Lawmakers could help cybercriminals with ill-considered Internet laws

Lawmakers really need a better understanding of the technology they are trying to legislate, lest they create the very thing they think they are trying to destroy.

"The net interprets censorship as damage and routes around it," said technologist and digital rights campaigner John Gilmore in 1993. As legislators the world over start trying to get to grips with new technologies such as the Internet, they would do well to take Gilmore's point to heart.

Last week's debacle with the Stop Online Piracy Act (SOPA), which the US government's blatantly biased House Judiciary Committee is trying to shuffle through to a vote without adequate discussion, is threatening exactly the kind of damage that the internet is so good at routing round.

One of the key provisions in SOPA is that the US government will be able to seek injunctions that would force ISPs to block accused websites at the DNS level, preventing users from accessing them. DNS, or domain name service, translates a numerical internet address into something easily remembered. For instance typing, takes you to, but for most people, it's a lot easier to remember than a string of numbers.


This is a ill-considered technical response to a non-technical, and some would say non-existent, problem. If passed, it would effectively break the internet by either failing to serve the site to requests made from inside the US or pushing internet surfers into using foreign DNS servers that weren't affected by US law.

DNS is clearly in western politicians' sights, not just the US, but the UK as well, with DNS blocking provisions built into the Digital Economy Act. In an interview with The Guardian, Google's executive chairman Eric Schmidt likened "website blocking as akin to China's restrictive internet regime".

"I would be very, very careful if I were a government about arbitrarily [implementing] simple solutions to complex problems," he said. "So, 'let's whack off the DNS'. Okay, that seems like an appealing solution but it sets a very bad precedent because now another country will say 'I don't like free speech so I'll whack off all those DNSs' - that country would be China.

"It doesn't seem right. I would be very, very careful about that stuff. If [the UK government] do it the wrong way it could have disastrous precedent setting in other areas."

But whenever there's an attempt to control the internet like this, the very people who create its infrastructure move to protect it. Says Ars Technica:

[O]ne group is looking to circumvent the threat of domain name blocking and censorship by essentially creating a new Internet top-level domain outside of ICANN control. Called Dot-BIT, the effort currently uses proxies, cryptography, and a small collection of DNS servers to create a section of the Internet's domain address space where domains can be provisioned, moved, and traded anonymously.

Dot-BIT's domains are "visible only to people who use a proxy service that draws address information from the project's distributed database, or to those using one of the project's two public DNS servers."

It may be too complicated to catch on, but it's the beginning of what is likely to become a widespread effort to make DNS more resilient, not just to censorship but also to DNS poisoning, where a DNS name server database (which directs a domain name to the website that it represents) is poisoned with inaccurate information and tries to forward web requests to the wrong place.

Poorly written bills that attempt to control the internet, whether they make it into law or not, simply point out to the technologists which areas of the internet are vulnerable, prompting either action to secure them or create workarounds. This means that those very people whom we, as a society, might actually like to censure are given cover by efforts to protect genuine speech.

Not all websites are good, some are based on the abuse of innocents and the exploitation of the vulnerable. Where an open, accountable and transparent effort to curtail access to such sites might gain the support of both the public and the technologists, efforts to create blanket controls that can, and sometimes are intended to be, used indiscriminately will result in a situation where it gets harder to protect the innocents online, not easier.

As a digital rights advocate, I can never support broad-brush DNS filtering, but in very specific, very damaging circumstances, such as child abuse, such measures are justified when carried out by an accountable and tightly controlled organisation acting on clear evidence. (I'll note that the organisation tasked with patrolling for child abuse sites in the UK, the Internet Watch Foundation, is entirely unaccountable and opaque, and is exactly the opposite of what is needed in a democratic society.)

The problem is that, by targeting DNS, politicians are encouraging technologists to create new systems that either circumvent or prevent DNS filtering. Those systems might even be more secure than existing DNS systems, but they also might make it easier to set up dark corners of the Internet that can then be exploited by the criminal elements that lurk in the internet's underbelly. Lawmakers really need a better understanding of the technology they are trying to legislate, lest they create the very thing they think they are trying to destroy.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.