AppDetex WHOIS Requestor System (AWRS)
Managing the complex WHOIS request process
The AWRS was developed for and is used by our customers to obtain non-public WHOIS data following implementation of GDPR in June 2018. Following customer review, the AWRS sends customer-verified, non-public WHOIS data requests for cybersecurity, consumer protection, and IP enforcement activities. For the period from July 2019 to October 2019, the AWRS data for all customer non-public WHOIS requests1 shows:
- AWRS submitted a total of 585 requests to 91 ICANN-accredited registrars;
- 63 registrars, 69% responded with an acknowledgement of some type;2
- 28 registrars, 31% did not respond;
- 13 registrars, 14% provided compliant data.
- Of these 585 requests:
- 585 requests, 16% resulted in responses with compliant data.
The background on the AWRS begins before implementation and enforcement of the EU GDPR on May 25, 2018. AppDetex’s customers believed they would be unable to acquire WHOIS data for legitimate uses after GDPR. After ICANN Puerto Rico in Spring 2018, several major brands discussed with AppDetex about building a workflow process for submitting WHOIS requests until ICANN approved a unified WHOIS request process governing all registrars. On June 2, 2018, AWRS became operational to enable customers to obtain non-public WHOIS data for cybersecurity, consumer protection, and IP enforcement uses through submission of customer-reviewed and verified requests to registrars. At its core, AWRS is a workflow management tool in which customers initiate WHOIS requests on customer-identified domains for verified legitimate uses. Data is maintained for each individual customer in accordance with applicable data protection requirements and is not shared with other customers or third parties. Following several months of use, the AWRS was significantly modified to address communicated concerns from registrars regarding the format and content of WHOIS data requests. For example, the AWRS was modified to include language specifically required by individual domain registrars. To the extent certain registrars required subpoenas or other legal requirements, AppDetex sought to find other solutions as opposed to sending repeated requests. AppDetex made efforts to have its IP address whitelisted with registrars to the extent that such an option was offered by them to facilitate the WHOIS request process. AppDetex also modified AWRS notices to remove requests for associated domains and began WHOIS requests for single domain names only. Finally, AppDetex made personal contact, including calling registrars directly, in an effort to conform the AWRS to the registrars individual data domain request processes.