European data protection laws could end up shielding cyber criminals too, fear experts

Varun Agarwal | | Updated on: May 23, 2018
image caption

A European regulation that seeks to safeguard the personal information of ordinary citizens could end up providing cyber criminals a safe hiding place as they steal your data and even money, say experts.

The General Data Protection Regulation, which comes into effect from May 25, restricts companies from putting into the public domain any personal data belonging to European citizens, without their explicit permission. This will impact access to data in respect of who owns a website; this in turn will allow hackers and cyber criminals to hide behind a wall in the name of privacy, fear experts.

“For example, if a website has child sex abuse images, apart from trying to take down the website, security and tech companies work with law enforcement agencies and look at who owns the domain name and see if the same person/s are also buying names and websites in other domain names,” explained Ram Mohan - Executive Vice President & Chief Technology Officer at Afilias, a domain name registry provider. Mohan also serves on the board of ICANN.

“My apprehension is that with effect from May 25, all WhoIS information will be anonymised. If that happens, it will be a setback for people fighting cybercrime. Right now, it is easy to find out who owns a website. Now, there will be several barriers to get that information. GDPR will slow down the speed at which law enforcement can fight crime,” he said.

Security companies use the WhoIs database, a central repository of information of website owners globally, to determine criminal patterns to track other websites being run by a single criminal organisation, which may be being used for activities ranging from stealing users’ financial data, credit card information to even spreading child pornography.

“We use artificial intelligence on top of this data to create patterns that help us take down thousands of malicious websites at once. Now, we will be able to take down only one website at a time, giving cyber criminals time to register newer websites and make them difficult to catch,” Mohan said.

Security experts feel that the EU will have to make changes to the GDPR to prevent criminals from exploiting the loophole here. “We hope the EU will change the regulation as it impacts even EU countries,” said Jaspreet Singh, Partner-Cybersecurity at EY.

“This will challenge the very existence of ICANN. The GDPR will have limitations on publishing any personally identifiable information. Now the data will be under registrars and they can decide how much data they can share,” said Prashant Gupta, Partner at Grant Thornton India.

“ICANN will have to sign contracts with registrars all over the world. That will take time. ICANN being American and GDPR being European, there will be a challenge,” Gupta said.

The impact of the regulation will be felt beyond the EU. That said, experts feel this will compel the EU to relax the GDPR to allow public access of data about website owners.

Published on May 23, 2018

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like

Recommended for you