GDPR 'risks making it harder to catch hackers'

A service used to identify and contact website owners has been forced to strip out most of the information on its site to comply with the EU’s GDPR legislation.

Whois, which is used by the police and journalists to check the legitimacy of websites, no longer displays the name, email address or phone number of some websites.

Icann, the owner of Whois had asked for a delay to comply with GDPR.

The request was turned down.

In a letter to the Wall Street Journal entitled, The EU’s gift to Cybercriminals, lawyers Brian Finch and Steven Farmer claim: “Police will be robbed of ready access to vital data drastically impeding their efforts to identify and shut down illicit activity.”

“The regulatory rubric the EU has created will make it harder than ever to catch computer hackers,” they wrote.

Mr Farmer told the BBC that the lack of guidance given by the EU is making companies extremely cautious about the regulation.

He said that because “the consequences of getting it wrong are so serious”, companies are being “extremely conservative in interpreting the law”.

“It’s regrettable we didn’t have guidance on the key principles,” he said.

Whois was used by cyber-security firms as well as law enforcement.

Nik Whitfield, chief executive of cyber-security company Panaseer, said he had used Whois to help companies spot dodgy emails.

“The service is valuable for protection as it helps provide context around whether an external website is legitimate or potentially unsafe,” he told the BBC.

At the time of writing, some websites were still presenting non-redacted website information.