dns blocking – Techdirt (original) (raw)

Think Tank That First Proposed SOPA Now Claims 'Proof' That SOPA Would Have Been Great

from the yeah,-good-one,-guys dept

Oh boy. The Information Technology and Innovation Foundation (ITIF) is a DC-based think tank that, from it’s name, you might think would promote things that are important for innovation. And yet, this misleadingly named think tank has been on the wrong side of almost every major tech issue over the last few years — perhaps because a large segment of its funding comes from anti-technology industries, like the entertainment industry and the large telco/broadband providers. This is the same organization that argued that net neutrality was bad, that kicking people off the internet for piracy was a good idea, that the US gov’t should encourage countries to censor the internet and, most recently, that broadband companies charging more to not track your every move is “pro-consumer.”

But perhaps the pinnacle of bullshit policy proposals from ITIF was that it was the organization (again, funded by the entertainment industry) that first proposed the basic framework of site blocking as a response to copyright infringement, back in 2009. The basis of that proposal was then turned into SOPA, leading ITIF to take a victory lap for creating what it believed was such a good law.

Of course, you know how that all went down. After actual technologists pointed out how problematic the ITIF approach to site blocking would be, and the public spoke up, the bill went nowhere. And ITIF is basically the sorest of sore losers. Last fall, ITIF published a bogus snarky “report” insisting that it’s original SOPA plan for DNS blocking “did not break the internet.” This, of course, conveniently misstates what was meant by “breaking the internet” when tech experts like Paul Vixie explained the problems with SOPA. It wasn’t that the overall internet would just stop working or that fewer people would use it, but rather than basic ways in which the internet is expected to function (I reach out to this DNS entry, I get back the proper response) would fail, and that would open up opportunities for serious mischief, from man in the middle attacks to breaking how certain security protocols work.

But ITIF just can’t let it go. This week it published a new report, once again using snark to insist that the internet didn’t break: How Website Blocking Is Curbing Digital Piracy Without “Breaking the Internet.” But its “evidence” is pretty suspect. It relies heavily on a recent report from some Carnegie Mellon professors, but leaves out the fact that those professors run a research center that was launched with a massive grant… from the MPAA. It also quotes papers from NetNames (funded by NBC Universal) and the Digital Citizens Alliances (a secretive MPAA front group that was a core component to the MPAA’s “Project Goliath” plan to attack Google).

The paper is full of misleading statements and half truths. Take this for example:

In the vitriolic debates over the Stop Online Piracy Act (SOPA) in the United States, many opponents of taking action to limit access to foreign websites dedicated to piracy argued that website blocking would ?break the Internet,? although they never satisfactorily explained how this breakage would occur or why the Internet was not already broken, since some site blocking already existed before the SOPA debate. Nonetheless, no policymaker wanted to be accused of being responsible for breaking the Internet. Five years later, we have evidence to evaluate. Meanwhile, 25 nations have enacted policies and regulations regarding website blocking to find a better balance between preserving the benefits of a free and open Internet and efforts to stop crimes such as digital piracy. And the Internet still works just fine in these nations.

Actually lots of people pretty clearly explained how and why it would break things — including tech superstars like Paul Vixie and, yes, even Comcast, the owner of NBC Universal, an MPAA member. This is from Comcast:

When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was “official” and caused by our redirect service or “unofficial” and caused by an attacker), our priority has been placed on DNSSEC deployment — now automatically protecting our customers…

The non-technical policy wonks at ITIF might not understand this “technical” speak, but what Comcast is saying here is that using DNS blocking is a massive security risk. It doesn’t mean that the internet itself “stops working” altogether, but that a core way that the internet is expected to work no longer does, and that exposes lots of people to lots of mischief.

