Encrypting Domain Names Will Boost Web Security, Watchdogs Tell Congress

A controversial new technology that encrypts domain name requests would boost online privacy and security, watchdogs say in a new letter to lawmakers.

The new encryption protocol known as DoH (for DNS over HTTPS) is “part of an important trend toward the greater use of encryption on the Internet -- remedying a situation in which all sorts of sensitive user data were exposed to an enormous range of eavesdroppers,” the Electronic Frontier Foundation, Consumer Watchdog and National Consumers League say in a letter sent to lawmakers this week.

The letter comes around one month after Internet service providers expressed concerns to Congress about Google's plan to begin rolling out the protocol. The CTIA, NCTA - The Internet & Television Association, and US Telecom -- The Broadband Association, argued that Google's plan would give the company more control over consumers' data.

The Electronic Frontier Foundation and other watchdogs say the broadband companies “misstated” some aspects of Google's plan, as well as its risks and benefits.

“A long-overdue technological shift toward online privacy is underway,” the groups write. “Congress should not aim to hinder this shift.”

DNS, often described as a phone book for the web, translates domain names into Internet Protocol addresses. Deploying DNS over HTTPS encryption can prevent outside companies or individuals from intercepting traffic.

The advocacy groups say the added encryption will help protect people's sensitive information.

“As we’ve often stressed, sensitive information includes not only the content of pages that users access ... but also the names of the sites they access,” the watchdogs write.

The organizations add that information about names of sites visited “can reveal sensitive personal information about users’ political, religious, medical, or sexual affiliations and interests -- even including their relationships with particular religious congregations, political parties, or medical providers.”

Mozilla and Google have said they plan to start rolling out the new encryption in their browsers.

In Google's case, Chrome 78 will use the new protocol, but only for the small proportion of users who configure their computers to use a domain name system provider that supports encryption -- such as Cloudflare, OpenDNS and Google's own DNS service (Google Public DNS). 

Broadband industry groups said in a September 19 letter to Congress that they were “concerned about the potential for default, centralized resolution of DNS queries, and the collection of the majority of worldwide DNS data by a single, global internet company.”

Lawmakers subsequently asked Google to provide all communications related to its decision about DoH, “including discussions about whether to implement DoH as the default setting for Chrome or for Android and whether data collected or processed through DoH will be used for any commercial purposes.”

While the Electronic Frontier Foundation and other watchdogs say they agree that a more centralized internet raises concerns -- both for privacy and competition -- they also say Google's plan won't result in greater centralization.

“Based on our understanding of plans from Google and Mozilla -- the browser makers on the leading edit of this issue -- we believe the ISP Letter misrepresents the facts, risks, and benefits of their deployment plans,” the letter states.

“Public documents state that Google will make Chrome attempt to use individual ISPs’ own DoH services,” the letter states.

The groups add that Internet service providers should “preserve the status quo by adopting DoH on their own DNS resolvers,” and not “run to Congress for intervention that is both unnecessary and counterproductive to user privacy.”

Next story loading loading..