant data.
Of the 182 registrars to whom we made requests, 121 registrars provided registrant data. Sixty-one registrars were completely unresponsive to our requests for registrant data. While the majority of registrars acknowledge requests for data, they provide NO data.
Appdetex Whois Request System
The Appdetex Whois Request System was developed to help our customers obtain non-public WHOIS data following the implementation of GDPR in June 2018.
The system sends customer-verified, non-public WHOIS data requests for cybersecurity, consumer protection, and intellectual property enforcement activities in order to improve internet safety and security.
A Brief History
A need for data
The launch of the EU GDPR in May 2018 provided the impetus for developing this system. Before GDPR launched, we began working with our customers to provide a means of acquiring WHOIS data for legitimate enforcement purposes after the advent of GDPR. In the Spring of 2018, we worked with major brands to build a system for submitting these requests until ICANN approved a unified WHOIS request process governing all registrars. In June 2018, the Appdetex WHOIS Request System (AWRS) became operational.
How the system works
The system is a workflow management tool in which customers initiate WHOIS requests on customer-identified domains for verified legitimate uses. Data is maintained for each individual customer in accordance with applicable data protection requirements and is not shared with other customers or third parties.
Iteration and improvements
Over the course of several months of use, we were able to gather vital feedback from registrars regarding the format and content of WHOIS data requests. We used that feedback to make significant modifications to the system.
We were able to include language specifically required by individual domain registrars, removed requests for associated domains, and began WHOIS requests for only single domain names. We had our IP address safelisted with registrars when possible to facilitate the WHOIS request process. To the extent certain registrars required subpoenas or other legal requirements, we sought other solutions as opposed to sending repeated requests.
Personal contact with registrars was a crucial part of our work, including calling registrars directly, in an effort to conform the system to registrars’ individual data domain request processes.