ITIF, of course, will then point to the fact that 25 countries have implemented DNS blocking, and since they haven’t seen the internet “stop” working in those places, they assume it’s fine. This is dubious on two accounts. First, much of the mischief that can be caused by DNS blocking won’t be directly observable to the public. ITIF really is in no position to know what kind of mischief is now enabled thanks to DNS blocking in those countries, but it won’t be surprising to see that it eventually leads to security nightmares. The second is more fundamental: many people in those countries now use VPNs to virtually transport themselves elsewhere to get around these blocks. Many, in fact, transport themselves to the US to access things here. But, put in place site blocking in the US, where a huge percentage of internet traffic happens, and the opportunities for massive mischief increase quite a lot. But ITIF is too clueless to understand this.

In fact, the only “problem” that ITIF says might come up with DNS blocking is that it might take down multiple servers behind the same DNS, but which ITIF insists is easy to fix. ITIF also insists that such a small percentage of people use VPNs, getting around DNS blocking won’t be much of a problem. Though, hilariously, they then admit that the methods to get around DNS blocking could put users at risk. But ITIF never puts two and two together to recognize how DNS blocking puts more people at risk.

Critics claim that DNS blocking, like IP blocking, will cause ?collateral damage? due to the risk of over-blocking, as a single domain can host many websites through website extensions.26 However, this risk can be addressed by implementing DNS blocking at the subdomain level (e.g. www.piracysite.maindomain.com instead of www.maindomain.com)….

[….] Many, if not most, consumers have low levels of computer literacy and certainly are not sophisticated enough to understand how to manipulate the DNS settings in the network configuration of their computers, mobile phones, and other Internet-connected devices. Furthermore, users who switch DNS servers can expose themselves to many security risks if they cannot trust the responses from these servers.

You know what else will mean you can’t trust the results from a DNS server? DNS blockades! That’s the “breaking” of the internet that Vixie and others were talking about. Which ITIF still doesn’t comprehend.

Later in the report, ITIF also claims that people who worried about DNS blocking for copyright infringement were “fine” for it in blocking malware:

The irony is that just months before leading opponents stated their opposition to website blocking, a key opponent said it was okay to block domains that spread malware and that this could be done without harming the Internet itself.

I’ll just note that basically every other sentence in that paragraph has a footnote as a source for the information… but that sentence conveniently has no footnote. I’ve looked at the other footnoted links in that paragraph and none of them involve “leading opponents” supporting DNS blocking for malware. So I’m curious how ITIF’s sourcing on this key point seems to have magically disappeared.

There’s more in the ITIF report, but it’s basically fighting the same old war: it lost on SOPA, but ITIF can’t let it go. And so it’s not just fighting, but fighting dishonestly. It takes quotes out of context, makes misleading statements and doesn’t seem to actually understand the core technological issues at play here. And it would be at least marginally more compelling if every study it cited (and ITIF itself) weren’t funded by the MPAA, the main driver behind SOPA.

Filed Under: copyright, dns blocking, site blocking, sopa
Companies: itif

Pakistan Orders ISPs To Block 429,343 Websites Completely, Because There's Porn On The Internet

from the i'm-sure-all-have-been-carefully-reviewed dept

It appears that efforts to censor the internet globally continues to spread, with the latest being a report out of Pakistan that the Pakistan Telecommunication Authority (PTA) has told ISPs that they need to start blocking an astounding 429,343 websites at the domain level as quickly as possible, following a Supreme Court order to the PTA about the evils of porn online.

The move apparently follows a recent order by the Supreme Court wherein the telecom sector?s regulatory body had been asked to ?take remedial steps to quantify the nefarious phenomenon of obscenity and pornography that has an imminent role to corrupt and vitiate the youth of Pakistan?.

PTA said it has decided to take pre-emptive measures to block such websites at the domain level to control dissemination of pornographic content through the internet as it provided ISPs with a list of 429,343 domains to be blocked on their respective networks.

