Senators Wyden, Warren urge NTIA to protect ‘highly sensitive’ domain registration info
Several members of Congress called on the National Telecommunications and Information Administration (NTIA) on Wednesday to do more to protect the privacy of domain registration information.
U.S. Senator Ron Wyden (D-Ore.) and U.S. Representative Anna G. Eshoo (D-Calif.) led a group of lawmakers in criticizing the NTIA for not protecting the “highly sensitive” personal information used to register for .US domains.
The records contain user names, addresses, phone numbers and email addresses.
The Congress members said it is “highly concerning” that NTIA has not directed its contractors administering .US domains to adopt any protections for this sensitive information since at least 2005.
“The automatic public disclosure of users’ personal information puts them at enhanced risk for becoming victims of identity theft, spamming, spoofing, doxxing, online harassment, and even physical harm,” the lawmakers said in a letter to NTIA Assistant Secretary and Administrator Alan Davidson.
They also wrote that "anonymity is a necessary component of the American right to free speech."
The NTIA did not respond to requests for comment.
The lawmakers claimed there was no reason for the information to be disclosed publicly, and suggested the agency automatically offer privacy free of charge upon registration.
NTIA should also require users to provide affirmative consent “for transferring user data to third parties, including public disclosure,” the letter said.
According to the lawmakers, government entities, including in the U.S., should be forced to seek a warrant to request access to .US user data, and users should be alerted if such access is granted.
The letter argues that the government should set an example for the rest of the world by creating a “more secure and private system for registering internet domains through its control of .US.”
Alongside Wyden and Eshoo, Senators Brian Schatz (D-Hawaii) and Elizabeth Warren (D-Mass) joined U.S. Representatives Ted Lieu (D-Calif.), Sara Jacobs (D-Calif.), Zoe Lofgren (D-Calif.), Ro Khanna (D-Calif.), Tom Malinowski (D-N.J.), and Stephen F. Lynch (D-Mass.) in signing the letter.
The letter comes after several government agencies globally have highlighted domain cybersecurity as an area of concern in recent weeks, with domain registrars having been hacked in the past.
A spokesperson for Wyden told The Record that there was no international coordination on the announcements but noted that this has been a longstanding concern among privacy experts.
Last year, a .US advisory body asked NTIA for increased privacy among .US domains, the spokesperson noted.
“In the broader ICANN [International Corporation for Assigned Names and Numbers] community, debates continue on how to protect privacy for domain name registrants,” the spokesperson said.
“This letter signals that Senator Wyden and other privacy leaders want to ensure that the interests of folks that want access to this data do not trump the privacy rights of individuals registering domain names.”
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.