ICANN GDPR lawsuit

Hank Nussbacher wrote:

The entire whois debacle will only get resolved when some hackers attack
www.eugdpr.org, ec.europa.eu and some other key .eu sites. When the
response they get will be "sorry, we can't determine who is attacking
you since that contravenes GDPR", will the EU light bulb go on that
something in GDPR needs to be tweaked.

You seem to assume that said light bulb does in fact exist.



( *.* )

That would be real time information involving 'essential' activities.
GDPR would not prevent determining the source of an attack.
GDPR specifically doesn't protect anyone involved in criminal activity
nor contradict any regulatory requirement (which covers cyber attacks).


That’s a wonderful theory. However, in practice, it’s a bit different.

GDPR eliminates or at the very least complicates the maintenance of directory

If past experience is any guide, once something becomes sufficiently difficult
to maintain while complying with regulation, said thing eventually ceases to
exist at least in any meaningful or useful form.

It is not at all unlikely that this will be the inevitable consequence of GDPR
when it comes to whois and thus, it is not at all unlikely that the scenario
Hank described may be an (admittedly unintended, but very likely) outcome of


once upon a time, when one received what had yet to be called spam, or
logs showed an attack, one wrote to the owner of the source ip to tell
them their system had been hacked. dunno about everyone else, but i
stopped doing that sometime in the '80s.


       _ //` `\
     _,-"\% // /``\`\
~^~ >__^ |% // / } `\`\
       ) )%// / } } }`\`\
      / (%/`/.\_/\_/\_/\`/
     ( ` `-._`
      \ , ( \ _`-.__.-%>
     /_`\ \ `\ \." `-..- `
    ``` /_/`"-=-``/_/
        ``` ```

I remember one night, early 1990s, watching keystrokes of a guy who'd
gotten into one of our systems and realized I knew the owner of the
system he was coming in from, a name most of you would recognize, so
called him at home at like 2AM which was appreciated.

ISTR that was the guy who was actually typing VMS commands to a unix
shell which is why I wasn't all that concerned, other than the holes
he'd used to get a shell prompt which is what I was trying to track