Privacy Concerns in the Domain Name System by Samantha Bradshaw & Laura DeNardis

Social Science Research Network logoAbstract: Some of the most contentious policy debates of our time involve questions surrounding the privacy of user data and the extent to which personally identifiable information is encrypted on mobile devices, in transit, or in the cloud. However, one aspect of personal privacy often missing from the public discourse is the question of confidentiality in the Internet’s Domain Name System (DNS).

The DNS is a distributed but hierarchically organized system that translates alphanumeric domain names into IP addresses. One facet of Internet governance scholarship on the DNS has focused on examining public policy concerns related to freedom of speech, intellectual property, cybersecurity, and jurisdictional oversight. However, the design of the DNS also inherently raises a number of privacy concerns, one being the technological condition that DNS queries are almost always unencrypted. Although these queries do not contain “content” such as email text, images, or search terms, they do reveal the sites a user visits. As such, query data can disclose sensitive information-seeking practices related to addiction services, gender identity, disease treatment, pornography, abortion clinics, mental illness, employment, or online dating services. Given that almost every activity online begins with a DNS query, concerns about the prospects for unauthorized access to query information and practices for how queries are processed, retained, aggregated, or shared should be examined further.

Situated conceptually in the field of Science and Technology Studies (STS) and topically within the extensive body of research on global Internet governance, this research project asks: to what extent do DNS queries raise privacy considerations; what is at stake for Internet privacy, security, business models and stability; and how can various Internet governance stakeholders address these privacy concerns? To help establish the dominant frames for conceptualizing privacy in the public sphere, the research project examines dominant media sources for a five-year period between 2010-2015 and compares this coverage data to other online privacy concerns such as search engine privacy and user device encryption. To assess the extent of privacy concerns implicated by DNS queries and understand the stakes of various privacy mitigating options, the research project draws from interviews with DNS engineers and privacy advocates; the archival mailing lists of the DNS Privacy Working Group; proceedings of meetings of the Internet Engineering Task Force; and relevant Internet Request for Comments (RFCs).

This paper makes two contributions to information and communication technology policy and scholarship: first, it will contribute to the corpus of Internet governance scholarship around the Domain Name System by expanding the spectrum of policy issues it implicates to include concerns about individual privacy; and second, it will provide an evidentiary basis to expand policymaking considerations around privacy to include DNS queries rather than primarily content and personally identifiable information.