Evolving Registry DNS Abuse Management: The use of registrant personal data
For decades, the internet has improved lives worldwide by driving economic growth and facilitating the sharing of all types of information. In recent years, given the great dissemination of information, the world has become increasingly focused on why and how much personal information we collect, use, and share. Laws like the General Data Protection Regulation in the European Economic Area and analogous laws in the United Kingdom and certain U.S. states emerged to address the sharing and handling of personal information.
In the domain name industry, there is an ongoing lively debate on whether and how personal data of domain name registrants should be collected and published. Some believe that a safe and secure internet can only be ensured through the collection and publication of personal data of domain name registrants while others insist that personal data should be guarded at all costs. Regardless of this debate, the laws noted above greatly affect the means in which our industry can collect and process personal data. At Identity Digital, we are proving it possible to effectively and quickly stop, and even prevent, online harms without the need of registrant personal data. This allows us to sidestep any debate and be extremely mindful of the data we collect in compliance with applicable laws.
Identity Digital has always taken the prevention and mitigation of harms on the internet, including DNS Abuse (phishing, pharming, malware and botnets), seriously. Since our first top-level domain (TLD) was delegated, we have maintained a robust anti-abuse program and done our best to eliminate harmful material on the internet. In earlier years, like others, we looked for clues within available registrant information to aid our efforts in mitigating abuse. Over time, with improved processes, software, and training, we found that we did not need to rely on personal registrant information to improve our outcomes.
In fact, we recently evaluated our database of registrant information to better understand how much registrant data we, as a registry operator, hold. We discovered to our surprise that over 70% of registrant data we currently receive is either completely redacted by the registrar or, likely due to the increased focus on data privacy, masked by the registrant through a privacy or proxy service provider. Accordingly, our ability to effectively address DNS abuse without this data is excellent news.
Currently, as noted in our anti-abuse reports, our TLDs experience low rates of reported abuse without having to rely on personal information. More importantly, our human and software systems, all designed without the need to access registrant personal information, are tremendous in collecting direct evidence of harms and other technical data. These systems enable us to actively and quickly escalate and mitigate abuse, achieving better results without the need to further use registrant personal information. If you have any questions on how we might help you do the same, please let us know.