Congress Considers Controversial DNS Filtering Bill

Under Protect IP, the government could force search engines to block websites accused of illegally hosting copyrighted material or selling prescription medicine.

Mathew Schwartz

June 2, 2011

4 Min Read
Network Computing logo

On Thursday, the Senate Judiciary Committee unanimously voted to approve a controversial bill that would enable the government to require U.S. companies to block DNS entries for, and thus access to, any websites accused of pirating intellectual property or selling prescription medicine.

Introduced last month by Senator Patrick Leahy (D-Vt.), "the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011," aka Protect IP, would target websites "dedicated to infringing activities," such as pirating software or selling prescription medicine.

But since many of the offending websites are hosted abroad, it would also compel search engines, payment processors, advertising networks, and Internet service providers to comply with court-ordered takedowns. "These third parties would then be required to take appropriate action to either prevent access to the Internet site (in the case of an Internet service provider or search engine), or cease doing business with the Internet site (in the case of a payment processor or advertising network)," said Leahy at a meeting of the Senate Judiciary Committee on Thursday.

The bill would also offer protection against damages for organizations that voluntarily cease doing business with an organization that's infringing intellectual property, if the site in question "endangers the public health" by selling prescription medicine.

At the moment, Protect IP is in limbo. That's because after the Senate Judiciary Committee unanimously approved the bill, Senator Ron Wyden (D-Ore.) put a hold on it, which at least temporarily prevents the bill from being voted on by the full Senate. In a statement, Wyden said that his concerns with the bill include its effect on free speech, innovation, and economic growth, and criticized it for taking "an overreaching approach to policing the Internet when a more balanced and targeted approach would be more effective." His hold was a repeat of a hold he placed on similar legislation, Combating Online Infringements and Counterfeits Act (COICA), last year.

Despite the hold, the bill has strong backing from a number of organizations, including the Motion Picture Association of America, the AFL-CIO, as well as a bipartisan group of senators.

Microsoft has also backed the bill. "We are committed to helping ensure that copyright is respected in the online environment, said the company's general counsel, Brad Smith, in a blog post. "We look forward to working with others as this bill advances toward enactment."

One company that isn't backing Protect IP, however, is Google. Two weeks ago, Eric Schmidt, Google's chairman, said that the company would resist attempts to impose access restrictions on any given website. "I would be very, very careful if I were a government about arbitrarily [implementing] simple solutions to complex problems," he said, according to the Guardian. "So, 'let's whack off the DNS.' Okay, that seems like an appealing solution but it sets a very bad precedent because now another country will say 'I don't like free speech so I'll whack off all those DNSs'--that country would be China."

But whatever one's views on enforcing intellectual property rights, a new report from five leading Internet security and technology experts argues that the DNS filtering required by one section of the proposed bill wouldn't really help solve intellectual property theft. The report was co-authored by Steve Crocker (Shinkuro), David Dagon (Georgia Tech), Dan Kaminsky (DKH), Danny McPherson (Verisign), and Paul Vixie (Internet Systems Consortium).

"DNS filters would be evaded easily, and would likely prove ineffective at reducing online infringement," they said in the report. "Further, widespread circumvention would threaten the security and stability of the global DNS." That's because a concerted effort to block access to websites by making their DNS information disappear could create a shadow DNS system administered not by service providers, but rogue website operators. That would create numerous security challenges, since today's information security tools are predicated on DNS being supplied by trusted service providers. According to the report, "migration away from ISP-provided DNS servers would harm efforts that rely on DNS data to detect and mitigate security threats and improve network performance."

In addition, the report said that redirecting users to other sites may conflict with DNS Security Extensions (DNSSEC), upon which many private businesses, as well as the U.S. government, rely on for security.

As a result, "if implemented, this section of the PROTECT IP Act would weaken this important effort to improve Internet security," according to the report. "It would enshrine and institutionalize the very network manipulation that DNSSEC must fight in order to prevent cyberattacks and other malevolent behavior on the global Internet, thereby exposing networks and users to increased security and privacy risks."

In this new Tech Center report, we profile five database breaches--and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk. Download it here (registration required).

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights