National Telecommunications & Information Administration administrator David Redl warned Congress this week that the "security and stability" of the internet are at risk due to pressure to comply with the European Union's new General Data Protection Regulation (GDPR), which went into effect May 25.
That warning came Wednesday (June 13) in the Senate Commerce Committee's first oversight hearing of the NTIA under Redl, its new administrator.
The NTIA is the chief communications policy adviser to President Donald Trump.
Related: ISPs on Domain Name Hand-Off: Hold ICANN Accountable
He said that a small "subset" of stakeholders in ICANN (the Internet Corporation for Assigned Names and Numbers) has been arguing that it requires "erecting barriers" to the swift and easy access to the WHOIS information on who is purchasing and managing domain names.
He pointed out that the WHOIS information is crucial to law enforcement agencies when investigating hacks and attacks and for the private sector to protect their critical systems from dangerous cyberattacks. The information is also used to combat infringement and protect intellectual property.
Redl said that subset is misreading the GDPR, and the U.S. would push for preserving "the features that make WHOIS valuable to internet stakeholders.
Committee chair Sen. John Thune (R-S.D.) said the committee was also looking at the GDPR and would seek Redl's input.
Redl said getting broadband mapping right was another key priority for NTIA, which is leading a government effort to better identify where broadband is and isn't.
Redl said cybersecurity is a national priority and that it was a key issue in the rollout of internet of things devices. NTIA has already made recommendations on security patches; and next up, he said, will be software component transparency recommendations.
Sen. Bill Nelson (D-Fla.) ranking member of the committee, took the opportunity to call for an oversight hearing of the FCC as well. He said FCC chair Ajit Pai had pursued the most aggressive and anti-consumer deregulatory agenda in the history of the FCC, and it "demanded the scrutiny of this committee."
Nelson asked Redl to weigh in on the administration's decision to help keep Chinese telecom ZTE in business with the U.S. after the Commerce Department had sanctioned the company for its dealings with North Korea and Iran.
The concern over ZTE was echoed by Sen. Maggie Hassan (D-N.H.), who pressed Redl on the issue of Commerce allowing ZTE to continue to do business with U.S. firms, despite the fact that it poses a cybersecurity risk and "blatantly violated U.S. trade sanctions" by selling tech to Iran and North Korea.
Hassan asked Redl what his advisory role had been in that deal with ZTE.
Redl said it was handled by a law enforcement group within the Commerce Department, an apparatus of which NTIA is not a part. He said NTIA did not have a roll, though Hassan seemed less than assuaged given NTIA's advisory role. She said it was disturbing that the President was making decisions that impact cybersecurity "without brining the right experts into the room."
She did not ask Redl what his advice would have been if asked, or why he did not volunteer it given NTIA's advisory role on telecom policy.
Redl would not comment on how the ZTE deal might affect the race to 5G, a race that China is leading, but said the U.S. was committed to winning that race.
Sen. Ed Markey (D-Mass.) focused on privacy compromises, including Facebook sharing user info with more than 60 device manufacturers without permission, including Apple, Microsoft, Amazon and four Chinese companies that could pose security risks
Markey asked whether what Facebook did was wrong, but Redl said he was not particularly familiar with the facts of the case and had no input, saying that was more in the Federal Trade Commission's arena and noting that NTIA was not an enforcement agency. Markey seemed perplexed by the answer and called it "a little bit disturbing."