OPINION: Congress Must Act To Protect Internet Security And Consumer Safety
Over the last few years, issues once shunned to the dark corners of the internet are now front-and-center in our lives.
While many have paid close attention to the nefarious cyberattacks aimed at influencing the 2016 elections, state-sponsored cyber attacks, misinformation campaigns and online disruption efforts are far from the only damaging abusive activities flourishing online.
Hardly a day goes by when threats on the internet from sex trafficking to child abuse imagery, illicit drug sales and intellectual property infringement, consumer fraud or a plethora of scams and other illegal activity aren’t leading the news.
Unfortunately, the task of confronting abusive and illegal online activity of all kinds has recently been made more difficult by the Internet Corporation for Assigned Names and Numbers (“ICANN”), the nonprofit organization responsible for administering the domain name system and overseeing domain name registries and registrars.
For decades, the name and contact information of any person or organization that purchased a domain name for operating a website, along with other more technical information concerning the domain name, was publicly accessible information.
This information, known as WHOIS data, provided transparency to internet users and has been a key tool for investigators combating illegal online activity.
But recently, in response to the European Union’s General Data Protection Regulation (“GDPR”), ICANN started redacting much of the critical WHOIS data that helped law enforcement and others crackdown against bad actors and criminals.
Even the European Commission seems to think ICANN has gone too far. In comments to ICANN, the Commission noted that the GDPR “does not exclude a possible publication of some personal data, as long as this is justified in light of the legitimate purposes pursued with the WHOIS directory.”
Governments on both sides of the Atlantic agree on the importance of the WHOIS data.
Recently, the U.S. Departments of Commerce and Homeland Security issued a major cybersecurity report in which the U.S. government specifically recommended that “aata-protection policies, both in the United States and internationally, should not disrupt existing tools, such as the widely used WHOIS database of domain ownership data,” given how important the WHOIS data in combatting such threats.
The U.K. National Crime Agency has stated, “Access to all current WHOIS data is vital for law enforcement investigations [and] enables a proportionate and victim-centered investigative strategy.”
As do leading cybersecurity experts, including Brian Krebs, who has written that “few resources are as critical to what I do … than the data available in the public WHOIS records. WHOIS records are incredibly useful signposts for tracking cybercrime … ”
One needs to look no further than the extensive report published by FireEye, a cybersecurity group that worked with Google to investigate and uncover a covert Iranian influence operation disclosed by Google in late August.
They used the WHOIS database to track shared (domain name) registrant e-mail addresses to establish the connection between various suspect Iranian inauthentic sites and social media. Until this past May, the e-mail address of domain name registrants was publicly accessible WHOIS data; now under ICANN’s new rules, it is redacted.
And since numerous U.S. laws such as the Anti-Cybersquatting Consumer Protection Act, Fraudulent Online Identity Sanctions Act, and CAN-SPAM Act, are predicated upon continued public access to a full range of WHOIS data, blocking access to WHOIS data undermines these laws that Congress passed to protect American interests.
Understanding the unintended consequences of ICANN’s actions, the Coalition for a Secure & Transparent Internet (CSTI) was formed to advocate for the continued open access of WHOIS data. The coalition is comprised of companies, nonprofits, trade associations, academics and others who believe it is vital to protect this crucial resource.
We cannot simply shrug our shoulders at ICANN’s failure to strike an appropriate balance between WHOIS accessibility and other equally critical rights and interests. Nor can we simply hope that ICANN will, eventually, figure it out. Too much is at stake.
Congress must act to protect the national (and international) interests in the security and safety of the internet by making clear that WHOIS data must be publicly accessible, at least for those domain names directly impacting Americans.
American consumers, businesses and the U.S. government itself rely on WHOIS; it is now up to Congress to enact a law to protect these interests and ensure a secure and transparent internet for all.
The Honorable Mary Bono is an advisor to the Coalition for a Secure & Transparent Internet at Faegre Baker Daniels Consulting and the former Chair of the Commerce, Manufacturing and Trade Subcommittees of the U.S. House of Representatives Energy & Commerce Committee.
The views and opinions expressed in this commentary are those of the author and do not reflect the official position of The Daily Caller.