This week, members of the Coalition for a Secure and Transparent Internet (CSTI) – including NABP – will virtually take to Capitol Hill to meet with members of Congress to discuss restoring access to WHOIS data. NABP and other CSTI members will speak with congressional staff about how essential this data is to law enforcement and cybersecurity experts’ efforts to protect public safety online by enabling them to track down illegal online drug sellers and cybercriminals preying on eager and unsuspecting consumers during the coronavirus disease 2019 (COVID-19) crisis.
What is WHOIS data?
In simple terms, WHOIS data tells you who is responsible for a domain name, similar to a white pages of the internet. When an individual, business, government, or other entity licenses a domain name from a domain name registrar, they must provide the registrar certain contact information including the registrant’s name, address, email, and phone number.
Until enactment of the European Union’s 2018 General Data Protection Regulation (GDPR), WHOIS data was made publicly available by default. However, in response to GDPR many domain name registrars opted to globally redact WHOIS data. While industry, government, and public sector stakeholders have been discussing the issues ever since, a standardized system for access to/disclosure of WHOIS data has not yet materialized.
Why does this matter to NABP and the pharmacy community?
As a part of its mission to work with its member boards and jurisdictions to protect public health, NABP monitors the internet for rogue sites imitating legitimate pharmacies. This work relies, at least in part, on use of WHOIS data to identify the operators and affiliates of online pharmacy websites. At any one time, there are 35,000-40,000 websites selling prescription medicines; and, based on research conducted by NABP, nearly 95% of those websites operate out of compliance with applicable laws and pharmacy practice standards, putting patients at risk. Such websites may endanger patients by selling substandard and counterfeit medicines and controlled substances, such as opioids, without a prescription.
With the sheer volume of online pharmacy websites, and the ease at which domain names are registered, monitoring for illegal activity is challenging enough without the added barriers to access WHOIS data. This lack of transparency gives cyber criminals the ability to anonymously sell prescription drugs illegally on the open web. In March 2020 alone, tens of thousands of websites were registered with terms like “COVID,” “corona,” and “virus” – 90% of which were registered anonymously. Many websites have since been activated for the purposes of defrauding patients, including the sale of unapproved COVID-19 treatments and vaccines. Without ready access to WHOIS data, the work of public health organizations like NABP, investigators, regulators, law enforcement, and others in protecting patients online is substantially limited.