The order apparently was issued just a few weeks ago, which raises the question of how the PTA put together a list of so many domains so quickly… and how carefully that list has been vetted. The answer, of course, is that it hasn’t been vetted. And that means that tons of perfectly legitimate content is about to get blocked in Pakistan. Remember, this is the same country that once blocked all of YouTube, and did so in a way that basically knocked Pakistan off the internet, while also blocking YouTube throughout many countries across Asia. Let’s hope mistakes of that nature aren’t made again.

Even so, it’s pretty obvious that mistakes will be made. First, that list is going to include tons of sites that aren’t pornography. Is there a way to appeal? Who knows! Second, it’s likely that in the process of blocking “at the domain level” some may choose to block IP addresses of certain sites, not realizing that many IP addresses are shared among multiple domains, meaning that lots of other sites may get sucked up as well. And then there’s the issue of what good will this do anyway. People who really want to access porn on the internet won’t have trouble finding it. I’m pretty sure there are more than 429,343 websites with porn on the internet, and even if there weren’t, I’m guessing that VPNs and proxies work just as well in Pakistan as they do elsewhere.

Filed Under: censorship, dns blocking, free speech, pakistan, pornography, site blocking

Portuguese 'Anti-Piracy' Site Blocking Used Against US Video Game Developer

from the because-reasons dept

One of the reasons why many people are opposed to various “site blocking” laws, is that inevitably such things get abused. And while the US successfully stopped SOPA’s site blocking plan, plenty of other countries went ahead and implemented something similar — including, apparently, Portugal. Yet, earlier today, reports came out that the Portuguese site-blocking system was now blocking the website of an American video game development shop called Carbon Games.

Now, it does appear that someone just screwed up here. It’s not happening on all Portuguese connections, but it did happen on multiple ISPs according to the initial report on Reddit. Also, it seems they only blocked the version of the website where the URL starts with “www.” Get rid of that and people could access the website without a problem — again adding to the likelihood of a general screwup. Oh yeah, also, it looks like if you use any other DNS provider, such as Google’s DNS, you’d avoid the blocks (another reason why blocking at the DNS level is kind of stupid).

Either way, even if it was just a “mistake,” the fact that it happened at all should be a huge concern. When entire websites can be blocked without any real review or due process, it opens the door to much more serious and widespread censorship. It’s again troubling how quickly many in the copyright realm ignore the nature of this slippery slope.

Filed Under: copyright, dns blocking, infringement, portugal, site blocking, sopa
Companies: carbon games

Taiwan's Copyright Proposals Would Combine SOPA With A Dash Of The Great Firewall Of China

from the overkill-much? dept

You might have hoped that the extensive discussions that took place around SOPA a year or so ago would have warned off governments elsewhere from replicating some of the really bad ideas there, like DNS blocking, but it seems that Taiwan didn’t get the message, as Global Voices reports:

> The Taiwan Intellectual Property Office (IPO) has recently proposed to amend the Copyright Act and provide legal justification of IP and DNS blocking at the Internet Service Providers (ISPs) level through a black list system. The government claims that the amendment is to stop the illegal sharing of copyright movies and music. > > Although IPO has stressed that the Internet service providers will only block overseas online platforms which are “specifically designed for copyright infringement activities” or websites which have “obviously violated copyrights”, such as Megaupload, the authorities will target online platforms that enhance peer-to-peer transmission including Bit Torrent, Foxy, and FTP sharing.

Of course, as Techdirt readers know, there is no such thing as “obviously violated copyrights” — that’s what judges are for. The idea of of targeting technologies like BitTorrent and FTP is nothing less than an attack on aspects of the Internet itself. And as the article points out, the new powers are almost certain to be abused:

> If the Taiwanese copyright amendment is implemented, the Island will have a mechanism that blocks and filters away “illegal websites” that host material that infringes copyright laws. This could be detrimental to sites like YouTube, where users regularly upload videos that may violate copyright laws. Although the company has a system for removing these videos, a law like this could lead to the site being blocked altogether.

