Why PROTECT IP Breaks The Internet

from the collateral-damage dept

Last year, after the entertainment foisted COICA on an unsuspecting public, Paul Vixie -- a guy you should listen to when he's concerned about the technical impact of something on the internet -- explained why COICA's reliance on DNS block was incredibly stupid. Not only would it not work, but it would fundamentally fracture the way the internet works, creating massive collateral damage. Last week, when the Senate Judiciary Committee pushed forward with PROTECT IP, we mentioned in passing a new report from Vixie and other internet technology gurus explaining why PROTECT IP's focus on the DNS system would cause tremendous damage. While we had mentioned it, lots of folks keep submitting it, and judging from the ridiculous claims of those in favor of PROTECT IP, the folks in DC pushing for this bill are apparently still ignorant of what the report says -- so we're posting about it again. The report, titled Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill (pdf) is worth a read. The five authors are incredibly well respected, and the entertainment industry folks who are trying to claim this paper can be ignored are going to come out of this looking quite silly.

These are concerns that shouldn't be taken lightly. The paper's authors also make it clear that they're not in favor of infringement, and in fact support enforcement of IP laws. They just recognize that this particular solution is dumb and counterproductive:
Two likely situations ways can be identified in which DNS filtering could lead to non-targeted and perfectly innocent domains being filtered. The likelihood of such collateral damage means that mandatory DNS filtering could have far more than the desired effects, affecting the stability of large portions of the DNS.

First, it is common for different services offered by a domain to themselves have names in some other domain, so that example.com’s DNS service might be provided by isp.net and its e-mail service might be provided by asp.info. This means that variation in the meaning or accessibility of asp.info or isp.net could indirectly but quite powerfully affect the usefulness of example.com. If a legitimate site points to a filtered domain for its authoritative DNS server, lookups from filtering nameservers for the legitimate domain will also fail. These dependencies are unpredictable and fluid, and extremely difficult to enumerate. When evaluating a targeted domain, it will not be apparent what other domains might point to it in their DNS records.

In addition, one IP address may support multiple domain names and websites; this practice is called “virtual hosting” and is very common. Under PROTECT IP, implementation choices are (properly) left up to DNS server operators, but unintended consequences will inevitably result. If an operator or filters the DNS traffic to and from one IP address or host, it will bring down all of the websites supported by that IP number or host. The bottom line is that the filtering of one domain name or hostname can pull down unrelated sites down across the globe.

Second, some domain names use “subdomains” to identify specific customers. For example, blogspot.com uses subdomains to support its thousands of users; blogspot.com may have customers named Larry and Sergey whose blog services are at larry.blogspot.com and sergey.blogspot.com. If Larry is an e-criminal and the subject of an action under PROTECT IP, it is possible that blogspot.com could be filtered, in which case Sergey would also be affected, although he may well have had no knowledge of Larry’s misdealings. This type of collateral damage was demonstrated vividly by the ICE seizure of mooo.com, in which over 84,000 subdomains were mistakenly filtered.
The defenders of propping up the business models of dying industries will brush these unintended consequences as no big deal or a "small issue" at the expense of "saving" the entertainment industry. This is because they don't understand the technology at play, the First Amendment or the nature of collateral damage. It's pretty ridiculous in this day and age that we still have to deal with technically illiterate "policy people" and politicians trying to regulate technology they clearly have little knowledge about. Only those who don't understand the technology think the collateral damage described above is minimal.

Filed Under: dns, internet, paul vixie, protect ip


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Jeni (profile), 2 Jun 2011 @ 5:25am

    Buggy Whips

    That "buggy whips" analogy is getting really old.

    Boy, reading through the comments I lost my original train of thought - it's like a zoo around here at times.

    But I do have one question, if anyone would be so kind...why is it that just because tech savvy people - and even some of us not-quite-as-tech-savvy-but-sort-of-tech-savvy people who have serious concerns about this invasive and unconstitutional "PROTECT IP" bull, are constantly labeled "pirates", "Thieves", etc.?

    I don't understand this - maybe I haven't been participating long enough, IDK, but it continues to baffle me because I'm a long-time advocate of privacy and respect for the privacy of others and my own. That is all that drives my sentiments on this issue.

    These laws are insane. Utterly and completely insane. And it's really quite scary to see people actually think it's "Okay" and should be enacted.

    I pay my cable company a hefty monthly fee. I subscribe to a movie tier. I get lots of channels of both music and TV shows in addition to the movie tier. When I watch a movie on that movie tier, or a weekly series on my television screen, it's okay. If I watch it on my computer at a time that is more convenient for me - which, BTW, I pay the same company to access the Internet - suddenly some of you want to label me a "pirate" or a "thief"?

    What am I missing here?

    "Kool-aid" must be doing quite a business these days...

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.