WASHINGTON — The White Houses top cyber official lashed out Monday at European data regulations that will soon take effect.
The European Unions General Data Protection Regulation, which limits how companies can use and store European citizens data, will “undercut a key tool for identifying malicious domains on the internet,” tweeted White House cyber coordinator Rob Joyce.
He was referring to the WHOIS database, which stores information about the registrants and operators of websites. Cybersecurity researchers often use WHOIS information to identify hackers and urge hosting companies to disconnect their sites.
Because the WHOIS database “will be noncompliant” with the GDPR, Joyce said, it will either have to face the consequences or “purge the data that makes it useful to find bad actors.”
“Cyber criminals are celebrating GDPR,” Joyce said, in an unusually sharp criticism of the policy of a close U.S. ally.
The State Department is also concerned about the GDPRs effect on the continued availability of WHOIS data. “There [could] be limited access to this registry — what could be in the registry and who could have access to it,” Rob Strayer, the departments top cyber official, said last week.
Joyce was retweeting security journalist Brian Krebs, who predicted that if the GDPR shut down the WHOIS database as expected, “the volume of spam, phishing and just about every form of cybercrime is going to increase noticeably.”