The new measures will move Taiwan closer to China’s Great Firewall in terms of censorship, and will therefore probably be well-received on the mainland as a result. But there are surely better ways of improving relations between the two countries than instituting these kind of measures that won’t stop people sharing unauthorized copies online, but will damage the Internet, and not just in Taiwan.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: blocking, copyright, dns blocking, firewall, rogue sites, sopa, taiwan

Congressional Staffer Says SOPA Protests 'Poisoned The Well', Failure To Pass Puts Internet At Risk

from the seriously? dept

Yikes. About a month ago, we wrote about some comments by Congressional staffer Stephanie Moore, the “Democrat’s chief counsel on the House Judiciary Committee,” in which she still couldn’t come to grips with the fact that the public rose up against SOPA — insisting that it must have been some nefarious “misinformation” campaign. We went through, in a fair amount of detail, how the misinformation was coming from her. It appears that Moore has decided to go even further down this path and express her general distaste for the public. During a panel discussion at the American Constitution Society’s 2012 National Convention, covered by BNA, Moore was a panelist and apparently decided to totally mock the public and make the ridiculous claim that the failure to pass SOPA puts the internet at risk:

“Netizens poisoned the well, and as a result the reliability of the internet is at risk,” Moore said

Think about that for a second. That entire sentence is so incredibly insulting. Millions of people spoke out against bad legislation. The public spoke out, and Moore is so against the basic concept of democracy that she has to claim that millions of people expressing their political opinion is “poisoning the well.” And how in the hell is “the reliability of the internet at risk” because Congress failed to pass a horrifically bad piece of legislation aimed at censoring sites one industry didn’t like? Please.

The report goes on to a bunch of additional insulting comments from Moore towards the public, including the claim that “We don’t know what the numbers mean,” regarding the number of people who contacted Congress on January 18th. Here, I’ll help you out: it means that a very large segment of the American population realized you were trying to push through a bad bill as a favor to some big Hollywood donors, and they didn’t like it. What was so hard to understand about that?

On the same panel was lawyer Steve Metalitz, who represents a number of entertainment industry interests, and whom many people have suggested has had a major hand in the creation of SOPA/PIPA/ACTA and other such proposals. He also had some ridiculous things to say, including supporting the idea that DNS blocking was no problem. His reasoning? Lots of other countries censor the internet, why shouldn’t the US? I’m not kidding:

“Most countries in the world already have this option at their disposal to deal with this problem,” Metalitz said during the ACS discussion. “If site blocking broke the internet, then the internet would already be broken.”

Metalitz is wrong. Either his misinformed or he’s lying. Even SOPA supporters admitted that there are only thirteen countries that enable DNS blocking. That’s not “most.” Oh, and the thirteen? China, Iran, United Arab Emirates, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma (Myanmar), Syria, Turkmenistan, Uzbekistan and Vietnam. This is not a list that we should want the US to be added to. And he’s being disingenuous in saying that “the internet would already be broken.” No one claimed that the internet as a whole would stop working if you put DNS blocking in place. But every single competent security technology expert pointed out that it would have significant negative impact on how important security systems would work. Hell, even Comcast (owner of NBC Universal — the main corporate backer of SOPA) admitted that DNS blocking was incompatible with important DNS security technologies.

Who do we trust? A lawyer with zero computer security/networking knowledge, or pretty much every security expert around? Sorry, but I vote with the experts.

According to the report, Metalitz and Moore then teamed up to misrepresent the free speech concerns that people had about SOPA. They did so by insisting there were no such concerns and that the First Amendment and copyright law could not be in conflict:

Similarly, Metalitz said that the opposition’s argument that “copyright means censorship is simply untrue.” He added, “I understand that in debates like this there is going to be over simplification, but this is a dangerous one for those that care about free expression.”

Moore agreed that the free speech concerns were misplaced. “The First Amendment argument is not appropriate in this context,” Moore said. “The First Amendment is part of copyright. They are not in tension.”

