How To Protect Domain Name IP Copright from Theft
Protect IP copyright bill faces growing criticism by Declan McCullagh
Technologists are warning that the practical effects of a controversial copyright bill backed by Hollywood will "weaken" Internet security and cause other harmful side effects.
As more Internet engineers, networking professionals, and security specialists have evaluated the so-called Protect IP Act that was introduced last month, concern is growing about how it will change the end-to-end nature of the Internet in ways that could do more harm than good. (See CNET's previous coverage.)
The Protect IP Act would give the U.S. Department of Justice the power to seek a court order against an allegedly infringing Web site, and then serve that order on search engines, certain Domain Name System (DNS) providers, and Internet advertising firms, who would be required to make the target Web site invisible. It's sponsored by Senate Judiciary committee chairman Patrick Leahy, a Vermont Democrat, and aims to target overseas Web sites.
4/3/18 Announcing 126.96.36.199: the fastest, privacy-first consumer DNS service
Cloudflare public DNS resolver uses the open-source Knot Resolver. This has aggressive caching and "negative caching" to improve performance. The first uses a distributed cache to improve the odds that, when you search for a popular site, Knot will already have the IP address ready to deliver to you. The second, based on RFC 8198, caches popular mistakes --wwww instead of www for example -- so minimal time is used in returning an error message. While 188.8.131.52 is fast, it's biggest improvements comes with protecting your privacy. When the Federal Communications Commission gutted net neutrality, it also opened the door for ISPs to track all your internet searches. ISPs can, and are, selling your browsing data.
An analysis (PDF) prepared by five Internet researchers lists the problems with that approach. Among them: it's "incompatible" with a set of DNS security improvements called DNSSEC, innocent Web sites will be swept in as "collateral damage," and the blocks can be bypassed by using the numeric Internet address of a Web site. Another concern, the authors said, is that the filters could be circumvented easily by using offshore DNS servers not subject to U.S. law. That "will expose users to new potential security threats" not present if they continued to use, say, Comcast's or AT&T's DNS servers. Fake DNS entries can be used by criminals to spoof Web sites for banks, credit card companies, e-mail providers, social networking sites, and so on.
Circumvention by using offshore servers "will also mean that ISPs gain less data on network security threats, since they use their DNS services to monitor systems and guard against denial-of-service attacks, identify botnet hosts, and identify compromised domains," wrote Public Knowledge attorney Sherwin Siy in a blog post yesterday.
The technical paper was authored by Steve Crocker, a longtime member of the Internet Engineering Task Force; David Dagon, a post-doctoral researcher at Georgia Institute of Technology; security researcher Dan Kaminsky; Verisign chief security officer Danny McPherson; and Paul Vixie, chairman of the Internet Systems Consortium and principal author of popular versions of the BIND DNS server software.
It's not entirely clear how broad the Protect IP Act's authority would be. An earlier draft (PDF) of the legislation would have allowed the Justice Department to order any "interactive computer service" -- a phrase courts have interpreted to mean any Web site -- to block access to the suspected pirate site.
But the final version (PDF) refers instead to an "information location tool." That's defined as a "directory, index, reference, pointer, or hypertext link," which would certainly sweep in Google, Yahoo, and search engines, and may also cover many other Web sites.
The technical paper joins other criticism of Protect IP, including from the Electronic Frontier Foundation, which has created a petition saying the measure will "invite Internet security risks, threaten online speech, and hamper Internet innovation."
REJECT PROTECT IP ACT = EFF and other like-minded advocacy groups including the American Library Association and Human Rights Watch sent a letter (PDF last month to the bill's Senate sponsors saying the legislation goes too far. Google chairman Eric Schmidt has panned it. Internet industry trade associations, including the Consumer Electronics Association and NetCoalition, said in a separate letter (PDF) that Protect IP has a real "potential for unintended consequence and require intense scrutiny and study." (CNET's parent company has been a member of NetCoalition.)
All this criticism hasn't done much to slow the bill's momentum so far. On May 26, the Senate Judiciary committee voted unanimously to send the bill to the floor for a vote.
"The small businesses, artists, entrepreneurs, software designers, local journalists and every other segment of the creative community support the (Judiciary committee's decision) today," Sandra Aistars, director of the Copyright Alliance, a group backed by copyright owners, said after the committee vote. The U.S. Chamber of Commerce, too, is an enthusiastic supporter.
Sen. Ron Wyden, an Oregon Democrat, has placed a hold on the bill, saying Protect IP takes an "overreaching approach to policing the Internet when a more balanced and targeted approach would be more effective."