Senators and congressmen have written an open letter to the US telecoms policy watchdog calling on it to immediately cease public disclosure of personal information about users of the country’s top-level .us domain.
The letter to the National Telecommunications and Information Administration (NTIA) was signed by three senators – Ron Wyden, Elizabeth Warren, and Brian Schatz – and eight members of Congress.
Calling for the uptake of “strong privacy protections for .us users”, it claims that since at least 2005 NTIA has taken no steps to direct contractors to adopt any such measures.
“The automatic public disclosure of users’ personal information puts them at enhanced risk for becoming victims of identity theft, spamming, spoofing, doxxing, online harassment, and even physical harm,” it said.
“Domain registration information contains highly sensitive personal information. These records include names, email addresses, physical addresses, and phone numbers. Domain name users can be anyone, including journalists, activists, and public interest, political, and religious organizations.”
“Decades of inaction”
Calling anonymity “a necessary component of the American right to free speech”, it censured what it called NTIA’s “decades of inaction to protect privacy” and urged the government body to provide .us domain users with protection that is free and automatically activated upon registration.
It added: “Any transfers to third parties, including public disclosure, should require a user’s affirmative, informed consent. NTIA should require governments, including our own, to seek a warrant or other appropriate legal process when requesting access to .us user data. And users should receive notice whenever possible that governments – especially adversaries like Russia and China – have sought access to their information.”
The letter further points out that country-level domain name providers in other states offer privacy services and allow proxy registrations to better defend their citizens, including many of the US’s largest trading partners.
“Not only does publishing all .us user data risk harming users, it is simply bad for business,” it added.
Privacy no threat to security
Wyden, Warren, and Schatz also contend in their letter that guarding user privacy is not detrimental to cybersecurity, pointing to research from the Internet Corporation for Assigned Names and Numbers suggesting that the number of domain names linked to malware, spam, botnets, and phishing has declined in recent years despite the global increase in user privacy protection.
The letter also points out that even large domain registrars dealing with tens of millions of registrations receive on average fewer than 200 police requests a year worldwide for registrant data.
“This figure implies that public safety would not be significantly impacted by protecting the privacy of .us users,” it added.
More from Cybernews:
Subscribe to our newsletter