How The Protect IP Act Could Break The Internet
DNS Security Experts Warn of DNS Filtering Dangers
(Karl Bode) Over the last few months the Immigration and Customs Enforcement (ICE) office of the Department of Homeland Security has launched a new campaign that involves seizing the domains used by websites involved in copyright infringement, the sale of counterfeit goods or child pornography. The problem is that the program has been borderline incompetent, taking legitimate foreign businesses offline, as well as earlier this year causing the outage of 84,000 largely legal websites after seizing the domain of a free DNS service operator.
After several failed attempts to pass a law codifying the government’s efforts to seize and/or filter domains deemed dedicated to infringing activities, Uncle Sam’s Protect IP Act is now winding its way through the legislative process. While politicians are pushing the bill at the behest of entertainment industry lobbyists, experts in DNS functionality continue to warn that the bill’s focus on DNS filtering could fundamentally break the Internet. Techdirt directs our attention to a new report (pdf) from researchers that issues some dire warnings about Protect IP. Specifically, analysts claim the bill could create additional security risks, limit ISP security analysis, degrade CDN performance, and result in false positives:
Two likely situations ways can be identified in which DNS filtering could lead to non-targeted and perfectly innocent domains being filtered. The likelihood of such collateral damage means that mandatory DNS filtering could have far more than the desired effects, affecting the stability of large portions of the DNS…..We believe that the goals of PROTECT IP can be accomplished without reducing DNS security and stability, through strategies such as better international cooperation on prosecutions and the other remedies contained in PROTECT IP other than DNS-related provisions. We urge Congress to reject the DNS filtering portions of the Act.
The paper’s authors include folks like Dan Kaminsky, Verisign CSO Danny McPherson, Paul Vixie and Georgia Tech DNS security expert David Dago. The entertainment industry is downplaying these concerns, while the politicians pushing this law (as is usually the case in tech legislation) have little understanding about the law they’re trying to pass at lobbyist behest.