from the yeah,-good-one,-guys dept
But perhaps the pinnacle of bullshit policy proposals from ITIF was that it was the organization (again, funded by the entertainment industry) that first proposed the basic framework of site blocking as a response to copyright infringement, back in 2009. The basis of that proposal was then turned into SOPA, leading ITIF to take a victory lap for creating what it believed was such a good law.
Of course, you know how that all went down. After actual technologists pointed out how problematic the ITIF approach to site blocking would be, and the public spoke up, the bill went nowhere. And ITIF is basically the sorest of sore losers. Last fall, ITIF published a bogus snarky "report" insisting that it's original SOPA plan for DNS blocking "did not break the internet." This, of course, conveniently misstates what was meant by "breaking the internet" when tech experts like Paul Vixie explained the problems with SOPA. It wasn't that the overall internet would just stop working or that fewer people would use it, but rather than basic ways in which the internet is expected to function (I reach out to this DNS entry, I get back the proper response) would fail, and that would open up opportunities for serious mischief, from man in the middle attacks to breaking how certain security protocols work.
But ITIF just can't let it go. This week it published a new report, once again using snark to insist that the internet didn't break: How Website Blocking Is Curbing Digital Piracy Without "Breaking the Internet." But its "evidence" is pretty suspect. It relies heavily on a recent report from some Carnegie Mellon professors, but leaves out the fact that those professors run a research center that was launched with a massive grant... from the MPAA. It also quotes papers from NetNames (funded by NBC Universal) and the Digital Citizens Alliances (a secretive MPAA front group that was a core component to the MPAA's "Project Goliath" plan to attack Google).
The paper is full of misleading statements and half truths. Take this for example:
In the vitriolic debates over the Stop Online Piracy Act (SOPA) in the United States, many opponents of taking action to limit access to foreign websites dedicated to piracy argued that website blocking would “break the Internet,” although they never satisfactorily explained how this breakage would occur or why the Internet was not already broken, since some site blocking already existed before the SOPA debate. Nonetheless, no policymaker wanted to be accused of being responsible for breaking the Internet. Five years later, we have evidence to evaluate. Meanwhile, 25 nations have enacted policies and regulations regarding website blocking to find a better balance between preserving the benefits of a free and open Internet and efforts to stop crimes such as digital piracy. And the Internet still works just fine in these nations.Actually lots of people pretty clearly explained how and why it would break things -- including tech superstars like Paul Vixie and, yes, even Comcast, the owner of NBC Universal, an MPAA member. This is from Comcast:
When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was "official" and caused by our redirect service or "unofficial" and caused by an attacker), our priority has been placed on DNSSEC deployment -- now automatically protecting our customers...The non-technical policy wonks at ITIF might not understand this "technical" speak, but what Comcast is saying here is that using DNS blocking is a massive security risk. It doesn't mean that the internet itself "stops working" altogether, but that a core way that the internet is expected to work no longer does, and that exposes lots of people to lots of mischief.
ITIF, of course, will then point to the fact that 25 countries have implemented DNS blocking, and since they haven't seen the internet "stop" working in those places, they assume it's fine. This is dubious on two accounts. First, much of the mischief that can be caused by DNS blocking won't be directly observable to the public. ITIF really is in no position to know what kind of mischief is now enabled thanks to DNS blocking in those countries, but it won't be surprising to see that it eventually leads to security nightmares. The second is more fundamental: many people in those countries now use VPNs to virtually transport themselves elsewhere to get around these blocks. Many, in fact, transport themselves to the US to access things here. But, put in place site blocking in the US, where a huge percentage of internet traffic happens, and the opportunities for massive mischief increase quite a lot. But ITIF is too clueless to understand this.
In fact, the only "problem" that ITIF says might come up with DNS blocking is that it might take down multiple servers behind the same DNS, but which ITIF insists is easy to fix. ITIF also insists that such a small percentage of people use VPNs, getting around DNS blocking won't be much of a problem. Though, hilariously, they then admit that the methods to get around DNS blocking could put users at risk. But ITIF never puts two and two together to recognize how DNS blocking puts more people at risk.
Critics claim that DNS blocking, like IP blocking, will cause “collateral damage” due to the risk of over-blocking, as a single domain can host many websites through website extensions.26 However, this risk can be addressed by implementing DNS blocking at the subdomain level (e.g. www.piracysite.maindomain.com instead of www.maindomain.com)....You know what else will mean you can't trust the results from a DNS server? DNS blockades! That's the "breaking" of the internet that Vixie and others were talking about. Which ITIF still doesn't comprehend.
[....] Many, if not most, consumers have low levels of computer literacy and certainly are not sophisticated enough to understand how to manipulate the DNS settings in the network configuration of their computers, mobile phones, and other Internet-connected devices. Furthermore, users who switch DNS servers can expose themselves to many security risks if they cannot trust the responses from these servers.
Later in the report, ITIF also claims that people who worried about DNS blocking for copyright infringement were "fine" for it in blocking malware:
The irony is that just months before leading opponents stated their opposition to website blocking, a key opponent said it was okay to block domains that spread malware and that this could be done without harming the Internet itself.I'll just note that basically every other sentence in that paragraph has a footnote as a source for the information... but that sentence conveniently has no footnote. I've looked at the other footnoted links in that paragraph and none of them involve "leading opponents" supporting DNS blocking for malware. So I'm curious how ITIF's sourcing on this key point seems to have magically disappeared.
There's more in the ITIF report, but it's basically fighting the same old war: it lost on SOPA, but ITIF can't let it go. And so it's not just fighting, but fighting dishonestly. It takes quotes out of context, makes misleading statements and doesn't seem to actually understand the core technological issues at play here. And it would be at least marginally more compelling if every study it cited (and ITIF itself) weren't funded by the MPAA, the main driver behind SOPA.