Thankfully, it sounds like there was strong pushback in the audience from folks like professor Lateef Mtima, but really, both Moore and Metalitz are once again being totally disingenuous. No one said that copyright itself means censorship. They said that overly broad copyright laws can and are used for censorship. This is not a hypothetical. We’ve already seen how Russia specifically used copyright law to stifle political speech from opponents. And right here in the US, we have the unfortunate story of the federal government censoring popular hip hop blogs for over a year by falsely accusing them of copyright infringement, shutting them down, and then denying them their day in court.

Frankly, both Moore and Metalitz owe those blog owners an apology. But, of course, no one involved in that situation has ever apologized. Much better to just flat out deny that copyright could ever be used for censorship. Here in the real world, that’s called being in denial. You can’t deny facts, but both Moore and Metalitz seem to have spent this entire panel doing exactly that.

Either way, given their roles in supporting SOPA and their refusal to understand the concerns against it, it seems likely that we haven’t seen the last of horrible, dangerous legislation and international trade agreements from people like Moore and Metalitz.

Filed Under: acta, dns blocking, house judiciary committee, pipa, sopa, stephanie moore, steve metalitz

Indian Court Orders 104 Sites Censored Based On The Say So Of The Indian Music Industry

from the censorship-by-any-other-name dept

Torrentfreak notes the interesting timing on this one. Just as MPAA boss Chris Dodd was in India talking up the importance of stricter copyright laws (like SOPA), an Indian court ordered a SOPA-like block of 104 sites that were declared as “dedicated to infringement” by the Indian Music Industry (IMI). What’s interesting is that as you look down the list of blocked sites, they include many that appear to focus on movies, not music — so it’s not clear why IMI gets to decide what’s infringing and what’s not.

Reading some of the details, it’s pretty clear that the sites in question were not given a chance to present their side in court. In fact, it appears that even the IMI bosses admit that they haven’t yet proved that all of those sites are infringing:

Taking the sites to court is not humanly feasible: when we went after one site, we got the impression that the owner was in the US, based out of the Bahamas, and it was very difficult to get him to respond. Our person has to pose as an advertiser before the owner came on an email, and we eventually found that it was a young kid in Rajkot, and the entire process took six months. Going after 104 sites – can you imagine the effort, the time and the money spent in chasing this? The better route is to establish comprehensively that each ofthese 104 sites is pirating content, and we’re doing that – as a body and not a company – and it’s easier to interact with the ISP now.

In other words, shoot first, deal with the fallout of incorrect censorship later.

Not surprisingly, the head of the IFPI (the international RIAA) cheered on this result:

“This decision is a victory for the rule of law online and a blow to those illegal businesses that want to build revenues by violating the rights of others,” said IFPI CEO Frances Moore in a statement.

But in a clear signal that for the music and movie industries even the toughest of anti-piracy measures are never enough, Moore says that current developments are a good start.

“The court ruled that blocking is a proportionate and effective way to tackle website piracy,” Moore noted, adding that the Indian government should now “build on this progress” by advancing further legislation to tackle digital piracy.

The situation here seems extreme and disproportionate. Not only have the serious problems with DNS and IP blocking been described concerning internet security, but it’s pretty clear that efforts like this don’t work. There are already reports of sites from the list reappearing under different domain names, and all the court order is doing is spreading the game of whac-a-mole. Amusingly, the same Indian music exec who made the claim above about how it’s impossible to actually track down these sites, later (in the same interview) admits he doesn’t want to shut down these sites, because they have a “passion for music” and he’d like to work out deals with them. Of course, getting a court order to block access to their existing sites is a funny way to say “hey, I’d like to work with you.”

Filed Under: accusations, censorship, copyright, dns blocking, due process, india, ip blocking, sopa
Companies: imi

White House Comes Out Against The Approach In SOPA/PIPA In Response To Online Petition

from the boom dept

Remember that big first petition to the White House against SOPA? As you may recall, that got enough signatures that it required a response from the White House… and that response has come out. It rejects the approaches found in both SOPA and PIPA. They say that “online piracy by foreign websites is a serious problem that requires a serious legislative response” but that there are many things they will not support.

