Several members of Congress on Wednesday called on the National Telecommunications and Information Administration (NTIA) to do more to protect the privacy of domain registration information.
U.S. Sen. Ron Wyden (D-Ore.) and U.S. Rep. Anna G. Eshoo (D-California) led a group of lawmakers in criticizing the NTIA for failing to protect ‘highly sensitive’ personal information used to register domains .US.
The records contain usernames, addresses, phone numbers, and email addresses.
Members of Congress said it was “very concerning” that the NTIA has not directed its contractors administering .US domains to enact protections for such sensitive information since at least 2005.
“Automatic public disclosure of users’ personal information puts them at increased risk of becoming victims of spoofing, spamming, spoofing, doxxing, online harassment, and even physical harm” , lawmakers said in a letter to NTIA Deputy Secretary and Administrator Alan. Davidson.
They also wrote that “anonymity is a necessary component of the American right to free speech.”
The NTIA did not respond to requests for comment.
The lawmakers claimed there was no reason for the information to be released publicly and suggested the agency automatically offer privacy for free upon registration.
The NTIA should also require users to provide affirmative consent “for the transfer of user data to third parties, including public disclosure,” the letter states.
Lawmakers say government entities, including in the United States, should be required to seek a warrant to request access to .US user data, and users should be alerted if such access is granted.
The letter argues that the government should set an example for the rest of the world by creating a “more secure and private system for registering Internet domains through its control of .US.”
Alongside Wyden and Eshoo, Senators Brian Schatz (D-Hawaii) and Elizabeth Warren (D-Mass) joined U.S. Representatives Ted Lieu (D-Calif.), Sara Jacobs (D-Calif.), Zoe Lofgren ( D-Calif.), Ro Khanna (D-Calif.), Tom Malinowski (DN.J.) and Stephen F. Lynch (D-Mass.) signing the letter.
The letter comes after several government agencies around the world highlighted domain cybersecurity as a concern in recent weeks, with domain registrars having been hacked in the past.
A spokesperson for Wyden told The Record there was no international coordination on the announcements, but noted that this has been a long-standing concern among privacy experts.
Last year, a .US advisory body asked the NTIA for increased privacy between .US domains, the spokesperson noted.
“Within the larger framework of ICANN [International Corporation for Assigned Names and Numbers] community, debates continue on how to protect the privacy of registrants,” the spokesperson said.
“This letter signals that Senator Wyden and other privacy leaders want to ensure that the interests of those who want to access this data do not outweigh the privacy rights of those who register domain names.”