from the scorched-earth dept
Last week, reports began to emerge that internet users were unable to access The Pirate Bay and other BitTorrent-focused websites. Ultimately it was discovered that this was courtesy of transit provider Cogent, which was blackholing an undetermined number of IP addresses allegedly linked to copyright infringement. The IP addresses in question didn't belong to the websites -- but to popular CDN provider Cloudflare. All told, Cogent's blockade impacted around twenty different websites -- but the impact was global, with ISP users worldwide unable to access these IP addresses if they traveled the Cogent network.
Initially, Cogent wouldn't comment whatsoever on why this was occurring, but later confirmed to Ars Technica that the company had received a Spanish court order (it's not clear if it's the same 2015 order demanding Cogent block access to music streaming website Goear.com). Cogent was vague about the order itself, but did confirm that The Pirate Bay was blocked -- despite it not being a target of the court order. Subsequent routing checks confirmed the impact was global across Cogent's footprint.
As we've seen time and time again, actual pirates with just a modicum of technical knowledge utilize a variety of tools (VPNs most specifically) to tap dance around such restrictions, making these filtering efforts ham-fisted "solutions" that cause more problems for the internet and end users than they traditionally solve. In talking to Ars, Cogent acknowledged the potential "collateral impact" that such orders and filters can cause, especially when applied globally at scale to multihosting transit operators like Cloudfare, where one IP address may be home to multiple, unrelated websites:
"Cogent went on to say that “as a general matter, courts may require Cogent, as an ISP, to take certain actions with respect to a third-party website, an IP address or block of IP addresses. If Cogent’s customer decides to commingle traffic from the website that is the target of the court order with the traffic of other websites, the other websites that point to the same block of IP addresses may be adversely affected. When a Cogent customer controls the affected IP addresses, Cogent does not have the ability to know ahead of time what other websites may be affected or to control the collateral impact on these other websites. When collateral effects occur, we do work with our customer to try and mitigate the effects on others websites."
While U.S. net neutrality rules do prohibit network providers from blocking specific websites, exceptions were carved into the rules governing copyright infringement. Cloudfare, which helps websites improve performance and fend off DDoS attacks, can manage its IP addresses in such a way to help Cogent comply with court orders more narrowly. But this becomes arguably untenable when dealing with multiple court orders, all dealing with different websites and ISPs at global scale. Take the kind of filtering collateral damage we've long seen, and apply it globally in disjointed chorus.
Cloudfare often pops up as an entertainment industry bogeyman simply because its services often obscure the real origin server from the end users. But Cloudfare's General Counsel Doug Kramer was quick to complain that these sorts of orders, especially if poorly crafted and targeting core transit networks, can have a broad impact on the general health of the internet:
"This is part of the danger you get into when you start to censor the Internet or you get orders to pull things down,” Kramer said. “It may not be so easy to limit access to a specific domain," or to make sure a block applies only in a certain country. Cogent, and not Cloudflare, is the company that had to implement the block, but Cloudflare is “trying to set up a technical system where Cogent can respond to the order that they’ve been given, but within the narrow scope of that and not have impacts that go beyond that," Kramer said."
Kramer also pointed out that it might be important to understand how the internet works before you set about chopping giant holes in it via court order:
"It’s important for courts to understand how Internet systems work so they can write orders that don’t end up having unintended consequences,” Kramer stresses. "As a company, Cloudflare believes strongly in an open, free, and secure Internet. And it is also our policy to fully comply with legitimate court process," Cloudflare’s General Counsel says. "This can be challenging at times, especially when courts target backbone providers and don’t understand fully how they work. Cloudflare takes steps to make sure those court orders don’t lead to unintended impacts."
Take the non-transparent, ham-fisted, and ultimately futile filtering efforts we've come to know and love, and apply them at global scale, with little to no real concern about the obvious unintended impact on the health of the internet itself. What could possibly go wrong?