The National Telecommunications and Information Administration is embarking on an inquiry into whether more privacy protections are necessary for people who have registered “.us” domains on the Internet.
NTIA administers the contract for the country code top-level domain, for the United States, .us. The .us domain is used by American businesses, individuals, and localities.
NTIA’s contractor, Registry Services, is required by the agency to maintain a publicly accessible database of .us domain name registrations. Registry Services provides a directory service that allows anyone to obtain registration data without any authentication.
Personal information – including names, home addresses and phone numbers – is included in the registration database. Concerns have been raised that this information may be misused for abusive purposes, including doxxing, spam, or other harassment.
NTIA is working on multiple fronts to address data privacy concerns. To better protect the personal information of .us domain registration holders, NTIA is seeking comment on a Registry Services’ proposal that would require those that request access to registration data to provide an email address, identify a legitimate purpose, and accept Terms of Service.
Privacy protection for registrants has become the standard, particularly since the European Union General Data Protection Regulation (GDPR) took effect in 2018. The proposal seeks to bring the .us domain registry up to speed with industry, while also meeting the needs of those who have legitimate requests for data. Legitimate uses could include, for example, cybersecurity research, intellectual property rights, and law enforcement.
Registry Services’ proposal is to create an Accountable WHOIS Gateway System that would continue to provide public access to .us registrant information while addressing privacy concerns and accounting for legitimate purposes.
NTIA’s request for comment seeks input on this proposal, including whether the current system should be maintained, what should be considered a legitimate purpose and whether the system, if adopted, should be offered as an opt-in or opt-out service for .us registrants.
Comments are due May 31, 2023.