AppDetex WHOIS Requestor System (AWRS)
Managing the complex WHOIS request process
The AWRS was developed for and is used by our customers to obtain non-public WHOIS data following implementation of GDPR. Following customer review, the AWRS sends customer-verified, non-public WHOIS data requests for cybersecurity, consumer protection, and IP enforcement activities. Over the life of the AWRS, the period from June 1, 2018 to June 20, 2019, the AWRS data for all customer non-public WHOIS requests1 shows:
- AWRS submitted a total of 11,689 requests to 413 ICANN-accredited registrars;
- 196 registrars, 47.45% responded with an acknowledgement of some type;2
- 217 registrars, 52.55% did not respond;
- 46 registrars, 11.14% provided compliant data.
- Of these 11,689 requests:
- 510 requests, 4.36% resulted in responses with compliant data.
Following discussions with registrars, resulting in modifications to the process,3 the requests for the period November 1, 2018, through June 20, 2019, improved as noted below:
- AWRS submitted a total of 770 total requests to 105 registrars;
- 75 registrars, 71.42% responded with an acknowledgment of some type;
- 30 registrars, 28.58% did not respond;
- 15 registrars, 14.28% provided compliant data.
- Of these 770 requests:
- 108 requests, 14.02% resulted in responses with compliant data.
Collaboration with registrars yielded 20% improvements in registrars’ response rates and nearly doubled the rate of registrars providing compliant data in response to requests. If a standardized WHOIS request process is adopted, either via the ICANN ePDP working group, a universal access model, or some other mechanism, we believe that registrars will more readily provide compliant data to help abate cybersecurity, consumer protection, and IP enforcement.
The background on the AWRS begins before implementation and enforcement of the EU GDPR on May 25, 2018. AppDetex’s customers believed they would be unable to acquire WHOIS data for legitimate uses after GDPR. After ICANN Puerto Rico in Spring 2018, several major brands discussed with AppDetex about building a workflow process for submitting WHOIS requests until ICANN approved a unified WHOIS request process governing all registrars.
On June 2, 2018, AWRS became operational to enable customers to obtain non-public WHOIS data for cybersecurity, consumer protection, and IP enforcement uses through submission of customer-reviewed and verified requests to registrars. At its core, AWRS is a workflow management tool in which customers initiate WHOIS requests on customer-identified domains for verified legitimate uses. Data is maintained for each individual customer in accordance with applicable data protection requirements and is not shared with other customers or third parties.
Following several months of use, the AWRS was significantly modified to address communicated concerns from registrars regarding the format and content of WHOIS data requests. For example, the AWRS was modified to include language specifically required by individual domain registrars. To the extent certain registrars required subpoenas or other legal requirements, AppDetex sought to find other solutions as opposed to sending repeated requests. AppDetex made efforts to have its IP address whitelisted with registrars to the extent that such an option was offered by them to facilitate the WHOIS request process. AppDetex also modified AWRS notices to remove requests for associated domains and began WHOIS requests for single domain names only. Finally, AppDetex made personal contact, including calling registrars directly, in an effort to conform the AWRS to the registrars individual data domain request processes.