3 Whitepapers You Need To Read To Understand How SOPA Could Damage DNS And Decrease Security
November 22, 2011
I covered the basics of SOPA (HR.3261) and its companion bill in the Senate, S.968, the "PROTECT-IP Act", last week and and in the time since I wrote that post the public opposition to SOPA has mounted dramatically as people have come to understand what exactly these bills will do. Like many, I applaud the intent of these bills to protect intellectual property, but am concerned that the mandated mechanism of "DNS filtering" proposed by these bills will have serious negative consequences.
If you want to understand the technical issues with the proposed mechanism, there are three whitepapers I would recommend for reading - and for sharing with your legislators. (I've sent the links in to my representatives.) I'd note that the first two documents were prepared back in the spring of 2011 to address the U.S. Senate's version, the PROTECT-IP Act, but the mechanism proposed in SOPA is essentially the same.
- Internet Society Perspectives on Domain Name System (DNS) Filtering (direct link to English PDF)
In this easy-to-read paper, the Internet Society explains why DNS filtering is not a solution, how the mechanism can be easily circumvented and how it will "not solve the problem, interfere with cross-border data flows and services, and undermine the Internet as a single, unified, global communications network." The document discusses the issues of "collateral damage" of website blockage, explains some of the non-technical issues and provides links to further resources.
- Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill (PDF)
This whitepaper was written by 5 of the leading DNS designers, operators and researchers and dives into significant technical depth. In particular, it looks at how the proposed DNS filtering mechanism would break the implementation of DNSSEC, a newer method being deployed to help secure the DNS infrastructure. The paper, too, addresses how easily DNS filtering can be bypassed (and provides very simple examples demonstrating this) and the security issues that come with that circumvention. It also looks at the "collateral damage" issue, the impact to content delivery networks (CDNs) and the overall impact that DNS filtering would have to the Internet.
- Cybersecurity in the Balance: Weighing the Risks of the PROTECT IP Act and the Stop Online Piracy Act
This recent paper from Allan A. Friedman, a Fellow at the Brookings Institution, frames the SOPA/PROTECT-IP debate in terms of the impact to national cybersecurity. It again covers the issues with DNS filtering, impacts to DNSSEC, unintended consequences, etc., but does so from the point-of-view of how this will affect the cybersecurity position of the U.S., both domestically and at an international level.
All three of these papers are good to read (and share) to understand the technical weaknesses of the proposed solutions in SOPA/PROTECT-IP.
Please do pass them along so that people can understand the technical issues with these proposed solutions.
Image credit: jasonippolito on Flickr
Please note that this blog post represents my personal opinion and has no connection whatsoever to any employers or other organizations, either past or present.
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- subscribing to my email newsletter; or
- subscribing to the RSS feed
If you found this post interesting or useful, please consider either:
- following me on Mastodon;
- following me on Twitter;
- following me on SoundCloud;
- subscribing to my email newsletter; or
- subscribing to the RSS feed