Security Consultants Warn About PROTECT-IP Act

epee1221 writes "Several security professionals released a paper raising objections to the DNS filtering(PDF) mandated by the proposed PROTECT-IP Act. The measure allows courts to require Internet service providers to redirect or block queries for a domain deemed to be infringing on IP laws. ISPs will not be able to improve DNS security using DNSSEC, a system for cryptographically signing DNS records to ensure their authenticity, as the sort of manipulation mandated by PROTECT-IP is the type of interference DNSSEC is meant to prevent. The paper notes that a DNS server which has been compromised by a cracker would be indistinguishable from one operating under a court order to alter its DNS responses. The measure also points to a possible fragmenting of the DNS system, effectively making domain names non-universal, and the DNS manipulation may lead to collateral damage (i.e. filtering an infringing domain may block access to non-infringing content). It is also pointed out that DNS filtering does not actually keep determined users from accessing content, as they can still access non-filtered DNS servers or directly enter the blocked site's IP address if it is known. A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West.' Paul Vixie, a coauthor of the paper, elaborates in his blog."

Decay?

[wsxyz]

When was the Internet anything other than a "lawless wild west"?

typical users

[buback]

15 years ago, 'typical users' didn't know how to use napster. 6 years ago, 'typical users' didn't know how to bittorrent.

This kind of argument shows how little they've learned.

Re:typical users

[TubeSteak]

The typical user knows exactly as much as they need to (or slightly less) in order to go about their business.
When schools and businesses started filtering video/social networking/etc the "typical" user was introduced to web based proxies.
If the **AA manages to push through DNS tampering, the typical user will be introduced to alternative DNS servers and even more proxies.

The internet routes around damage.

Idiots

[governorx]

The typical users will quickly learn how to set their DNS providers if this comes to pass.

Re:Idiots

[black3d]

How can that be a good thing by any means? "Deemed to be infringing" is extremely broad. I've had cease and desists sent to my own website for MP3s of my own music which I own entirely. With this law, they don't even need to attempt to prosecute me. They just file notice with the court that my domain is "infringing" and suddenly my hits go to 0. I have no right of reply as I've never been served.

I intend no personal insult, but you seem to forget that what the US courts deem as "infringing" draws no parallels to actual international copyright law. For example, a site which contains no pirated material but contains links to it, is considered as infringing under US copyright laws (see DMCA). If you haven't noticed, the MPAA and RIAA will stop at nothing and have no qualms about how many people they inconvenience. Baidu.cn contains an MP3 section. Does it host MP3s? No. Does that matter to a court which orders all ISPs to block access to Baidu as a result? Of course not.

This law like this gives the MPAA the legal right to have Google.com blocked until it removes all links to pirated material. I don't believe they'd hesitate for a second. Although TBH, they probably need it, in order to search for more meta sites which may or may not link to "deemed infringing" material. Like my personal music.

While of course, this horrific scenario may not occur, the point is, this will allow the MPAA to go nuts. They don't care if they knock out 10,000 sites like my own. They don't have to serve me, so there's no case to win. And when they get it wrong, I can't sue the MPAA, because the MPAA didn't make the "ruling", the court did.

They'll happily have Metacafe block because some video has a soundtrack they own, or have any NNTP Usenet provider closed because, despite all their legal offerings, they can be deemed to be serving infringing material. A Safe-Harbour doesn't apply here as they're not actually filing a DMCA takedown. They're just having the court look at all the pirated material and say "this means ISPs have to block them." Goodbye Giganews. I'm sure such sites can go through and remove all material deemed infringing, but exactly how do you go about doing this? MPAA doesn't care - they only have to prove one instance of pirated material. Yet before, say, Giganews can file an appeal, they have to go about removing all potentially infringing material from their usenet mirror? For that matter, how does Google go about removing all links to "potentially infringing" material from their servers?

Re:politicians (hock...patoooiiiii)

[DigiShaman]

That's the intent. To create a law that addresses one political issue while at the same time creating several new problems. THIS IS BY DESIGN. It's the political gift that keeps on giving back to legislatures. It's purely justification to expand the government at the expense of public tax dollars. How in the fuck this is news to anyone proves we still live in a sick, sad world. It should be ingrained into every child from birth that large government = evil!

Re:Wrong, there are laws, and this breaks one of t

[EdIII]

True statement? Really?

A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West.'

Hmmmmmmm. Let me rephrase that differently.....

An inter-office memo from Microsoft was recently released with a statement by an executive arguing that the typical user lacks the expertise to choose a different browser and that apathy and ignorance will allow the Internet to continue to be dominated by Internet Explorer and that the Internet will not devolve into a Wild West of open source competitors taking away market share and that governments and states will not get involved via lawsuits and legislation to affect Microsoft negatively .

You screw around with DNS too hard and you will find that people will fight back. Of course their warnings about fragmentation will most likely be true very quickly. How much of an excuse does China need to form its own root servers and DNS? It would certainly only help them to create and control DNS resolution and to ban all DNS queries to outside networks period. The EU will probably form its own, and interestingly, will probably pick up well over half the US market.

Seriously? Would you choose a DNS "network" that bypasses due process and exposes you to impossible business risks for you and your customers, or a DNS "network" operated without such risks?

When installing IE9 now I can see options on changing default search engines. You can choose default programs now too. Did you think you would see that 5 years ago?

I am willing to bet that if it gets bad enough, even router manufacturers will start giving choices and that open source browsers themselves will start making it easy to configure a computer to use alternate DNS servers, even if it is just for the browser itself.

So far, they have not affected enough people yet, not all that many in actuality, but how much are we arguing about it right now? All they have done is stare at the hornets nest, just wait till they actually throw a rock.