From the Digital Stack to Your Front Door: Law Enforcement Access and the Case of Domain Names

Law enforcement access to people’s private data is one of the defining governance challenges of our time, and it is not a conversation of the past. Governments are expanding their legal tools to compel disclosure of personal information from Internet intermediaries, often with minimal judicial oversight, inconsistent human rights safeguards, and almost no public transparency. This is not a problem confined to authoritarian states. Across democracies with strong constitutional protections, basic subscriber data, a name, an email address, a physical location, has become the starting point for investigations, deportation orders, and arrests that are often grossly disproportionate to the information that triggered them.

At the Internet infrastructure layer, some further deliberation is happening: ICANN, the multistakeholder body that coordinates the development of policy for domain allocation in global domain name system, is actively developing mechanisms to facilitate authenticate law enforcement agencies globally. The EU e-Evidence that is coming into force in August 2026 also has an authentication mechanism for digital evidence. There are now commercial services like Kodex are already operating in this space, authenticating law enforcement agencies.

These efforts raise hard questions about which governments get to be trusted, under what human rights criteria, and with what accountability, questions that the domain name community has at least been asking publicly.

If there is limited appetite for understanding Internet infrastructure, we should still recognize that this work will have consequences higher up the stack. At the application layer, AI systems have already become spaces where people conduct some of their most private reasoning: asking questions they may not ask a doctor, expressing views they may not share publicly, and working through decisions that exist nowhere else. Yet no equivalent deliberation has begun there. We should therefore learn from different governance spaces now, so that we are better prepared for the larger digital governance questions that are already emerging.

The issue is not settled. The question of who can access that data, under what legal standard, with what human rights safeguards, and with what transparency, needs urgent attention across the entire stack, again!

This report is a first step. Internet Infrastructure, Data Disclosure and Law Enforcement, written by Digital Medusa and funded by Public Interest Registry, examines how data disclosure actually works at the infrastructure level, across registries, registrars, resellers.