They will not support a bill that has the potential to censor lawful activity or inhibit innovation:

To minimize this risk, new legislation must be narrowly targeted only at sites beyond the reach of current U.S. law, cover activity clearly prohibited under existing U.S. laws, and be effectively tailored, with strong due process and focused on criminal activity. Any provision covering Internet intermediaries such as online advertising networks, payment processors, or search engines must be transparent and designed to prevent overly broad private rights of action that could encourage unjustified litigation that could discourage startup businesses and innovative firms from growing.

They flat out reject anything that involves DNS blocking:

We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security. Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk.

They do still say that new legislation is needed, but they want something where every stakeholder is actually involved:

So, rather than just look at how legislation can be stopped, ask yourself: Where do we go from here? Don’t limit your opinion to what’s the wrong thing to do, ask yourself what’s right. Already, many of members of Congress are asking for public input around the issue. We are paying close attention to those opportunities, as well as to public input to the Administration. The organizer of this petition and a random sample of the signers will be invited to a conference call to discuss this issue further with Administration officials and soon after that, we will host an online event to get more input and answer your questions. Details on that will follow in the coming days.

Washington needs to hear your best ideas about how to clamp down on rogue websites and other criminals who make money off the creative efforts of American artists and rights holders. We should all be committed to working with all interested constituencies to develop new legal tools to protect global intellectual property rights without jeopardizing the openness of the Internet. Our hope is that you will bring enthusiasm and know-how to this important challenge.

Moving forward, we will continue to work with Congress on a bipartisan basis on legislation that provides new tools needed in the global fight against piracy and counterfeiting, while vigorously defending an open Internet based on the values of free expression, privacy, security and innovation. Again, thank you for taking the time to participate in this important process. We hope you’ll continue to be part of it.

Make no mistake about this: this is the White House asking for a hard reset of SOPA/PIPA and saying start again from scratch. This is an astounding turn of events, and a much stronger statement from the White House than anyone honestly expected. This is almost entirely because of the outcry that came out of the internet over the last few months. Without that, it is unlikely that the White House ever would have come out with such a strong position that questions the key provisions of these bills.

It will be important to continue to be engaged and to make sure that what happens next really is reasonable. Let’s hope that Congress actually recognizes the importance of what the White House is saying, and that any future process really is open. Congress has a way of ignoring things like this, and until Harry Reid agrees to put PIPA on the shelf and take part in this hard reset, people need to keep the pressure on the Senate. But, in the short term, this is a rather historic moment, in that it is a case where a loud public outcry really has had a major impact on this process. When the Senate introduced PIPA early last year, it was seen as almost assured that it would pass in something close to its initial form. Now that seems impossible.

Filed Under: aneesh chopra, censorship, dns blocking, free speech, howard schmidt, pipa, protect ip, sopa, victoria espinel, white house

Don't Be Fooled: Leahy Is NOT Removing DNS Blocking Provisions, Merely Delaying Them

from the bad-reporting dept

We’ve already written about Senator Leahy’s decision to delay the implementation of DNS blocking in PIPA. Unfortunately, despite the clear words in the announcement, it appears that Leahy’s staff is going around suggesting to the press that this means he’s dropping DNS. Thus you get reports in Wired and in ReadWriteWeb saying that Leahy is offering to remove the DNS blocking provisions. That’s exactly what Leahy’s staff would like people to believe, in the hopes that this makes the bill palatable. First, it wouldn’t actually make the bill palatable, but it’s important to read what Leahy actually said:

As I prepare a managers’ amendment to be considered during the floor debate, I will therefore propose that the positive and negative effects of this provision be studied before implemented…

That is NOT removing the DNS blocking provisions. It is merely delaying them.

