You are here

Remarks of Assistant Secretary Redl at the FDA Online Opioid Summit

April 02, 2019

Remarks of David J. Redl
Assistant Secretary of Commerce for Communications and Information
FDA Online Opioid Summit
Washington, D.C.
April 2, 2019

-- As Prepared for Delivery --

Thank you for inviting me to speak today.

For those of you who aren’t familiar with NTIA, it is an agency that sits within the Department of Commerce, and we are principally responsible for advising the President on telecommunications and information policy issues. We are in a unique position in the U.S. government of being involved in all aspects of Internet policy.

We’re also champions of the digital revolution, which has resulted in enormous economic growth. Fully digital goods and services alone accounted for at least 6.5% of U.S. GDP in 2016, with a value of $1.2 trillion. Between 2006 and 2016, the digital economy grew by an average of 5.6% annually, far outpacing the overall growth rate in the U.S.

All this growth and innovation have also meant millions of American jobs. By 2016, 5.9 million jobs were attributable to the digital economy. And these are good, well-paying jobs, with average annual compensation of more than $114,000 per worker.

It is the policy of the United States to preserve the vibrant and competitive free market that presently exists on the Internet. This system has changed our world for the better. The Internet is a powerful force for knowledge, commerce, and communication, and it is our firm belief that a network enabling the free flow of information around the world is enormously positive for humanity

But while there are endless positive stories we can tell, we’re also facing significant challenges on a broad range of issues, including privacy, cybersecurity and national security. The Internet’s greatest strength – its openness – is also its greatest vulnerability. Criminals can exploit the open Internet and profit while they endanger the health of the American public.

Taking on the Opioid Crisis

That’s what brings us here today – in the midst of a full-scale effort by the U.S. government to battle the opioid crisis, it’s still too easy for people in the U.S. to illegally purchase opioids online.

Opioid addiction is one of Trump Administration’s highest priorities as overdoses and tragic deaths tear apart American families. In 2016, opioids killed more than 42,000 people – surpassing even the number of deaths resulting from traffic accidents in the United States – and there was a 13% increase in deaths in 2017.

The Administration declared a national public health emergency on opioid abuse two years ago, and has made significant progress to cut the flow of illegal drugs into the United States, and increase resources for those struggling with addiction. The President’s call to action resulted in the Justice Department’s shutting down the largest “darknet” for the online distribution of drugs in 2017.

Today’s event is a promising and important step in bringing parties together to address the proliferation of illicit distribution of opioids online, where criminals’ risk of detection and prosecution is significantly reduced.

We’re proud to announce that the FDA and NTIA are partnering on a novel approach to working with domain name registries that will enhance the FDA’s efforts to protect U.S. consumers from opioids that are illegally being offered for sale online.

As an example of such collaboration, we can point to case study released yesterday by Neustar about the .us top level domain, which it administers on behalf of the Department of Commerce.

Neustar’s policies for the .us domain don’t allow for the sale or distribution of opioids, but enforcing this policy can be tricky. Neustar has agreed to step up its enforcement. The company is now taking action in response to reports from third parties, such as the FDA and law enforcement. Neustar is also using advanced search tools that can review domain name strings for high-risk keywords.

When a site is found to be in violation of the policy, Neustar also works with relevant authorities to determine an appropriate course of action, which may include removing it from the DNS or deleting the domain name.

Following today’s event, FDA and NTIA will develop a framework of cooperation with key domain industry stakeholders that have a role in the registration of domain names, including Neustar, Verisign and Public Interest Registry, focused on reducing the availability of opioids illegally offered for sale online.

The framework will help provide transparency and accountability in the domain name system and inform future conversations about “trusted notifier” programs expected to take place at the Internet Corporation for Assigned Names and Numbers (ICANN).

These programs can establish an expedited process for acting upon domain name takedown requests. We’re confident that this approach can be designed in a way to allow domain industry actors to take action more quickly and better protect the public.

NTIA has years of experience crafting creative solutions to complex problems with stakeholders  in the online space, and we look forward to doing all we can to help solve the opioid crisis – a priority for the Trump Administration. This effort fits with the longstanding U.S. approach to Internet governance and policy development. We believe that bottom-up, consensus-based processes create policies that are trusted throughout the Internet ecosystem.

