San Francisco—The Electronic Frontier Foundation (EFF) today called on Congress to support implementation of an Internet protocol that encrypts web traffic, a critical tool that will lead to dramatic improvements in user privacy and help impede the ability of governments to track and censor people.
EFF, joined by Consumer Reports and National Consumers League, said in a letter today to 12 members of Congress that the protocol, DNS-over-HTTPS (DoH), is a major step in enabling basic human rights—free speech and privacy—to become a natural and integral part of the Internet ecosystem.
“We see DoH as an important trend toward the use of encryption on the Internet—remedying a situation in which sensitive user data are exposed to an enormous range of eavesdroppers,” the letter says. It was sent to the chairs and ranking members of judiciary, homeland security, and science committees in the U.S. Senate and House of Representatives.
DoH is a next-generation privacy technology that enhances the security of the domain name system (DNS). When users type the name of a website in their browser, DNS looks up the numerical computer address of the site to facilitate the connection request. Without encryption, the content of the request, like your device’s IP address and the website you want to see, can be intercepted, read, or rerouted to fake sites.
DoH fixes those problems by encrypting DNS queries with TLS, a protocol used by the majority of the world’s top websites, that encrypts users’ requests so they can’t be read or modified. The encryption vastly increases security, preventing man-in-the-middle attacks, where a third party secretly intercepts web requests to alter them, steal log-in credentials, spy on the sender, or corrupt data.
“Countries like China and Turkey have used control over DNS to block their citizens’ access to websites and track the web activity of activists, a form of censorship that will eventually be much more difficult once there is widespread implementation of DoH,” said EFF Senior Legislative Counsel Ernesto Falcon.
Cable and telecom industry trade groups wrote to Congress last month voicing concerns that Google’s use of DoH raises data competition issues. Internet service providers are focused on protecting their ability to collect user data. Congress should instead listen to consumer and privacy groups calling for strong privacy protections that give users more control over their data, allow them to sue companies like Google for privacy violations, and preserve states’ rights to pass their own privacy rules.
Lawmakers should not oppose a long-overdue Internet upgrade that addresses consumer demand for better privacy and will make the Internet safer and more open in many parts of the world in dire need of that.
“This is a game-changer for Internet users around the world, and is crucial for human rights workers, activists, journalists, and dissidents whose online activities are under surveillance,” said EFF Engineering Director Max Hunter. “We hope to see Congress step up and fully support systemic deployment of DoH.”
For the letter:
https://www.eff.org/document/eff-letter-congress-doh
For more about DoH:
https://www.eff.org/deeplinks/2019/09/encrypted-dns-could-help-close-biggest-privacy-gap-internet-why-are-some-groups
For more about EFF’s web encryption projects:
https://letsencrypt.org/