Furthermore, since the DNS blocking was such a key component of the bill and, at the very last minute, Leahy is suddenly claiming that we can all ignore that section for the time being, isn’t that reason enough to stop and wait, rather than rushing this bill forward? Leahy is admitting that he did not and still does not understand a key provision in his bill. Do we really think that’s the only provision he did not understand? Shouldn’t this, alone, be evidence that this bill needs to be rethought entirely? This isn’t a reason to move forward. It’s the opposite. It’s a reason to put this bill aside and spend some time actually understanding the issues at play.

Filed Under: dns, dns blocking, dnssec, pat leahy, pipa, protect ip, sopa

Senator Leahy Hopes To Rush Through PIPA By Promising To Study DNS Blocking… Later?!?

from the say-what-now? dept

As we noted yesterday, staffers in both the House and the Senate quietly started floating the idea that they would drop the DNS provisions in the bill… in the hopes that maybe it would calm down the growing unrest about SOPA/PIPA. Senator Leahy today made the first official statement on the matter, and it’s ridiculous. Rather than drop the DNS blocking, or even hold off on voting on the bill — both of which would be sensible steps in a much bigger process, he wants to rush the bill through… but ignore the DNS provisions until there’s a chance to “study” the impact of them:

As I prepare a managers’ amendment to be considered during the floor debate, I will therefore propose that the positive and negative effects of this provision be studied before implemented, so that we can focus on the other important provisions in this bill, which are essential to protecting American intellectual property online, and the American jobs that are tied to intellectual property. I regret that law enforcement will not have this remedy available to it when websites operating overseas are stealing American property, threatening the safety and security of American consumers. However, the bill remains a strong and balanced approach to protecting intellectual property through a no-fault, no-liability system that leverages the most relevant players in the Internet ecosystem.

In other words, pass the bill now… then wait until all the furor dies down… and then we turn on the DNS blocking provisions when no one’s paying attention. This is just nasty politics. It’s an attempt to ram through everything while pretending to listen to constituent concerns. This lets Leahy and PIPA/SOPA supporters pretend that DNS blocking is no longer an issue in the bill… get the bill approved… and then figure out some way to turn them on later. Ridiculous.

It’s incredibly important to let Leahy — and every other Senator — know that this is totally unacceptable. If there are big concerns on the bill, and he’s suddenly going to release a manager’s amendment that no one’s seen yet, shouldn’t we stop moving forward with the bill, give everyone a chance to digest what it’s saying, explore the issues and concerns and then determine if the bill has any merit? Instead, he’s still trying to move forward with a bill that has all sorts of problems: it still involves censorship for “information location tools” (just not DNS blocking). It still has a very broad definition for a rogue site. It still has the private right of action that will lead to a ton of lawsuits. There are tons of problems… and punting DNS blocking down the road to shove the rest through is just obnoxious.

Still, this shows that the public outcry has been working. Leahy more or less admits this in his statement:

The process in drafting the legislation has always been an open one in which we have heard from all third parties, and have worked to address as many outstanding concerns as possible. It is through this process that we have gained the support of the majority of third parties who will be asked to take action under the legislation, as well as a bipartisan group of 40 cosponsors in the Senate.

It is also through this process that I and the bill’s cosponsors have continued to hear concerns about the Domain Name provision from engineers, human rights groups, and others. I have also heard from a number of Vermonters on this important issue. I remain confident that the ISPs – including the cable industry, which is the largest association of ISPs – would not support the legislation if its enactment created the problems that opponents of this provision suggest. Nonetheless, this is in fact a highly technical issue, and I am prepared to recommend we give it more study before implementing it.

That first paragraph is ridiculous. PIPA drafting has not been open at all. Traditionally such bills are widely shared with others, including those who oppose. PIPA was not. Traditionally, hearings are held for controversial bills. No hearings were held on PIPA. The tech community has repeatedly reached out and offered to be a part of the discussions… and it was ignored.