Balancing Freedom in Cyberspace

Some argue that if we had more restrictive laws in place, these issues would be more easily resolved. From our perspective, it’s not clear that restrictive laws will do anything but place an artificial cap on growth and innovation, and make the Internet less free and less open.

We’ve learned, in tackling policy issues around privacy and cybersecurity, there are no easy one-size fits all solutions. There have to be trade-offs and hard decisions.

The Trump Administration is committed to solving these problems in a way that ensures America’s prosperity and clears the way for innovation. America has seen enormous benefits from this approach, so we must continue to give a green light to innovative solutions.

A stronger, healthier cyberspace should not sacrifice the principles of free markets and free information flows that are central to the U.S. economy and have made the Internet so successful to date.

We applaud the companies in the audience today that are educating themselves about this health crisis and choosing to take action.

NTIA is here to help. We have extensive relationships with key players across the Internet ecosystem, including government agencies in the U.S. and around the world. We are known as a trusted convener that allows various groups and interest to work through tough issues in a thoughtful manner.

Building Consensus

To give you an example of how we have confronted some other online challenges, take cybersecurity threats. NTIA recently produced recommendations and guidance on how to make sure that Internet of Things devices can be kept secure, based on consultation with multiple stakeholders in government, industry, academia and civil society.

We also have an ongoing process looking at greater transparency around software components. The idea is that you can't secure your connected products if you don't know that part of it is vulnerable.

Similarly, we have met with a broad group of stakeholders interested in privacy policy to find areas of agreement that can help develop the Administration's policy toward protecting American’s online data.

As we discuss these issues, I’d be remiss not to mention the work we’ve been doing regarding the European privacy model, General Data Protection Regulation, or GDPR, and its effect on WHOIS.

The WHOIS is a resource that, prior to the GDPR, provided public access to domain name registration information, including contact information for the entity or person registering the domain name. This information is a critical tool that helps keep people accountable for what they do and put online. Law enforcement uses WHOIS to shut down criminal enterprises and malicious websites, including those that illegally sell opioids. Cybersecurity researchers use it to track bad actors. And it is a first line in the defense of intellectual property protection, including the misuse of opioid brand names.

Unfortunately, when GDPR went into effect, those companies responsible for providing WHOIS stopped publishing much of the data because they feared it would make them vulnerable to the massive fines GDPR imposes for privacy violations. The U.S. government’s position on this is clear: the loss of a public WHOIS without a predictable and timely mechanism to access redacted information has little benefit for consumer privacy, and major benefits for cyber-criminals.

I’m happy to report that we’ve made some progress on this issue within ICANN, the Internet Corporation for Assigned Names and Numbers, and the nonprofit multistakeholder organization that handles a range of issues related to the domain name system.

First, ICANN put in place last year a temporary policy that clarified that WHOIS data should continue to be collected and reasonable access should be provided. This kicked off an intensive global multistakeholder discussion about how to develop a long-term solution. NTIA continues to actively push U.S. interests in these discussions. In March, policy recommendations were finalized and submitted to the ICANN Board for approval. 

I want to congratulate the people who have worked on developing these policy recommendations for how to handle the processing of WHOIS information in a manner that is compliant with GDPR. This was the first step we needed to ensure that the WHOIS system is preserved.

However, it must be noted, issues remain. Yet to be addressed is development of a technical solution, and policies associated with disclosure and access to non-public WHOIS information.  Now it is time to deliberately and swiftly create a system that allow for third parties with legitimate interests, like law enforcement, IP rights holders, and cybersecurity researchers to access non-public data critical to fulfilling their missions. NTIA is expecting this second phase of the discussion to kick off in earnest in the coming weeks, and to achieve substantial progress in advance of ICANN’s meeting in Montreal in November.

The message I’d like to leave with you today is that NTIA remains a staunch defender of the free and open Internet. That’s not going to change. But we also aren’t going to turn a blind eye to the real issues that are raised by this freedom and openness.

We reject the notion that a free and open Internet must tacitly condone illegal activity. We believe there’s a path to solving these issues without turning our backs on innovation and prosperity. And that path begins with honest discussions and debates, with compromise and collaboration. So if you have concerns or solutions you’d like to offer, I invite you to talk to NTIA. We welcome all thoughtful approaches to building the Internet of the future.

Thank you.