Government Keeping Its .Gov Domain Names Secret - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
04:55 PM
Connect Directly

Government Keeping Its .Gov Domain Names Secret

Despite a presidential promise of openness in government, GSA officials decline to release the full list for fear of cyberattack.

President Obama in January promised "an unprecedented level of openness in government." But the government has yet to get the memo.

Asked in a Freedom of Information Act (FOIA) request to provide a list of the .gov domains, including the agency registering the domain, the General Services Administration declined, citing 2007 Department of Justice FOIA guidelines.

The GSA claims that "release of the requested sensitive but unclassified information presents a security risk to the top level Internet domain enterprise."

The decision comes despite an explicit directive by the president to agency heads in January that FOIA requests should be decided in favor of openness.

"All agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open government," the president's memo states. "The presumption of disclosure should be applied to all decisions involving FOIA."

In January, there were 4,657 .gov domains, a number that, according to the GSA, has been growing at a rate of about 10% annually for the past few years. Some 1,724 of the domains are associated with federal agencies and 2,424 are associated with cities and counties. Native American tribes have about 107.

A list of .gov domains from 2002 contains 1,491 domain names.

Karl Auerbach, CTO of at InterWorking Labs, an attorney, and former member of the board of directors of ICANN, characterized the government's claim that it needs to withhold the list of .gov names to protect them from cyberattack as utter nonsense.

"That's the same logic that would withhold the government manual containing all the governmental people, their jobs, and phone numbers on the grounds that they might be subjected to phone calls or postal letters that contain dangerous contents," he said in an e-mail. "The proper answer is that the government should armor itself against attacks and not to try to hide from its citizens."

Auerbach added that if the government believes public awareness of domain names represents a security risk, it also should be concerned about attacks on private domain names. Yet, he said, the government requires everyone in the United States who buys an Internet domain to have his or her name, address, phone number, and e-mail published in the Whois database, which is accessible to people all over the world.

"It's a puzzling argument, and maybe also an insulting one," said Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy, in an e-mail. "Withholding a list of .gov domains does nothing to diminish the threat of cyberattacks. Instead, it tends to concentrate that threat on domains that are publicly known."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll