Web & communication software

Engineers: PROTECT IP Act Would Break DNS

Provisions in U.S. legislation designed to protect copyright online could break the Internet's Domain Name System by driving users to untrusted DNS services outside the U.S., a group of Internet engineers said Thursday.

The Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PROTECT IP Act), which awaits action in the U.S. Senate, would allow the U.S. Department of Justice to seek court orders requiring search engines and Internet service providers to stop sending traffic to websites accused of infringing copyright.

But the infringing websites, and customers who want to find them, could bypass the ISP blocks in "approximately 30 seconds of work," said Dan Kaminsky, chief scientist at security vendor DKH. Scores of U.S. Web users will then abandon their ISPs' services that point them to websites, and use untrusted DNS services for all their Web surfing needs, including online banking, he predicted.

With copyright-infringing sites getting an estimated 53 billion page views a year, a huge number of U.S. residents would seek out alternative DNS servers to access the sites if their ISPs weren't directing them there, Kaminsky said during a press conference. "It's not just that lookups to the Pirate Bay go overseas; lookups to Bank of America go overseas," he said. "This is handing over American Internet access to entities we explicitly do not trust, entities that are unambiguously bad guys."

Alternative DNS services could intercept Internet traffic and use customers' data "in any way the remote operator would like," said David Dagon, a post-doctoral researcher at the Georgia Institute of Technology and co-author of a May paper focused on the technical problems that PROTECT IP could create.

The Internet engineers' press conference, organized by the Center for Democracy and Technology and other groups, came a day after the U.S. Chamber of Commerce organized a lobbying effort in support of the PROTECT IP Act. Representatives of more than 30 companies told lawmakers the bill would make it more difficult for piracy and counterfeit-selling websites to market their products to U.S. residents. The companies asked lawmakers to pass PROTECT IP in the Senate and introduce a similar bill in the House of Representatives.

In addition to the DNS blocking provisions, the bill would allow copyright holders to seek court orders requiring payment processors and online ad networks to stop doing business with allegedly infringing websites.

Copyright theft hurts the U.S. economy, said Richard Cotton, executive vice president and general counsel at NBC Universal. "Our message is simple: The broadband Internet cannot be a haven for Internet theft that kills American jobs," he said.

Marketers of counterfeit software take out search ads and put up sites that look legitimate, added Bruce Ghrist, vice president and associate general counsel at language software developer Rosetta Stone. In a recent two-month period, Rosetta Stone's customer service representatives received more than 1,000 complaints about malfunctioning pirated software that customers believed was legitimate, he said.

"It goes without saying that this can have a very corrosive effect on one's brand," he said.

Asked about concerns that the legislation would create security problems in the Internet's DNS, Cotton downplayed those concerns. ISPs are able to block other sites from subscribers, including malware and child pornography sites, he said.

The concern "clearly has no basis in reality," Cotton said. "That blocking activity is not remarkable."

But the blocking that occurs today comes as a service that ISP customers have agreed to, not generally as an attempt to keep Internet users away from sites they want to see, the engineers said. But malware and child pornography sites don't generate billions of page views, Kaminsky said.

"We think that the scale of the number of people who will engage in [looking for alternative DNS services] makes this something that should give pause to policymakers," Dagon added.

There is no good technical solution to block U.S. Internet users from accessing infringing foreign websites, Dagon said. "Were there such a technological solution, we wouldn't have waited for Congress," he added. "We would have used it 15 years ago, 20 years ago, against malware."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Subscribe to the Daily Downloads Newsletter

Comments