DNS Filtering Requirements in the PROTECT IP Bill (pdf) is worth a read. The five authors are incredibly well respected, and the entertainment industry folks who are trying to claim this paper can be ignored are going to come out of this looking quite silly.
These are concerns that shouldn't be taken lightly. The paper's authors also make it clear that they're not in favor of infringement, and in fact support enforcement of IP laws. They just recognize that this particular solution is dumb and counterproductive:
Two likely situations ways can be identified in which DNS filtering could lead to non-targeted
and perfectly innocent domains being filtered. The likelihood of such collateral damage means
that mandatory DNS filtering could have far more than the desired effects, affecting the stability
of large portions of the DNS.
First, it is common for different services offered by a domain to themselves have names in some
other domain, so that example.com’s DNS service might be provided by isp.net and its e-mail
service might be provided by asp.info. This means that variation in the meaning or accessibility
of asp.info or isp.net could indirectly but quite powerfully affect the usefulness of example.com.
If a legitimate site points to a filtered domain for its authoritative DNS server, lookups from
filtering nameservers for the legitimate domain will also fail. These dependencies are
unpredictable and fluid, and extremely difficult to enumerate. When evaluating a targeted
domain, it will not be apparent what other domains might point to it in their DNS records.
In addition, one IP address may support multiple domain names and websites; this practice is
called “virtual hosting” and is very common. Under PROTECT IP, implementation choices are
(properly) left up to DNS server operators, but unintended consequences will inevitably result. If
an operator or filters the DNS traffic to and from one IP address or host, it will bring down all of
the websites supported by that IP number or host. The bottom line is that the filtering of one
domain name or hostname can pull down unrelated sites down across the globe.
Second, some domain names use “subdomains” to identify specific customers. For example,
blogspot.com uses subdomains to support its thousands of users; blogspot.com may have
customers named Larry and Sergey whose blog services are at larry.blogspot.com and
sergey.blogspot.com. If Larry is an e-criminal and the subject of an action under PROTECT IP,
it is possible that blogspot.com could be filtered, in which case Sergey would also be affected,
although he may well have had no knowledge of Larry’s misdealings. This type of collateral
damage was demonstrated vividly by the ICE seizure of mooo.com, in which over 84,000
subdomains were mistakenly filtered.
The defenders of propping up the business models of dying industries will brush these unintended consequences as no big deal or a 'small issue' at the expense of 'saving' the entertainment industry. This is because they don't understand the technology at play, the First Amendment or the nature of collateral damage. It's pretty ridiculous in this day and age that we still have to deal with technically illiterate 'policy people' and politicians trying to regulate technology they clearly have little knowledge about. Only those who don't understand the technology think the collateral damage described above is minimal.
Permalink | Comments | Email This Story
"kw: mesh, networking, freedom, p2p, internet, bitcoin, asterisk, google, google voice, android, root, free, wireless, data, linux, voip, voice
No comments:
Post a Comment