Government // Cybersecurity
04:55 PM
Connect Directly
Repost This

Government Keeping Its .Gov Domain Names Secret

Despite a presidential promise of openness in government, GSA officials decline to release the full list for fear of cyberattack.

President Obama in January promised "an unprecedented level of openness in government." But the government has yet to get the memo.

Asked in a Freedom of Information Act (FOIA) request to provide a list of the .gov domains, including the agency registering the domain, the General Services Administration declined, citing 2007 Department of Justice FOIA guidelines.

The GSA claims that "release of the requested sensitive but unclassified information presents a security risk to the top level Internet domain enterprise."

The decision comes despite an explicit directive by the president to agency heads in January that FOIA requests should be decided in favor of openness.

"All agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open government," the president's memo states. "The presumption of disclosure should be applied to all decisions involving FOIA."

In January, there were 4,657 .gov domains, a number that, according to the GSA, has been growing at a rate of about 10% annually for the past few years. Some 1,724 of the domains are associated with federal agencies and 2,424 are associated with cities and counties. Native American tribes have about 107.

A list of .gov domains from 2002 contains 1,491 domain names.

Karl Auerbach, CTO of at InterWorking Labs, an attorney, and former member of the board of directors of ICANN, characterized the government's claim that it needs to withhold the list of .gov names to protect them from cyberattack as utter nonsense.

"That's the same logic that would withhold the government manual containing all the governmental people, their jobs, and phone numbers on the grounds that they might be subjected to phone calls or postal letters that contain dangerous contents," he said in an e-mail. "The proper answer is that the government should armor itself against attacks and not to try to hide from its citizens."

Auerbach added that if the government believes public awareness of domain names represents a security risk, it also should be concerned about attacks on private domain names. Yet, he said, the government requires everyone in the United States who buys an Internet domain to have his or her name, address, phone number, and e-mail published in the Whois database, which is accessible to people all over the world.

"It's a puzzling argument, and maybe also an insulting one," said Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy, in an e-mail. "Withholding a list of .gov domains does nothing to diminish the threat of cyberattacks. Instead, it tends to concentrate that threat on domains that are publicly known."

1 of 2
Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.