10 Democrats ask NTIA to add Whois privacy to .us domain names.
While Whois records in most top level domains are now private, .us remains an outlier: the U.S. government specifically forbids Whois privacy on .us domain registrations.
A group of Democrats in Washington D.C. wants to change that.
Yesterday, 10 members of Congress sent a letter (pdf) to the National Telecommunications and Information Administration (NTIA) asking it to implement privacy on all .us domains.
The group wrote:
…The automatic public disclosure of users’ personal information puts them at enhanced risk for becoming victims of identity theft, spamming, spoofing, doxxing, online harassment, and even physical harm. .US should be a model of the United States’ values with regard to online privacy and expression. In addition to putting users at risk of abuse of their information, the current lack of privacy protections chills vibrant expression and important speech online. Anonymity is a necessary component of the American right to free speech.
The letter requests that privacy be included automatically on domains and to protect the disclosure of the underlying registrant’s data.
Appropriate measures to correct for NTIA’s decades of inaction to protect privacy in .US include offering privacy to users free of charge and automatically upon registration. In addition, any transfers to third parties, including public disclosure, should require a user’s affirmative, informed consent. Further, NTIA should require governments, including our own, to seek a warrant or other appropriate legal process when requesting access to .US user data. And users should receive notice whenever possible that governments–especially adversaries like Russia and China–have sought access to their information.
There won’t be any argument from domain name registrars or GoDaddy Registry Services, which currently maintains the .us namespace. I’ve heard grumblings from all parties that they wish Whois privacy was available on .us domains. In fact, the usTLD Stakeholder Council has recommended adding privacy (pdf).
Currently, the registry runs an algorithm to detect private registration data.
The argument against Whois privacy will come from intellectual property interests. Anticipating this argument, the letter states:
Further, there is little evidence that the continued public disclosure of this information makes the global internet any less safe or secure. In fact, despite the domain industry increasing privacy protections for users over the last several years, the Internet Corporation for Assigned Names and Numbers (ICANN) has recently observed that the number of domains responsible for phishing, malware, spam, and botnets has declined. What is more, some of the largest domain registrars—handling tens of millions of domain registrations—receive on average fewer than 200 requests annually for previously-public registrant data from global law enforcement each year. This figure implies that public safety would not be significantly impacted by protecting the privacy of .US users.
Signatories include three people who also wrote to oppose a private equity takeover of .org. Ron Wyden, Elizabeth Warren, Anna Eshoo, Brian Schatz, Ted Lieu, Sara Jacobs, Zoe Lofgren, Ro Khanna, Tom Malinowski, and Stephen Lynch signed the letter.