Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
United States Government Privacy

Senator Wyden Urges FTC Probe of Neustar Over Possible Selling of User Data to Government (msn.com) 25

Until 2020 Neustar was the domain name registry "for a number of top-level domains," according to its page on Wikipedia, "including .biz, .us (on behalf of United States Department of Commerce), .co, .nyc (on behalf of the city of New York), and .in.

But now U.S. Senator Ron Wyden has asked America's Federal Trade Commission to investigate whether Neustar violated the privacy rights of millions, reports the Washington Post, "when it sold records of where they went online to the federal government."

America's Department of Defense funded a research team at Georgia Tech who purchased Neustar's data starting in 2016, notes a letter from Senator Wyden. Wyden has obtained emails between those researchers and "both the FBI and the Department of Justice, indicating that government officials asked the researchers to run specific queries and that the researchers wrote affidavits and reports for the government describing their findings."

But in addition, Wyden now cites a Department of Justice statement (entered an unrelated court case) which he says makes a concerning assertion: that Neustar executive Rodney Joffe, "who led the company's efforts to sell data to Georgia Tech, was also involved in the sale of DNS data directly to the U.S. government. The court documents say: Rodney Joffe and certain companies with which he was affiliated, including officers and employees of those companies, have provided assistance to and received payment from multiple agencies of the United States government. This has included assistance to the United States intelligence community and law enforcement agencies on cyber security matters. Certain of those companies have maintained contracts with the United States government resulting in payment by the United States of tens of millions of dollars for the provision of, among other things, Domain Name System ('DNS') data. These contracts included classified contracts that required company personnel to maintain security clearances.
From The Washington Post: The stipulation naming entrepreneur Rodney Joffe was the clearest confirmation to date of web histories being sold directly to federal law enforcement and intelligence agencies, instead of through information brokers exempt from restrictions on what telephone companies and websites can share with the government.
Wyden adds: The data that Neustar sold to Georgia Tech may have also included data collected from consumers who were explicitly promised that their data would not be sold to third parties. Between 2018 and 2020, Neustar acquired a competing recursive DNS service, which had previously been operated by Verisign. That service had been advertised to the public by Verisign with unqualified promises that "your public DNS data will not be sold to third parties."

When the product changed hands, users of Verisign's service were seamlessly transitioned to DNS servers that Neustar controlled. This meant that Neustar now received information about the websites accessed by these former Verisign-users, even though neither Verisign nor Neustar provided those users with meaningful, effective notice that the change of ownership had taken place, or that Neustar did not intend to honor the privacy promises that Verisign had previously made to those users. It is unclear if the data Neustar sold to Georgia Tech included data from users who had been promised by Verisign that their data would not be sold.

This is because both Neustar and Verisign have refused to answer questions from my office necessary to determine this important detail.

This discussion has been archived. No new comments can be posted.

Senator Wyden Urges FTC Probe of Neustar Over Possible Selling of User Data to Government

Comments Filter:
  • by 0xG ( 712423 )

    What's up with these verbose articles sometimes?

  • ...and blaming China (it's funny to see ;p)
    • On the other hand here we have a member of the United States government pushing back against it. Pretty sure you're not going to find that in China.

      If I could get bugs to stop voting for tough on crime bullshit we could put a stop to all this. Statistically speaking you've had more stolen from you by ex employers then you have ever had by petty crime. But we put something like 10 times the resources into petty crime that we do white collar crime.

      Good old broken windows policing. I suppose it does keep
  • by kriston ( 7886 ) on Saturday December 17, 2022 @01:56PM (#63138458) Homepage Journal

    What about GoDaddy? Neustar sold their DNS business to them a couple years ago.

    • Neustar sold the registry business to GoDaddy in early 2020, although it remains a separately-run entity called GoDaddy Registry.

      I think the DNS business (UltraDNS and UltraDNS Public - the latter being the subject of the article) stayed with Neustar.

      • by kriston ( 7886 )

        UltraDNS and UltraDNS Public

        Oh? I didn't know they kept those. So many folks I know from UltraDNS don't work for Neustar anymore.

    • by Burdell ( 228580 )

      DNS is a protocol used for two different types of queries: authoritative (made from recursive DNS servers to registry-operated servers that list domains, and to the servers to which domains are delegated) and recursive (made from clients to recursive DNS servers). For the most part, they're operated separately.

      The article starts off discussing the authoritative servers, which generally don't have any end-user data to sell, and are unrelated to the data-sharing complaint (as far as I can tell). Neustar _also

      • The situation is that local DNS operators like your ISP use that to sell your web history to whoever. If I'm not mistaken, that's why DNS over HTTPS and ESNI / ECH were developed. Before 2018, I don't think anyone realized it was being scraped for information on people.

  • US companies helping US intelligence. That was the prupose of the Patriot act National Security Letters.They gave up the formal process, but not the concept itself.
    • IIRC they had to start buying data at some point because when they were just requesting and receiving it, the companies were considered an extension of govt and it was a 4th amendment violation. But if they're buying it, that's ok (apparently).
      I think this all falls under section 703. But its all a little unclear. Secret courts with secret hearings and only govt persecutors giving evidence (nobody acting as defense). Easy to lie to a FISA court when nobody is there to rebut.

news: gotcha

Working...