Privacy by Infrastructure: The Unresolved Case of the Domain Name System

By: Samantha Bradshaw & Laura DeNardis

Digital privacy concerns are primarily viewed through the lens of personal data and content. But beneath the layer of content, less visible issues of infrastructure design and administration raise significant privacy concerns. The Internet's Domain Name System (DNS) is one such terrain. There is already a great deal of attention around how the DNS intersects with freedom of speech, trademark disputes, cybersecurity challenges, and geopolitical power struggles in the aftermath of transitioning the historic U.S. oversight role to the global multistakeholder Internet governance community. However, the privacy implications embedded in the technical architecture of the DNS have received less attention, perhaps because these issues are concealed within complex technical arrangements outside of public view. This article explores privacy issues in the DNS by examining two contemporary, and still unresolved, case studies: the WHOIS system as a de facto Internet identity system revealing website registrants; and privacy in domain name queries, which have historically been unencrypted and therefore reveal personal information about what sites individuals visit. DNS privacy challenges not only demonstrate the important connection between infrastructure and rights, but also exemplify how cross-border, universal technologies come into conflict with the bounded laws of nation states. It is a critical moment of opportunity to examine these cases because their resolution will help determine the future of basic privacy rights online.

Read the full article at: Policy & Internet