Skip to content

More on Security but with an IP Twist

Many IP profs watch legislation, and we write about the way proposed laws are good or bad or wise or imprudent. I think the way the IP and online space are going will require more on the technology side. For example, the recent debates on the PROTECT IP Bill and SOPA had some interesting comments and observations about the security side of the way the bills would work. Stephen Cobb’s post captures the issue well.

He noted that on the one hand, the FBI had shut down a DNS changer fueled operation that “redirect[ed] infected computers to rogue websites.” As he explained, “The sheer scale of this DNSChanger scam is likely to increase the momentum for technology that makes it harder to subvert DNS for illegal purposes namely DNSSEC, short for DNS Security Extensions. The goal of DNSSEC is to protect the Internet from certain attacks, such as DNS cache poisoning, man-the-middle attacks, and the kind of DNS changing the FBI has so dramatically brought to light.”

On the other hand the proposed bills use the same technique to achieve their goals. “These bills would require DNS server operators in the US to replace the correct IP address for a website with an alternate address provided by the Attorney General’s office, if the website was “infringing.”

Mr Cobb captures a view that I think reflects what many in security believe. Finding solutions to online IP issues is not a bad idea. But the model on the table right now “is fundamentally incompatible with DNSSEC, a technology that will, if it is allowed to proceed, make many parts of the Internet more resistant to abuse, and expand the possibilities for lawful and profitable business in cyberspace. While the FBI and other law enforcement are working hard to stop the bad guys making millions by infecting our computers and subverting DNS it seems unwise to give private companies the ability to go ahead and change DNS armed only with court orders.”

And for those who want to get a bit more deep on the tech, Mr. Cobb offers “the whitepaper by Paul Vixie and other Internet lunimaries “Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill” (pdf file).