September 21, 2022

Wyden, Eshoo Lead Bicameral Effort Urging NTIA to Protect Website Owners’ Personal Information, Quickly Adopt Strong Privacy Protections

Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., and U.S. Representative Anna G. Eshoo, D-Calif., today led a bicameral effort urging the National Telecommunications and Information Administration (NTIA) to upgrade its privacy practices to protect the personal information of .US users.

Domain registration information contains highly sensitive personal information. These records include names, email addresses, physical addresses and phone numbers. Domain name users can be anyone, including journalists, activists and public interest, political and religious organizations.

“It is highly concerning that NTIA, since at least 2005, has not directed its contractors administering .US to adopt any protections for this sensitive information. The automatic public disclosure of users’ personal information puts them at enhanced risk for becoming victims of identity theft, spamming, spoofing, doxxing, online harassment, and even physical harm,” the lawmakers wrote in a letter sent to NTIA Assistant Secretary and Administrator, Alan Davidson. “.US should be a model of the United States’ values with regard to online privacy and expression. In addition to putting users at risk of abuse of their information, the current lack of privacy protections chills vibrant expression and important speech online. Anonymity is a necessary component of the American right to free speech.”

There is little evidence that the continued public disclosure of this information makes the global internet any less safe or secure. In fact, despite the domain industry increasing privacy protections for users over the last several years, the Internet Corporation for Assigned Names and Numbers (ICANN) has recently observed that the number of domains responsible for phishing, malware, spam and botnets has declined. 

In their letter, the lawmakers highlighted appropriate measures NTIA could implement to correct for decades of inaction to protect privacy in .US, including:

  • Offering privacy to users free of charge and automatically upon registration.
  • Requiring a user’s affirmative, informed consent for transferring user data to third parties, including public disclosure.
  • Requiring governments, including our own, to seek a warrant or other appropriate legal process when requesting access to .US user data.
  • Alerting users whenever governments – especially adversaries like Russia and China – have sought access to their information.

NTIA has the opportunity to model a more secure and private system for registering internet domains through its control of .US, the members wrote. Adding new privacy protections to .US could provide a global model for privacy best-practices for protecting domain name user data.

The letter was co-signed by U.S. Senators Brian Schatz, D-Hawaii, and Elizabeth Warren, D-Mass., and U.S. Representatives Ted Lieu, D-Calif., Sara Jacobs, D-Calif., Zoe Lofgren, D-Calif., Ro Khanna, D-Calif., Tom Malinowski, D-N.J., and Stephen F. Lynch, D-Mass.

Read the full letter here.

###

Press Contact

Keith Chu (Wyden) (202) 224-5244