That said, the fact that he’s “heard from a number of Vermonters on this important issue” shows that the grassroots effort — with many people calling, emailing and visiting the Senator, are having an impact. But it needs to continue — and even amplify. Senator Leahy needs to know that this is not a reasonable solution. He needs to know that if there are concerns with the bill, we should wait band not rush it. He needs to know that if he’s making last minute changes, he should be sharing those with the outside world — who he claims is a part of the process… and let them comment on the bill.

Hell, he could just look at the Wyden/Issa alternative bill, OPEN. Whatever you think of the OPEN Act, the backers of that bill need to be commended. They put the bill up on the web and made it editable by all, so that anyone and everyone could be a part of the feedback process. That process has been ongoing, and out of that process, a final bill will be drafted. Why wouldn’t Senator Leahy do something like that? Why wouldn’t he slow down, let everyone explore the bill? If he’s really serious about wanting to hear from everyone on the bill… why rush it through without hearing from anyone (except, we imagine… some lobbyists).
<br. This isn’t a compromise. This is a nasty political trick. Leahy’s right that DNS blocking is a problem… but there are lots of problems with the bill, and you don’t deal with them by rushing the bill through and promising to explore the issues later.

Filed Under: copyright, dns blocking, patrick leahy, pipa, protect ip, punt, security, study

Comcast — Owner Of NBC Universal — Admits That DNS Redirects Are Incompatible With DNSSEC

from the well-look-at-that dept

Well, well, well. Here’s something interesting. Comcast, who owns NBC Universal (one of the main forces behind SOPA/PIPA), is officially a SOPA/PIPA supporter. However, yesterday, Comcast put up a post congratulating itself (deservedly so!) for completing its DNSSEC deployment, making it “the first large ISP in the North America to have fully implemented” DNSSEC across the board. That’s huge, and a clear vote of confidence for DNSSEC, obviously. They also urge others to use DNSSEC:

Now that nearly 20 million households in the U.S. are able to use DNSSEC, we feel it is an important time to urge major domain owners, especially commerce and banking-related sites, to begin signing their domain names. While in the past those domains may have wanted to do so but felt it would have limited effect, they now can work on signing their domains knowing that the largest ISP in the U.S. can validate those signatures on behalf of our customers.

All of this is good… but what may be much more interesting is that, along with this announcement, Comcast has also mentioned that it is shutting down its Domain Helper service. Domain Helper was a somewhat controversial DNS-redirect system, so that when you mistyped something, it would suggest the proper page or alternatives. Many in the internet community complained that these types of redirects mess with the underlying DNS system (which they do). But, as the DNS experts have been saying all along (and NBC Universal has been trying to play down), DNSSEC is incompatible with such DNS redirects. So… that makes this next part a little awkward. Comcast is now admitting, indeed, that DNS redirects, such as Domain Helper, are incompatible with DNSSEC:

When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was “official” and caused by our redirect service or “unofficial” and caused by an attacker), our priority has been placed on DNSSEC deployment — now automatically protecting our customers…

Let’s be doubly clear about this, because it’s important. Just as NBC Universal and other SOPA supporters continue to insist that DNS redirect is completely compatible with DNSSEC… Comcast (and official SOPA/PIPA supporter) has rolled out DNSSEC, urged others to roll out DNSSEC and turned off its own DNS redirect system, stating clearly that DNS redirect is incompatible with DNSSEC, if you want to keep people secure. In the end, this certainly appears to suggest that Comcast is admitting that it cannot comply with SOPA/PIPA, even as the very same company is advocating for those laws.

It would appear that the left hand (people who actually understand technology) isn’t speaking to the right hand (lawyers/lobbyists) within the Comcast family. But, I think that NBC Universal and anyone else insisting that DNS redirects are fine in DNSSEC owe everyone else a pretty big apology… when their own company’s experts are admitting that the two are incompatible.

Filed Under: dns, dns blocking, dnssec
Companies: comcast, nbc universal